Implementation for an Issue #1895

Minor update
Fixes #1664
2025-12-06 12:41:30 +00:00 · 2017-04-06 11:33:59 +02:00 · 2017-03-30 12:05:05 +02:00 · 2017-03-30 11:58:03 +02:00 · 2017-03-30 11:42:34 +02:00 · 2017-03-30 10:24:57 +02:00
25 changed files with 180 additions and 97 deletions
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -77,11 +77,6 @@ def setHandler():
        items.insert(0, _)

    for dbms, aliases, Handler, Connector in items:
-        if conf.dbms and conf.dbms.lower() != dbms and conf.dbms.lower() not in aliases:
-            debugMsg = "skipping test for %s" % dbms
-            logger.debug(debugMsg)
-            continue
-
        handler = Handler()
        conf.dbmsConnector = Connector()

--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -465,7 +465,7 @@ class Backend:

        if not kb:
            pass
-        elif not kb.testMode and conf.dbmsHandler and getattr(conf.dbmsHandler, "_dbms", None):
+        elif not kb.get("testMode") and conf.get("dbmsHandler") and getattr(conf.dbmsHandler, "_dbms", None):
            dbms = conf.dbmsHandler._dbms
        elif Backend.getForcedDbms() is not None:
            dbms = Backend.getForcedDbms()
@@ -517,9 +517,8 @@ class Backend:
    # Comparison methods
    @staticmethod
    def isDbms(dbms):
-        if Backend.getDbms() is not None:
-            return Backend.getDbms() == aliasToDbmsEnum(dbms)
-        else:
+        if not kb.get("testMode") and all((Backend.getDbms(), Backend.getIdentifiedDbms())) and Backend.getDbms() != Backend.getIdentifiedDbms():
+            singleTimeWarnMessage("identified ('%s') and fingerprinted ('%s') DBMSes differ. If you experience problems in enumeration phase please rerun with '--flush-session'" % (Backend.getIdentifiedDbms(), Backend.getDbms()))
        return Backend.getIdentifiedDbms() == aliasToDbmsEnum(dbms)

    @staticmethod
@@ -615,7 +614,8 @@ def paramToDict(place, parameters=None):
                                candidates = OrderedDict()

                                def walk(head, current=None):
-                                    current = current or head
+                                    if current is None:
+                                        current = head
                                    if isListLike(current):
                                        for _ in current:
                                            walk(head, _)
@@ -623,6 +623,7 @@ def paramToDict(place, parameters=None):
                                        for key in current.keys():
                                            value = current[key]
                                            if isinstance(value, (list, tuple, set, dict)):
+                                                if value:
                                                    walk(head, value)
                                            elif isinstance(value, (bool, int, float, basestring)):
                                                original = current[key]
@@ -1497,6 +1498,7 @@ def getLimitRange(count, plusOne=False):
    count = int(count)
    limitStart, limitStop = 1, count

+    if kb.dumpTable:
        if isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop < limitStop:
            limitStop = conf.limitStop

@@ -2613,7 +2615,7 @@ def getPublicTypeMembers(type_, onlyValues=False):
    retVal = []

    for name, value in inspect.getmembers(type_):
-        if not name.startswith('__'):
+        if not name.startswith("__"):
            if not onlyValues:
                retVal.append((name, value))
            else:
@@ -2673,7 +2675,7 @@ def extractTextTagContent(page):
        except MemoryError:
            page = page.replace(REFLECTED_VALUE_MARKER, "")

-    return filter(None, (_.group('result').strip() for _ in re.finditer(TEXT_TAG_REGEX, page)))
+    return filter(None, (_.group("result").strip() for _ in re.finditer(TEXT_TAG_REGEX, page)))

 def trimAlphaNum(value):
    """
@@ -2785,11 +2787,11 @@ def removeDynamicContent(page):
            if prefix is None and suffix is None:
                continue
            elif prefix is None:
-                page = re.sub(r'(?s)^.+%s' % re.escape(suffix), suffix.replace('\\', r'\\'), page)
+                page = re.sub(r"(?s)^.+%s" % re.escape(suffix), suffix.replace('\\', r'\\'), page)
            elif suffix is None:
-                page = re.sub(r'(?s)%s.+$' % re.escape(prefix), prefix.replace('\\', r'\\'), page)
+                page = re.sub(r"(?s)%s.+$" % re.escape(prefix), prefix.replace('\\', r'\\'), page)
            else:
-                page = re.sub(r'(?s)%s.+%s' % (re.escape(prefix), re.escape(suffix)), '%s%s' % (prefix.replace('\\', r'\\'), suffix.replace('\\', r'\\')), page)
+                page = re.sub(r"(?s)%s.+%s" % (re.escape(prefix), re.escape(suffix)), "%s%s" % (prefix.replace('\\', r'\\'), suffix.replace('\\', r'\\')), page)

    return page

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.3.0"
+VERSION = "1.1.4.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -696,7 +696,7 @@ MAX_HISTORY_LENGTH = 1000
 MIN_ENCODED_LEN_CHECK = 5

