PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-02 21:09:01 +00:00
Code Issues Projects Releases Wiki Activity

Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Browse Source 
Minor layout adjustments.
This commit is contained in:
Bernardo Damele
2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/request/connect.py
View File

@@ -38,6 +38,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import sanitizeAsciiString
from lib.core.exception import sqlmapConnectionException
from lib.core.settings import SQL_STATEMENTS
from lib.request.basic import decodePage
from lib.request.basic import forgeHeaders
from lib.request.basic import parseResponse
@@ -263,6 +264,38 @@ class Connect:
string match check ('--string' command line parameter)
"""
if conf.direct:
values = None
select = False
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if value.lower().startswith(sqlStatement) and sqlTitle == "SQL SELECT statement":
select = True
break
if select:
values = conf.dbmsConnector.select(value)
else:
values = conf.dbmsConnector.execute(value)
if values is None or len(values) == 0:
return None
elif content:
if len(values) == 1:
if len(values[0]) == 1:
return str(list(values)[0][0]), None
else:
return list(values), None
else:
return values, None
else:
for value in values:
if value[0] == 1:
return True
else:
return False
get = None
post = None
cookie = None

45
lib/request/inject.py
View File

@@ -37,6 +37,7 @@ from lib.core.data import logger
from lib.core.data import queries
from lib.core.data import temp
from lib.request.connect import Connect as Request
from lib.core.settings import SQL_STATEMENTS
from lib.techniques.inband.union.use import unionUse
from lib.techniques.blind.inference import bisection
from lib.utils.resume import queryOutputLength
@@ -350,6 +351,32 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
(if selected).
"""
if conf.direct:
expression = agent.payloadDirect(expression)
values = None
select = False
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if expression.lower().startswith(sqlStatement) and sqlTitle == "SQL SELECT statement":
select = True
break
if select:
values = conf.dbmsConnector.select(expression)
else:
values = conf.dbmsConnector.execute(expression)
if values is None or len(values) == 0:
return None
elif len(values) == 1:
if len(values[0]) == 1:
return str(list(values)[0][0])
else:
return list(values)
else:
return values
expression = cleanQuery(expression)
expression = expandAsteriskForColumns(expression)
value = None
@@ -387,6 +414,24 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
def goStacked(expression, silent=False):
expression = cleanQuery(expression)
if conf.direct:
expression = agent.payloadDirect(expression)
values = None
select = False
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if expression.lower().startswith(sqlStatement) and sqlTitle == "SQL SELECT statement":
select = True
break
if select:
values = conf.dbmsConnector.select(expression)
else:
values = conf.dbmsConnector.execute(expression)
return None, None
debugMsg = "query: %s" % expression
logger.debug(debugMsg)