Added support to directly connect also to Microsoft SQL Server database.

Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2025-12-29 10:59:03 +00:00 · 2010-03-31 10:50:47 +00:00
parent d583cc07e7
commit 5fdebb5d5b
22 changed files with 205 additions and 223 deletions
--- a/plugins/generic/connector.py
+++ b/plugins/generic/connector.py
@@ -22,8 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  021101301  USA
 """

+import os
+
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapUndefinedMethod

 class Connector:
@@ -48,12 +51,29 @@ class Connector:
        logger.info(infoMsg)
        
    def closed(self):
-        self.connector = None
-        self.cursor = None
        infoMsg = "connection to %s server %s" % (conf.dbms, self.hostname)
        infoMsg += ":%d closed" % self.port
        logger.info(infoMsg)

+        self.connector = None
+        self.cursor = None
+
+    def setCursor(self):
+        self.cursor = self.connector.cursor()
+
+    def getCursor(self):
+        return self.cursor
+
+    def close(self):
+        self.cursor.close()
+        self.connector.close()
+        self.closed()
+
+    def checkFileDb(self):
+        if not os.path.exists(self.db):
+            errMsg = "the provided database file '%s' does not exist" % self.db
+            raise sqlmapFilePathException, errMsg
+
    def connect(self):
        errMsg  = "'connect' method must be defined "
        errMsg += "into the specific DBMS plugin"
@@ -73,16 +93,3 @@ class Connector:
        errMsg  = "'select' method must be defined "
        errMsg += "into the specific DBMS plugin"
        raise sqlmapUndefinedMethod, errMsg
-
-    def setCursor(self):
-        errMsg  = "'setCursor' method must be defined "
-        errMsg += "into the specific DBMS plugin"
-        raise sqlmapUndefinedMethod, errMsg
-
-    def getCursor(self):
-        return self.cursor
-
-    def close(self):
-        errMsg  = "'close' method must be defined "
-        errMsg += "into the specific DBMS plugin"
-        raise sqlmapUndefinedMethod, errMsg
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -149,7 +149,7 @@ class Enumeration:
            if value:
                kb.data.cachedUsers = value

-        if not kb.data.cachedUsers:
+        if not kb.data.cachedUsers and not conf.direct:
            infoMsg = "fetching number of database users"
            logger.info(infoMsg)

@@ -232,7 +232,7 @@ class Enumeration:
                    else:
                        kb.data.cachedUsersPasswords[user].append(password)

-        if not kb.data.cachedUsersPasswords:
+        if not kb.data.cachedUsersPasswords and not conf.direct:
            if conf.user:
                if "," in conf.user:
                    users = conf.user.split(",")
@@ -464,7 +464,7 @@ class Enumeration:
                    else:
                        kb.data.cachedUsersPrivileges[user] = list(privileges)

-        if not kb.data.cachedUsersPrivileges:
+        if not kb.data.cachedUsersPrivileges and not conf.direct:
            conditionChar = "="

            if conf.user:
@@ -649,7 +649,7 @@ class Enumeration:
            if value:
                kb.data.cachedDbs = value

-        if not kb.data.cachedDbs:
+        if not kb.data.cachedDbs and not conf.direct:
            infoMsg = "fetching number of databases"
            logger.info(infoMsg)

@@ -733,7 +733,7 @@ class Enumeration:
                    else:
                        kb.data.cachedTables[db].append(table)

-        if not kb.data.cachedTables:
+        if not kb.data.cachedTables and not conf.direct:
            if conf.db:
                if "," in conf.db:
                    dbs = conf.db.split(",")
@@ -881,7 +881,7 @@ class Enumeration:
                table[conf.tbl] = columns
                kb.data.cachedColumns[conf.db] = table

-        if not kb.data.cachedColumns:
+        if not kb.data.cachedColumns and not conf.direct:
            infoMsg  = "fetching number of columns "
            infoMsg += "for table '%s'" % conf.tbl
            infoMsg += " on database '%s'" % conf.db
@@ -1298,8 +1298,10 @@ class Enumeration:
            colList = conf.col.split(",")
            kb.data.cachedColumns[conf.db] = {}
            kb.data.cachedColumns[conf.db][conf.tbl] = {}
+
            for column in colList:
                kb.data.cachedColumns[conf.db][conf.tbl][column] = None
+
        elif not kb.data.cachedColumns:
            if kb.dbms == "MySQL" and not kb.data.has_information_schema:
                errMsg  = "information_schema not available, "
@@ -1359,7 +1361,7 @@ class Enumeration:

                    index += 1

-        if not kb.data.dumpedTable:
+        if not kb.data.dumpedTable and not conf.direct:
            infoMsg = "fetching number of "
            if conf.col:
                infoMsg += "columns '%s' " % colString