 # Timeout in seconds in which Metasploit remote session has to be initialized
-METASPLOIT_SESSION_TIMEOUT = 300
+METASPLOIT_SESSION_TIMEOUT = 120

 # Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
 LOBLKSIZE = 2048
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -482,10 +482,10 @@ def cmdLineParser(argv=None):
                               help="Use WHERE condition while table dumping")

        enumeration.add_option("--start", dest="limitStart", type="int",
-                               help="First query output entry to retrieve")
+                               help="First dump table entry to retrieve")

        enumeration.add_option("--stop", dest="limitStop", type="int",
-                               help="Last query output entry to retrieve")
+                               help="Last dump table entry to retrieve")

        enumeration.add_option("--first", dest="firstChar", type="int",
                               help="First query output word character to retrieve")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -481,11 +481,16 @@ class Connect(object):
                else:
                    page = Connect._connReadProxy(conn) if not skipRead else None

-                code = code or (conn.code if conn else None)
+                if conn:
+                    code = conn.code
                    responseHeaders = conn.info()
                    responseHeaders[URI_HTTP_HEADER] = conn.geturl()
+                else:
+                    code = None
+                    responseHeaders = {}
+
                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
-                status = getUnicode(conn.msg)
+                status = getUnicode(conn.msg) if conn else None

            kb.connErrorCounter = 0

@@ -629,6 +634,14 @@ class Connect(object):
                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
                    singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests")
                warnMsg = "connection timed out to the target URL"
+            elif "Connection reset" in tbMsg:
+                if not conf.disablePrecon:
+                    singleTimeWarnMessage("turning off pre-connect mechanism because of connection reset(s)")
+                    conf.disablePrecon = True
+
+                if kb.testMode:
+                    singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is resetting 'suspicious' requests")
+                warnMsg = "connection reset to the target URL"
            elif "URLError" in tbMsg or "error" in tbMsg:
                warnMsg = "unable to connect to the target URL"
                match = re.search(r"Errno \d+\] ([^>]+)", tbMsg)
@@ -1040,20 +1053,29 @@ class Connect(object):
                        found = False
                        value = getUnicode(value)

+                        if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
+                            if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
+                                if re.search(r"<%s\b" % re.escape(name), post):
+                                    found = True
+                                    post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
+                                elif re.search(r"\b%s>" % re.escape(name), post):
+                                    found = True
+                                    post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value, post)
+
                            regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
-                        if kb.postHint and re.search(regex, (post or "")):
+                            if not found and re.search(regex, (post or "")):
                                found = True
                                post = re.sub(regex, "\g<1>\g<2>%s" % value, post)

                        regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
+                        if not found and re.search(regex, (post or "")):
+                            found = True
+                            post = re.sub(regex, "\g<1>%s\g<3>" % value, post)
+
                        if re.search(regex, (get or "")):
                            found = True
                            get = re.sub(regex, "\g<1>%s\g<3>" % value, get)

-                        if re.search(regex, (post or "")):
-                            found = True
-                            post = re.sub(regex, "\g<1>%s\g<3>" % value, post)
-
                        if re.search(regex, (query or "")):
                            found = True
                            uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value, uri)
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import re
 import types
 import urllib2
 import urlparse
@@ -123,7 +124,12 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):

            req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
            if headers and HTTP_HEADER.SET_COOKIE in headers:
-                req.headers[HTTP_HEADER.COOKIE] = headers[HTTP_HEADER.SET_COOKIE].split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)[0]
+                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
+                _ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0]
+                if HTTP_HEADER.COOKIE not in req.headers:
+                    req.headers[HTTP_HEADER.COOKIE] = _
+                else:
+                    req.headers[HTTP_HEADER.COOKIE] = re.sub("%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (_.split('=')[0], delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter))
            try:
                result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
            except urllib2.HTTPError, e:
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -351,7 +351,7 @@ class Metasploit:

            self._cliCmd += " E"
        else:
-            self._cliCmd = "%s -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr)
+            self._cliCmd = "%s -L -x 'use multi/handler; set PAYLOAD %s" % (self._msfConsole, self.payloadConnStr)
            self._cliCmd += "; set EXITFUNC %s" % exitfunc
            self._cliCmd += "; set LPORT %s" % self.portStr

@@ -601,6 +601,8 @@ class Metasploit:

            except (EOFError, IOError, select.error):
                return proc.returncode
+            except KeyboardInterrupt:
+                pass

    def createMsfShellcode(self, exitfunc, format, extra, encode):
        infoMsg = "creating Metasploit Framework multi-stage shellcode "
@@ -620,7 +622,7 @@ class Metasploit:
        pollProcess(process)
        payloadStderr = process.communicate()[1]

