Added support to directly connect also to Microsoft SQL Server database.

Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2025-12-06 20:51:31 +00:00 · 2010-03-31 10:50:47 +00:00
parent d583cc07e7
commit 5fdebb5d5b
22 changed files with 205 additions and 223 deletions
--- a/plugins/dbms/sqlite/connector.py
+++ b/plugins/dbms/sqlite/connector.py
@@ -39,7 +39,7 @@ class Connector(GenericConnector):
    User guide: http://docs.python.org/release/2.5/lib/module-sqlite3.html
    API: http://docs.python.org/library/sqlite3.html
    Debian package: python-pysqlite2
-    License: zlib/libpng
+    License: MIT

    Possible connectors: http://wiki.python.org/moin/SQLite
    """
@@ -47,11 +47,9 @@ class Connector(GenericConnector):
    def __init__(self):
        GenericConnector.__init__(self)

-    def connect(self, reuse=True):
-        if reuse and self.connector:
-            return
-
+    def connect(self):
        self.initConnection()
+        self.checkFileDb()

        try:
            self.connector = sqlite3.connect(database=self.db, timeout=conf.timeout)
@@ -75,19 +73,11 @@ class Connector(GenericConnector):
            self.cursor.execute(query)
        except sqlite3.OperationalError, msg:
            logger.log(8, msg[0])
-        except sqlite3.Error, msg:
+        except sqlite3.DatabaseError, msg:
            raise sqlmapConnectionException, msg[0]

        self.connector.commit()

    def select(self, query):
-        self.cursor.execute(query)
-        return self.cursor.fetchall()
-
-    def setCursor(self):
-        self.cursor = self.connector.cursor()
-
-    def close(self):
-        self.cursor.close()
-        self.connector.close()
-        self.closed()
+        self.execute(query)
+        return self.fetchall()