From 7b4ecd9df0b5a39650075fc11038a132c795a415 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 2 Jul 2012 00:22:34 +0100 Subject: [PATCH] added skeleton code for issue #34, still not usable --- lib/core/option.py | 24 +++++++++++++++++++++++- lib/core/optiondict.py | 1 + lib/parse/cmdline.py | 5 ++++- lib/request/inject.py | 2 +- sqlmap.conf | 8 ++++++++ 5 files changed, 37 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 9cf1f4614..d7cf60282 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -558,6 +558,28 @@ def __findPageForms(): findPageForms(page, conf.url, True, True) +def __setDBMSAuthentication(): + """ + Check and set the DBMS authentication credentials to run statements as + another user, not the session user + """ + + if not conf.dCred: + return + + debugMsg = "setting the DBMS authentication credentials" + logger.debug(debugMsg) + + dCredRegExp = re.search("^(.+?):(.*?)$", conf.dCred) + + if not dCredRegExp: + errMsg = "DBMS authentication credentials value must be in format " + errMsg += "username:password" + raise sqlmapSyntaxException, errMsg + + conf.dbmsUsername = dCredRegExp.group(1) + conf.dbmsPassword = dCredRegExp.group(2) + def __setMetasploit(): if not conf.osPwn and not conf.osSmb and not conf.osBof: return @@ -1992,7 +2014,7 @@ def init(inputOptions=AttribDict(), overrideOptions=False): __setOS() __setWriteFile() __setMetasploit() - + __setDBMSAuthentication() loadPayloads() __setPrefixSuffix() update() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 1b7fb0908..45d43079d 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -167,6 +167,7 @@ optDict = { "checkTor": "boolean", "crawlDepth": "integer", "csvDel": "string", + "dCred": "string", "eta": "boolean", "flushSession": "boolean", "forms": "boolean", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 889db5094..d1ce39d54 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -516,10 +516,13 @@ def cmdLineParser(): help="Delimiting character used in CSV output " "(default \"%s\")" % defaults.csvDel) + general.add_option("--dbms-cred", dest="dCred", + help="DBMS authentication credentials (user:password)") + general.add_option("--eta", dest="eta", action="store_true", help="Display for each output the " - "estimated time of arrival") + "estimated time of arrival") general.add_option("--flush-session", dest="flushSession", action="store_true", diff --git a/lib/request/inject.py b/lib/request/inject.py index b25061e83..9660f9209 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -479,7 +479,7 @@ def goStacked(expression, silent=False): return direct(expression) comment = queries[Backend.getIdentifiedDbms()].comment.query - query = agent.prefixQuery("; %s" % expression) + query = agent.prefixQuery(";%s" % expression) query = agent.suffixQuery("%s;%s" % (query, comment)) payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True) diff --git a/sqlmap.conf b/sqlmap.conf index 4a02b25cb..d93e524a2 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -567,6 +567,14 @@ crawlDepth = 0 # Default: , csvDel = , +# DBMS authentication credentials (user:password). Useful if you want to +# run SQL statements as another user, the back-end database management +# system is PostgreSQL or Microsoft SQL Server and the parameter is +# vulnerable by stacked queries SQL injection or you are connecting directly +# to the DBMS (-d switch). +# Syntax: username:password +dCred = + # Retrieve each query output length and calculate the estimated time of # arrival in real time. # Valid: True or False