-        match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr)
+        match = re.search("(Total size:|Length:|succeeded with size|Final size of exe file:) ([\d]+)", payloadStderr)

        if match:
            payloadSize = int(match.group(2))
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -26,6 +26,7 @@ from lib.core.common import ntToPosixSlashes
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import isWindowsDriveLetterPath
 from lib.core.common import normalizePath
+from lib.core.common import parseFilePaths
 from lib.core.common import posixToNtSlashes
 from lib.core.common import randomInt
 from lib.core.common import randomStr
@@ -38,8 +39,10 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.enums import DBMS
+from lib.core.enums import HTTP_HEADER
 from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
+from lib.core.enums import PLACE
 from lib.core.enums import WEB_API
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
@@ -196,6 +199,60 @@ class Web:
                self.webApi = choices[int(choice) - 1]
                break

+        if not kb.absFilePaths:
+            message = "do you want sqlmap to further try to "
+            message += "provoke the full path disclosure? [Y/n] "
+            getOutput = readInput(message, default="Y")
+
+            if getOutput in ("y", "Y"):
+                headers = {}
+                been = {conf.url}
+
+                for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage, re.I):
+                    url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php")
+                    if url not in been:
+                        try:
+                            page, _, _ = Request.getPage(url=url, raise404=False, silent=True)
+                            parseFilePaths(page)
+                        except:
+                            pass
+                        finally:
+                            been.add(url)
+
+                url = re.sub(r"(\.\w+)\Z", "~\g<1>", conf.url)
+                if url not in been:
+                    try:
+                        page, _, _ = Request.getPage(url=url, raise404=False, silent=True)
+                        parseFilePaths(page)
+                    except:
+                        pass
+                    finally:
+                        been.add(url)
+
+                for place in (PLACE.GET, PLACE.POST):
+                    if place in conf.parameters:
+                        value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place])
+                        if "[]" in value:
+                            page, headers = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
+                            parseFilePaths(page)
+
+                cookie = None
+                if PLACE.COOKIE in conf.parameters:
+                    cookie = conf.parameters[PLACE.COOKIE]
+                elif headers and HTTP_HEADER.SET_COOKIE in headers:
+                    cookie = headers[HTTP_HEADER.SET_COOKIE]
+
+                if cookie:
+                    value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie)
+                    if value != cookie:
+                        page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
+                        parseFilePaths(page)
+
+                    value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie)
+                    if value != cookie:
+                        page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
+                        parseFilePaths(page)
+
        directories = list(arrayizeValue(getManualDirectories()))
        directories.extend(getAutoDirectories())
        directories = list(oset(directories))
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -5,6 +5,7 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import logging
 import random
 import re

@@ -154,7 +155,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=

    if retVal:
        infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
-        singleTimeLogMessage(infoMsg)
+        singleTimeLogMessage(infoMsg, logging.INFO, re.sub(r"\d+", "N", infoMsg))

    return retVal

--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -146,7 +146,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or (conf.dbms or "").lower() in ACCESS_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(ACCESS_ALIASES):
            setDbms(DBMS.ACCESS)

            return True
--- a/plugins/dbms/db2/fingerprint.py
+++ b/plugins/dbms/db2/fingerprint.py
@@ -81,7 +81,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or (conf.dbms or "").lower() in DB2_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(DB2_ALIASES):
            setDbms(DBMS.DB2)

            return True
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@@ -103,9 +103,7 @@ class Fingerprint(GenericFingerprint):
        return retVal

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \
-           or (conf.dbms or "").lower() in FIREBIRD_ALIASES) and Backend.getVersion() and \
-           Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+        if not conf.extensiveFp and Backend.isDbmsWithin(FIREBIRD_ALIASES):
            setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))

            self.getBanner()
--- a/plugins/dbms/hsqldb/fingerprint.py
+++ b/plugins/dbms/hsqldb/fingerprint.py
@@ -80,9 +80,7 @@ class Fingerprint(GenericFingerprint):

        """

-        if not conf.extensiveFp and (Backend.isDbmsWithin(HSQLDB_ALIASES) \
-           or (conf.dbms or "").lower() in HSQLDB_ALIASES) and Backend.getVersion() and \
-           Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+        if not conf.extensiveFp and Backend.isDbmsWithin(HSQLDB_ALIASES):
            setDbms("%s %s" % (DBMS.HSQLDB, Backend.getVersion()))

            if Backend.isVersionGreaterOrEqualThan("1.7.2"):
--- a/plugins/dbms/informix/fingerprint.py
+++ b/plugins/dbms/informix/fingerprint.py
@@ -56,7 +56,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(INFORMIX_ALIASES) or (conf.dbms or "").lower() in INFORMIX_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(INFORMIX_ALIASES):
            setDbms(DBMS.INFORMIX)

            self.getBanner()
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@@ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or (conf.dbms or "").lower() in MAXDB_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(MAXDB_ALIASES):
            setDbms(DBMS.MAXDB)

