2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2012-04-04 16:42:58 +04:00
|
|
|
|
|
|
|
"""
|
2019-01-05 23:38:52 +03:00
|
|
|
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2012-04-04 16:42:58 +04:00
|
|
|
"""
|
|
|
|
|
|
|
|
from lib.core.common import Backend
|
|
|
|
from lib.core.common import randomInt
|
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
2012-08-21 13:19:15 +04:00
|
|
|
from lib.core.dicts import FROM_DUMMY_TABLE
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapNotVulnerableException
|
2012-04-04 16:42:58 +04:00
|
|
|
from lib.techniques.dns.use import dnsUse
|
|
|
|
|
|
|
|
def dnsTest(payload):
|
|
|
|
logger.info("testing for data retrieval through DNS channel")
|
|
|
|
|
|
|
|
randInt = randomInt()
|
|
|
|
kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
|
|
|
|
|
|
|
|
if not kb.dnsTest:
|
2012-07-30 23:50:46 +04:00
|
|
|
errMsg = "data retrieval through DNS channel failed"
|
|
|
|
if not conf.forceDns:
|
2016-10-22 22:52:18 +03:00
|
|
|
conf.dnsDomain = None
|
2012-07-30 23:50:46 +04:00
|
|
|
errMsg += ". Turning off DNS exfiltration support"
|
|
|
|
logger.error(errMsg)
|
|
|
|
else:
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapNotVulnerableException(errMsg)
|
2012-04-04 16:42:58 +04:00
|
|
|
else:
|
|
|
|
infoMsg = "data retrieval through DNS channel was successful"
|
|
|
|
logger.info(infoMsg)
|