Added support to directly connect also to Microsoft SQL Server database.

Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2025-12-07 05:01:30 +00:00 · 2010-03-31 10:50:47 +00:00
parent d583cc07e7
commit 5fdebb5d5b
22 changed files with 205 additions and 223 deletions
--- a/plugins/generic/connector.py
+++ b/plugins/generic/connector.py
@@ -22,8 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  021101301  USA
 """

+import os
+
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapUndefinedMethod

 class Connector:
@@ -48,12 +51,29 @@ class Connector:
        logger.info(infoMsg)
        
    def closed(self):
-        self.connector = None
-        self.cursor = None
        infoMsg = "connection to %s server %s" % (conf.dbms, self.hostname)
        infoMsg += ":%d closed" % self.port
        logger.info(infoMsg)

+        self.connector = None
+        self.cursor = None
+
+    def setCursor(self):
+        self.cursor = self.connector.cursor()
+
+    def getCursor(self):
+        return self.cursor
+
+    def close(self):
+        self.cursor.close()
+        self.connector.close()
+        self.closed()
+
+    def checkFileDb(self):
+        if not os.path.exists(self.db):
+            errMsg = "the provided database file '%s' does not exist" % self.db
+            raise sqlmapFilePathException, errMsg
+
    def connect(self):
        errMsg  = "'connect' method must be defined "
        errMsg += "into the specific DBMS plugin"
@@ -73,16 +93,3 @@ class Connector:
        errMsg  = "'select' method must be defined "
        errMsg += "into the specific DBMS plugin"
        raise sqlmapUndefinedMethod, errMsg
-
-    def setCursor(self):
-        errMsg  = "'setCursor' method must be defined "
-        errMsg += "into the specific DBMS plugin"
-        raise sqlmapUndefinedMethod, errMsg
-
-    def getCursor(self):
-        return self.cursor
-
-    def close(self):
-        errMsg  = "'close' method must be defined "
-        errMsg += "into the specific DBMS plugin"
-        raise sqlmapUndefinedMethod, errMsg