            self.getBanner()
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -65,9 +65,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \
-           or (conf.dbms or "").lower() in MSSQL_ALIASES) and Backend.getVersion() and \
-           Backend.getVersion().isdigit():
+        if not conf.extensiveFp and Backend.isDbmsWithin(MSSQL_ALIASES):
            setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))

            self.getBanner()
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -46,12 +46,12 @@ class Fingerprint(GenericFingerprint):
                     (32300, 32359),    # MySQL 3.23
                     (40000, 40032),    # MySQL 4.0
                     (40100, 40131),    # MySQL 4.1
-                     (50000, 50092),    # MySQL 5.0
+                     (50000, 50096),    # MySQL 5.0
                     (50100, 50172),    # MySQL 5.1
                     (50400, 50404),    # MySQL 5.4
-                     (50500, 50552),    # MySQL 5.5
-                     (50600, 50633),    # MySQL 5.6
-                     (50700, 50715),    # MySQL 5.7
+                     (50500, 50554),    # MySQL 5.5
+                     (50600, 50635),    # MySQL 5.6
+                     (50700, 50717),    # MySQL 5.7
                     (60000, 60014),    # MySQL 6.0
                   )

@@ -150,9 +150,7 @@ class Fingerprint(GenericFingerprint):
        * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
        """

-        if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \
-           or (conf.dbms or "").lower() in MYSQL_ALIASES) and Backend.getVersion() and \
-           Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+        if not conf.extensiveFp and Backend.isDbmsWithin(MYSQL_ALIASES):
            setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion()))

            if Backend.isVersionGreaterOrEqualThan("5"):
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -58,7 +58,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or (conf.dbms or "").lower() in ORACLE_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(ORACLE_ALIASES):
            setDbms(DBMS.ORACLE)

            self.getBanner()
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
        * http://www.postgresql.org/docs/9.1/interactive/release.html (up to 9.1.3)
        """

-        if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or (conf.dbms or "").lower() in PGSQL_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(PGSQL_ALIASES):
            setDbms(DBMS.PGSQL)

            self.getBanner()
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@@ -64,7 +64,7 @@ class Fingerprint(GenericFingerprint):
        * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
        """

-        if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or (conf.dbms or "").lower() in SQLITE_ALIASES):
+        if not conf.extensiveFp and Backend.isDbmsWithin(SQLITE_ALIASES):
            setDbms(DBMS.SQLITE)

            self.getBanner()
--- a/plugins/dbms/sybase/fingerprint.py
+++ b/plugins/dbms/sybase/fingerprint.py
@@ -58,9 +58,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \
-           or (conf.dbms or "").lower() in SYBASE_ALIASES) and Backend.getVersion() and \
-           Backend.getVersion().isdigit():
+        if not conf.extensiveFp and Backend.isDbmsWithin(SYBASE_ALIASES):
            setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))

            self.getBanner()
--- a/plugins/generic/connector.py
+++ b/plugins/generic/connector.py
@@ -11,6 +11,7 @@ from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapUndefinedMethod
+from lib.core.settings import UNICODE_ENCODING

 class Connector:
    """
@@ -22,8 +23,8 @@ class Connector:
        self.cursor = None

    def initConnection(self):
-        self.user = conf.dbmsUser
-        self.password = conf.dbmsPass if conf.dbmsPass is not None else ""
+        self.user = conf.dbmsUser.encode(UNICODE_ENCODING) if conf.dbmsUser is not None else ""
+        self.password = conf.dbmsPass.encode(UNICODE_ENCODING) if conf.dbmsPass is not None else ""
        self.hostname = conf.hostname
        self.port = conf.port
        self.db = conf.dbmsDb
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -192,7 +192,14 @@ class Entries:
                    query = agent.whereQuery(query)

                    if not entries and query:
+                        try:
                            entries = inject.getValue(query, blind=False, time=False, dump=True)
+                        except KeyboardInterrupt:
+                            entries = None
+                            kb.dumpKeyboardInterrupt = True
+                            clearConsoleLine()
+                            warnMsg = "Ctrl+C detected in dumping phase"
+                            logger.warn(warnMsg)

                    if not isNoneValue(entries):
                        if isinstance(entries, basestring):
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -512,13 +512,13 @@ excludeSysDbs = False

 # First query output entry to retrieve
 # Valid: integer
-# Default: 0 (sqlmap will start to retrieve the query output entries from
-# the first)
+# Default: 0 (sqlmap will start to retrieve the table dump entries from
+# first one)
 limitStart = 0

 # Last query output entry to retrieve
 # Valid: integer
-# Default: 0 (sqlmap will detect the number of query output entries and
+# Default: 0 (sqlmap will detect the number of table dump entries and
 # retrieve them until the last)
 limitStop = 0

