sqlmap/lib/parse/payloads.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

from xml.etree import ElementTree as et

from lib.core.data import conf
from lib.core.data import paths
from lib.core.datatype import advancedDict

def cleanupVals(values, tag):
    if isinstance(values, basestring):
        return values

    count = 0

    for value in values:
        if value.isdigit():
            value = int(value)
        else:
            value = str(value)

        values[count] = value
        count += 1

    if len(values) == 1 and tag not in ("clause", "where"):
        values = values[0]

    return values

def parseXmlNode(node):
    for element in node.getiterator('boundary'):
        boundary = advancedDict()

        for child in element.getchildren():
            if child.text:
                values = cleanupVals(child.text.split(','), child.tag)
                boundary[child.tag] = values
            else:
                boundary[child.tag] = None

        conf.boundaries.append(boundary)

    for element in node.getiterator('test'):
        test = advancedDict()

        for child in element.getchildren():
            if child.text and child.text.strip():
                values = cleanupVals(child.text.split(',') if child.tag != "epayload" else child.text, child.tag)
                test[child.tag] = values
            else:
                if len(child.getchildren()) == 0:
                    test[child.tag] = None
                    continue
                else:
                    test[child.tag] = advancedDict()

                for gchild in child.getchildren():
                    if gchild.tag in test[child.tag]:
                        prevtext = test[child.tag][gchild.tag]
                        test[child.tag][gchild.tag] = [prevtext, gchild.text]
                    else:
                        test[child.tag][gchild.tag] = gchild.text

        conf.tests.append(test)

def loadPayloads():
    doc = et.parse(paths.PAYLOADS_XML)
    root = doc.getroot()
    parseXmlNode(root)
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`#!/usr/bin/env python`

			`"""`
			$Id$

			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`from xml.etree import ElementTree as et`

			`from lib.core.data import conf`
			`from lib.core.data import paths`
			`from lib.core.datatype import advancedDict`

			`def cleanupVals(values, tag):`
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders. 2010-12-01 20:09:52 +03:00			`if isinstance(values, basestring):`
			`return values`

Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`count = 0`

			`for value in values:`
			`if value.isdigit():`
			`value = int(value)`
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file. 2010-12-01 01:40:25 +03:00			`else:`
			`value = str(value)`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00
			`values[count] = value`
			`count += 1`

			`if len(values) == 1 and tag not in ("clause", "where"):`
			`values = values[0]`

			`return values`

			`def parseXmlNode(node):`
			`for element in node.getiterator('boundary'):`
			`boundary = advancedDict()`

			`for child in element.getchildren():`
			`if child.text:`
			`values = cleanupVals(child.text.split(','), child.tag)`
			`boundary[child.tag] = values`
			`else:`
			`boundary[child.tag] = None`

			`conf.boundaries.append(boundary)`

			`for element in node.getiterator('test'):`
			`test = advancedDict()`

			`for child in element.getchildren():`
			`if child.text and child.text.strip():`
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders. 2010-12-01 20:09:52 +03:00			`values = cleanupVals(child.text.split(',') if child.tag != "epayload" else child.text, child.tag)`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`test[child.tag] = values`
			`else:`
			`if len(child.getchildren()) == 0:`
			`test[child.tag] = None`
			`continue`
			`else:`
			`test[child.tag] = advancedDict()`

			`for gchild in child.getchildren():`
			`if gchild.tag in test[child.tag]:`
			`prevtext = test[child.tag][gchild.tag]`
			`test[child.tag][gchild.tag] = [prevtext, gchild.text]`
			`else:`
			`test[child.tag][gchild.tag] = gchild.text`

			`conf.tests.append(test)`

			`def loadPayloads():`
			`doc = et.parse(paths.PAYLOADS_XML)`
			`root = doc.getroot()`
			`parseXmlNode(root)`