--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -22,11 +22,11 @@ c55b400b72acc43e0e59c87dd8bb8d75  extra/shellcodeexec/windows/shellcodeexec.x32.
 5df358defc488bee9b40084892e3d1cb  lib/controller/action.py
 9cb94acd4c59822a5e1a258c4d1a4860  lib/controller/checks.py
 dc386321e8813788f155dc557a78be8d  lib/controller/controller.py
-5c3237d4a210056139cc9d686c49ba58  lib/controller/handler.py
+d79481ab99acd739615e747d4a79d9d0  lib/controller/handler.py
 310efc965c862cfbd7b0da5150a5ad36  lib/controller/__init__.py
 19905ecb4437b94512cf21d5f1720091  lib/core/agent.py
 6cc95a117fbd34ef31b9aa25520f0e31  lib/core/bigarray.py
-49a5b57e69bd15a3f718e880fb7fa01f  lib/core/common.py
+145d131884dd5401d7a52effaea2ee9e  lib/core/common.py
 5065a4242a8cccf72f91e22e1007ae63  lib/core/convert.py
 a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 7936d78b1a7f1f008ff92bf2f88574ba  lib/core/datatype.py
@@ -45,7 +45,7 @@ a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 d8e9250f3775119df07e9070eddccd16  lib/core/replication.py
 785f86e3f963fa3798f84286a4e83ff2  lib/core/revision.py
 40c80b28b3a5819b737a5a17d4565ae9  lib/core/session.py
-36001abd1286001c8d1ad41212290cba  lib/core/settings.py
+50edc9861e7441371210f5fae263207c  lib/core/settings.py
 d91291997d2bd2f6028aaf371bf1d3b6  lib/core/shell.py
 2ad85c130cc5f2b3701ea85c2f6bbf20  lib/core/subprocessng.py
 afd0636d2e93c23f4f0a5c9b6023ea17  lib/core/target.py
@@ -56,7 +56,7 @@ ad74fc58fc7214802fd27067bce18dd2  lib/core/unescaper.py
 4d13ed693401a498b6d073a2a494bd83  lib/core/wordlist.py
 310efc965c862cfbd7b0da5150a5ad36  lib/__init__.py
 8c4b04062db2245d9e190b413985202a  lib/parse/banner.py
-942e1d7cb6f777ff198358d43246c40c  lib/parse/cmdline.py
+54f06c50771ce894a3c6a418d545f4bf  lib/parse/cmdline.py
 3a31657bc38f277d0016ff6d50bde61f  lib/parse/configfile.py
 14539f1be714d4f1ed042067d63bc50a  lib/parse/handler.py
 64e5bb3ecbdd75144500588b437ba8da  lib/parse/headers.py
@@ -67,7 +67,7 @@ a0444cc351cd6d29015ad16d9eb46ff4  lib/parse/sitemap.py
 403d873f1d2fd0c7f73d83f104e41850  lib/request/basicauthhandler.py
 0035612a620934d7ebe6d18426cfb065  lib/request/basic.py
 ef48de622b0a6b4a71df64b0d2785ef8  lib/request/comparison.py
-52f45db6ce721df1fae0dedadbf84627  lib/request/connect.py
+74a2a83e3af11ab02088c79b6367ef29  lib/request/connect.py
 fb6b788d0016ab4ec5e5f661f0f702ad  lib/request/direct.py
 cc1163d38e9b7ee5db2adac6784c02bb  lib/request/dns.py
 5dcdb37823a0b5eff65cd1018bcf09e4  lib/request/httpshandler.py
@@ -76,15 +76,15 @@ e68e1f00c7bb47b2c4ea6201995c56fb  lib/request/inject.py
 dc1e0af84ee8eb421797d61c8cb8f172  lib/request/methodrequest.py
 bb9c165b050f7696b089b96b5947fac3  lib/request/pkihandler.py
 602d4338a9fceaaee40c601410d8ac0b  lib/request/rangehandler.py
-e687a727b641211dfae7346b671059c5  lib/request/redirecthandler.py
+b581e0c5e27cd927883f2c7f1705bf4e  lib/request/redirecthandler.py
 20a0e6dac2edcf98fa8c47ee9a332c28  lib/request/templates.py
 36518b36ae0cf199490457916a85b367  lib/takeover/abstraction.py
 c6bc7961a186baabe0a9f5b7e0d8974b  lib/takeover/icmpsh.py
 310efc965c862cfbd7b0da5150a5ad36  lib/takeover/__init__.py
-71d45fd7f11804872284ee3ae5e60970  lib/takeover/metasploit.py
+c90c993b020a6ae0f0e497fd84f37466  lib/takeover/metasploit.py
 ac541a0d38e4ecb4e41e97799a7235f4  lib/takeover/registry.py
 4cd0322f22fbc26284cffa9f8f7545ef  lib/takeover/udf.py
-a610e0ef2fb8512604c2b6c081174850  lib/takeover/web.py
+ab021269ad7f4d552025448ae08c51d0  lib/takeover/web.py
 e5a82481947e798d0c11f3acf3e9db60  lib/takeover/xp_cmdshell.py
 cae752650755c706272a45ae84519a4b  lib/techniques/blind/inference.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/blind/__init__.py
@@ -97,7 +97,7 @@ d3da4c7ceaf57c4687a052d58722f6bb  lib/techniques/dns/use.py
 2fb0eb698fc9d6e19960d2136bce787d  lib/techniques/error/use.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/__init__.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/union/__init__.py
-4bed3ed51faad9b910899cacf56e8eac  lib/techniques/union/test.py
+19fd73af7a278fd72b46a5a60f5bdd09  lib/techniques/union/test.py
 8cd5655c60a638caa30ca1220896aeda  lib/techniques/union/use.py
 b8c9bbf1a50f1b2fdd0d3644922e252a  lib/utils/api.py
 29e32d59fcdd63c5a13498af1f367c8c  lib/utils/crawler.py
@@ -118,35 +118,35 @@ caeea96ec9c9d489f615f282259b32ca  lib/utils/timeout.py
 b90aae84100a6c4c2bd5eeb4197fbc6e  plugins/dbms/access/connector.py
 a71f7c8ffcb9b250cc785cad830e8980  plugins/dbms/access/enumeration.py
 38a0c758d9b86915fce894b779e79e4d  plugins/dbms/access/filesystem.py
-818482929a68a270bc4331cf6c436d13  plugins/dbms/access/fingerprint.py
+fe34217a0b79ac25e3af007dd46cd340  plugins/dbms/access/fingerprint.py
 5a691580a59eca29bae2283b57682025  plugins/dbms/access/__init__.py
 c12f4f266830636462eac98e35ebb73e  plugins/dbms/access/syntax.py
 3fc75c350a30597962bc692c973eeeb3  plugins/dbms/access/takeover.py
 a763887d6e6e99c5a73d9cf450cd84fe  plugins/dbms/db2/connector.py
 9d54e01e1576a423159f0e47aeb2837a  plugins/dbms/db2/enumeration.py
 667e50aa06883f0f194bef335015d694  plugins/dbms/db2/filesystem.py
-d82e641f156d7c0fe015510a2f593b16  plugins/dbms/db2/fingerprint.py
+9c6ef13c056a256e4704b924af0d7cc6  plugins/dbms/db2/fingerprint.py
 35ed6e262cf68d4ab2c6111dd5fb0414  plugins/dbms/db2/__init__.py
 ce8bc86383f2ade41e08f2dbee1844bf  plugins/dbms/db2/syntax.py
 744fb5044f2b9f9d5ebda6e3f08e3be7  plugins/dbms/db2/takeover.py
 b8dcd6e97166f58ee452e68c46bfe2c4  plugins/dbms/firebird/connector.py
 147afe5f4a3d09548a8a1dbc954fe29e  plugins/dbms/firebird/enumeration.py
 4e421504f59861bf1ed1a89abda583d1  plugins/dbms/firebird/filesystem.py
-fc6fdb1fb1be84db541995c87746efe1  plugins/dbms/firebird/fingerprint.py
+bbd239cd27b35c2fbd29443f0af5d973  plugins/dbms/firebird/fingerprint.py
 f86ace7fcaea5ff3f9e86ab2dce052c5  plugins/dbms/firebird/__init__.py
 04f7c2977ab5198c6f4aa6233b872ae0  plugins/dbms/firebird/syntax.py
 1cb1ab93e4b8c97e81586acfe4d030a2  plugins/dbms/firebird/takeover.py
 3a97bd07cce66bc812309341e7b54697  plugins/dbms/hsqldb/connector.py
 015281fb8f96dbade0d2e30fc8da9c4c  plugins/dbms/hsqldb/enumeration.py
 c0b14e62e1ecbb679569a1abb9cf1913  plugins/dbms/hsqldb/filesystem.py
-205ec651547b3fef04afc9580ab35672  plugins/dbms/hsqldb/fingerprint.py
+82304c5d7b06bb564dcdd8cda84dbeae  plugins/dbms/hsqldb/fingerprint.py
 0b18e3cf582b128cf9f16ee34ef85727  plugins/dbms/hsqldb/__init__.py
 65e8f8edc9d18fe482deb474a29f83ff  plugins/dbms/hsqldb/syntax.py
 0a1584e2b01f33abe3ef91d99bafbd3f  plugins/dbms/hsqldb/takeover.py
 f8eaeb71239369e6ceff47596439871b  plugins/dbms/informix/connector.py
 989e75a65503dd648a45258217ae3371  plugins/dbms/informix/enumeration.py
 667e50aa06883f0f194bef335015d694  plugins/dbms/informix/filesystem.py
-df241894bc46576590fae7809650aa58  plugins/dbms/informix/fingerprint.py
+f06d263b2c9b52ea7a120593eb5806c4  plugins/dbms/informix/fingerprint.py
 859d2ed1e0c1b8a1b92c8b2044e6afc5  plugins/dbms/informix/__init__.py
 0aa8ec7b83435a1ecec19c5320728051  plugins/dbms/informix/syntax.py
 744fb5044f2b9f9d5ebda6e3f08e3be7  plugins/dbms/informix/takeover.py
@@ -154,56 +154,56 @@ df241894bc46576590fae7809650aa58  plugins/dbms/informix/fingerprint.py
 e50b624ff23c3e180d80e065deb1763f  plugins/dbms/maxdb/connector.py
 cbd90f22ce862409fe392e65f0ea94ac  plugins/dbms/maxdb/enumeration.py
 815ea8e7b9bd714d73d9d6c454aff774  plugins/dbms/maxdb/filesystem.py
-30ace2bbd22cf6152e4a7e9d8176bdc1  plugins/dbms/maxdb/fingerprint.py
+017c723354eff28188773670d3837c01  plugins/dbms/maxdb/fingerprint.py
 c03001c1f70e76de39d26241dfcbd033  plugins/dbms/maxdb/__init__.py
 e6036f5b2e39aec37ba036a8cf0efd6f  plugins/dbms/maxdb/syntax.py
 0be362015605e26551e5d79cc83ed466  plugins/dbms/maxdb/takeover.py
 e3e78fab9b5eb97867699f0b20e59b62  plugins/dbms/mssqlserver/connector.py
 a7ed0510e47384eaf93164d53e2b6b36  plugins/dbms/mssqlserver/enumeration.py
 8554437c437052c30237be170ba8ce3a  plugins/dbms/mssqlserver/filesystem.py
-4e4bb17dfb175b5f6485d7513e4c8fb1  plugins/dbms/mssqlserver/fingerprint.py
+13cb15e8abfb05818e6f66c687b78664  plugins/dbms/mssqlserver/fingerprint.py
 40bd890988f9acd3942255d687445371  plugins/dbms/mssqlserver/__init__.py
 400ce654ff6bc57a40fb291322a18282  plugins/dbms/mssqlserver/syntax.py
 20c669e084ea4d6b968a5834f7fec66c  plugins/dbms/mssqlserver/takeover.py
 48fb283a0dbf980495ca054f7b55783f  plugins/dbms/mysql/connector.py
 7fe94b803fa273baf479b76ce7a3fb51  plugins/dbms/mysql/enumeration.py
 1bd5e659962e814b66a451b807de9110  plugins/dbms/mysql/filesystem.py
-e9076fe684eb3fe037f945601c7017f0  plugins/dbms/mysql/fingerprint.py
+1a17c2dea2cd7554cf9082fdf96f8360  plugins/dbms/mysql/fingerprint.py
 42568a66a13a43ed46748290c503a652  plugins/dbms/mysql/__init__.py
 96dfafcc4aecc1c574148ac05dbdb6da  plugins/dbms/mysql/syntax.py
 33b2dc28075ab560fd8a4dc898682a0d  plugins/dbms/mysql/takeover.py
 ea4b9cd238075b79945bd2607810934a  plugins/dbms/oracle/connector.py
 3a08ef0037de6df9f9a92ec5b126d705  plugins/dbms/oracle/enumeration.py
 dc5962a1d4d69d4206b6c03e00e7f33d  plugins/dbms/oracle/filesystem.py
-d19215a6aee5d04d67ee67eb2cac9893  plugins/dbms/oracle/fingerprint.py
+525381f48505095b14e567c1f59ca9c7  plugins/dbms/oracle/fingerprint.py
 25a99a9dd7072b6b7346438599c78050  plugins/dbms/oracle/__init__.py
 783d4795fac75f73a7cfba3cd9c3d01c  plugins/dbms/oracle/syntax.py
 c05176f6efe66069756fb78dfa0ed3f6  plugins/dbms/oracle/takeover.py
 e087d54b9b2617a9f40be15a2bd478c2  plugins/dbms/postgresql/connector.py
 8377c5ab3de500f9a495fcd9e2a75d3e  plugins/dbms/postgresql/enumeration.py
 48822058c620ffaa2acc599b4d39c667  plugins/dbms/postgresql/filesystem.py
-1d514afa3106fa5fbd6fa2dd33970917  plugins/dbms/postgresql/fingerprint.py
+c10df993e8b243ba3d6a94e8ae28a875  plugins/dbms/postgresql/fingerprint.py
 a3a4e82e9a68329c44762897c87acfec  plugins/dbms/postgresql/__init__.py
 76bde1ffb3040ae709156449a583e9ed  plugins/dbms/postgresql/syntax.py
 286f95526a6ce0b8ae9bff6fc3117af0  plugins/dbms/postgresql/takeover.py
 719fdd12e360458e822950f245d67ad0  plugins/dbms/sqlite/connector.py
 28b9d7d0614e52275a30b5a57fc76027  plugins/dbms/sqlite/enumeration.py
 954e503cfc8dd1acf9fc50868f5dafb0  plugins/dbms/sqlite/filesystem.py
-60febaa44bd2fe5919e80e3bd7f0c2dd  plugins/dbms/sqlite/fingerprint.py
+ee430d142fa8f9ee571578d0a0916679  plugins/dbms/sqlite/fingerprint.py
 6b17cc8cc94a912a0a5cf15acbad5ba4  plugins/dbms/sqlite/__init__.py
 4827722159a89652005f49265bb55c43  plugins/dbms/sqlite/syntax.py
 02ab8ff465da9dd31ffe6a963c676180  plugins/dbms/sqlite/takeover.py
 e3e78fab9b5eb97867699f0b20e59b62  plugins/dbms/sybase/connector.py
 a7f4d3a194f52fbb4fb4488be41273b1  plugins/dbms/sybase/enumeration.py
 62d772c7cd08275e3503304ba90c4e8a  plugins/dbms/sybase/filesystem.py
-9e3e9a1f8dd491a95e833155a4157662  plugins/dbms/sybase/fingerprint.py
+deed74334b637767fc9de8f74b37647a  plugins/dbms/sybase/fingerprint.py
 45436a42c2bb8075e1482a950d993d55  plugins/dbms/sybase/__init__.py
 89412a921c8c598c19d36762d5820f05  plugins/dbms/sybase/syntax.py
 654cd5e69cf5e5c644bfa5d284e61206  plugins/dbms/sybase/takeover.py
-1f46f2eac95cfdc3fa150ec5b0500eba  plugins/generic/connector.py
+be7481a96214220bcd8f51ca00239bed  plugins/generic/connector.py
 a8f9d0516509e9e4226516ab4f13036a  plugins/generic/custom.py
 3b54fd65feb9f70c551d315e82653384  plugins/generic/databases.py
-45c32855126546a0d9936ecdc943ab3f  plugins/generic/entries.py
+f7387352380136ac05c0bc3decb85638  plugins/generic/entries.py
 55802d1d5d65938414c77ccc27731cab  plugins/generic/enumeration.py
 bc32b21a3ab5421b5307ff7317256229  plugins/generic/filesystem.py
 feca57a968c528a2fe3ccafbc83a17f8  plugins/generic/fingerprint.py
Author	SHA1	Message	Date
Miroslav Stampar	cfe34f61b8	Implementation for an Issue #1895	2017-04-06 11:33:59 +02:00
Miroslav Stampar	c1c7ea33fe	Minor update	2017-03-30 12:05:05 +02:00
Miroslav Stampar	4458a443ef	Fixes #1664	2017-03-30 11:58:03 +02:00
Miroslav Stampar	16bd3a1f02	Fixes #2453	2017-03-30 11:42:34 +02:00
Miroslav Stampar	a358bc0a38	Minor update	2017-03-30 10:24:57 +02:00
Miroslav Stampar	aebae6e27b	Added (heuristic) support for #1679	2017-03-30 10:16:35 +02:00
Miroslav Stampar	0a3e771b1b	Fixes #2449	2017-03-28 15:22:53 +02:00
Miroslav Stampar	f82c0497fa	Fixes #2447	2017-03-27 22:36:04 +02:00
Miroslav Stampar	715763885d	Fixes #2306	2017-03-24 14:20:18 +01:00
Miroslav Stampar	4aae5d9a9d	Fixes #2444	2017-03-19 21:34:47 +01:00
Miroslav Stampar	1bc583d358	Another patch related to the #2440	2017-03-17 09:43:45 +01:00
Miroslav Stampar	e506a390db	Minor patch (prevent message spamming of multiple union column possibilities)	2017-03-15 16:18:20 +01:00
Miroslav Stampar	c5b4af8636	Dummy commit (to provoke rehash)	2017-03-15 16:07:52 +01:00
Miroslav Stampar	c29e47f72f	Fixes #2440	2017-03-15 16:04:56 +01:00
Miroslav Stampar	4087213501	Merge pull request #2439 from klensy/mysql-fingerprint-update updated mysql version numbers	2017-03-14 21:15:44 +01:00
klensy	e4725366d3	updated mysql version numbers	2017-03-14 15:11:03 +03:00
Miroslav Stampar	60e8c725f9	Fixes #2437	2017-03-12 23:24:13 +01:00
Miroslav Stampar	5dba32b2e1	Fixes #2431	2017-03-12 09:52:37 +01:00
Miroslav Stampar	ef04c99069	No more dumb usage of '--dbms'	2017-03-06 12:53:04 +01:00
Miroslav Stampar	e2fb16c98c	Fixes #2425	2017-03-06 12:05:58 +01:00
Miroslav Stampar	d2b16c5c91	Fixes #2422	2017-03-01 11:09:55 +01:00
Miroslav Stampar	9f0c42dde0	Minor leftover	2017-03-01 10:09:13 +01:00