sqlmap/lib/controller/action.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.controller.handler import setHandler
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import CONTENT_TYPE
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUnsupportedDBMSException
from lib.core.settings import SUPPORTED_DBMS
from lib.utils.brute import columnExists
from lib.utils.brute import fileExists
from lib.utils.brute import tableExists

def action():
    """
    This function exploit the SQL injection on the affected
    URL parameter and extract requested data from the
    back-end database management system or operating system
    if possible
    """

    # First of all we have to identify the back-end database management
    # system to be able to go ahead with the injection
    setHandler()

    if not Backend.getDbms() or not conf.dbmsHandler:
        htmlParsed = Format.getErrorParsedDBMSes()

        errMsg = "sqlmap was not able to fingerprint the "
        errMsg += "back-end database management system"

        if htmlParsed:
            errMsg += ", but from the HTML error page it was "
            errMsg += "possible to determinate that the "
            errMsg += "back-end DBMS is %s" % htmlParsed

        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
            errMsg += ". Do not specify the back-end DBMS manually, "
            errMsg += "sqlmap will fingerprint the DBMS for you"
        elif kb.nullConnection:
            errMsg += ". You can try to rerun without using optimization "
            errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")

        raise SqlmapUnsupportedDBMSException(errMsg)

    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())

    kb.fingerprinted = True

    # Enumeration options
    if conf.getBanner:
        conf.dumper.banner(conf.dbmsHandler.getBanner())

    if conf.getCurrentUser:
        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())

    if conf.getCurrentDb:
        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())

    if conf.getHostname:
        conf.dumper.hostname(conf.dbmsHandler.getHostname())

    if conf.isDba:
        conf.dumper.dba(conf.dbmsHandler.isDba())

    if conf.getUsers:
        conf.dumper.users(conf.dbmsHandler.getUsers())

    if conf.getStatements:
        conf.dumper.statements(conf.dbmsHandler.getStatements())

    if conf.getPasswordHashes:
        try:
            conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getPrivileges:
        try:
            conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getRoles:
        try:
            conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getDbs:
        try:
            conf.dumper.dbs(conf.dbmsHandler.getDbs())
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getTables:
        try:
            conf.dumper.dbTables(conf.dbmsHandler.getTables())
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.commonTables:
        try:
            conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getSchema:
        try:
            conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getColumns:
        try:
            conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.getCount:
        try:
            conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.commonColumns:
        try:
            conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.dumpTable:
        try:
            conf.dbmsHandler.dumpTable()
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.dumpAll:
        try:
            conf.dbmsHandler.dumpAll()
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.search:
        try:
            conf.dbmsHandler.search()
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    if conf.sqlQuery:
        for query in conf.sqlQuery.strip(';').split(';'):
            query = query.strip()
            if query:
                conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))

    if conf.sqlShell:
        conf.dbmsHandler.sqlShell()

    if conf.sqlFile:
        conf.dbmsHandler.sqlFile()

    # User-defined function options
    if conf.udfInject:
        conf.dbmsHandler.udfInjectCustom()

    # File system options
    if conf.fileRead:
        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))

    if conf.fileWrite:
        conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)

    if conf.commonFiles:
        try:
            conf.dumper.rFile(fileExists(paths.COMMON_FILES))
        except SqlmapNoneDataException as ex:
            logger.critical(ex)
        except:
            raise

    # Operating system options
    if conf.osCmd:
        conf.dbmsHandler.osCmd()

    if conf.osShell:
        conf.dbmsHandler.osShell()

    if conf.osPwn:
        conf.dbmsHandler.osPwn()

    if conf.osSmb:
        conf.dbmsHandler.osSmb()

    if conf.osBof:
        conf.dbmsHandler.osBof()

    # Windows registry options
    if conf.regRead:
        conf.dumper.registerValue(conf.dbmsHandler.regRead())

    if conf.regAdd:
        conf.dbmsHandler.regAdd()

    if conf.regDel:
        conf.dbmsHandler.regDel()

    # Miscellaneous options
    if conf.cleanup:
        conf.dbmsHandler.cleanup()

    if conf.direct:
        conf.dbmsConnector.close()
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`"""`
Copyright year bump 2022-01-03 13:30:34 +03:00			`Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

			`from lib.controller.handler import setHandler`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
			`from lib.core.common import Format`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`from lib.core.data import logger`
changes regarding EXISTS feature 2010-09-30 16:35:45 +04:00			`from lib.core.data import paths`
variable renamed 2013-01-30 19:30:34 +04:00			`from lib.core.enums import CONTENT_TYPE`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapNoneDataException`
			`from lib.core.exception import SqlmapUnsupportedDBMSException`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`from lib.core.settings import SUPPORTED_DBMS`
Moving brute from techniques to utils 2017-04-18 14:53:41 +03:00			`from lib.utils.brute import columnExists`
Implements #2908 2019-06-27 18:28:43 +03:00			`from lib.utils.brute import fileExists`
Moving brute from techniques to utils 2017-04-18 14:53:41 +03:00			`from lib.utils.brute import tableExists`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`def action():`
			`"""`
			`This function exploit the SQL injection on the affected`
Style and consistency update (url -> URL) 2013-04-09 13:48:42 +04:00			`URL parameter and extract requested data from the`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`back-end database management system or operating system`
			`if possible`
			`"""`

			`# First of all we have to identify the back-end database management`
			`# system to be able to go ahead with the injection`
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00			`setHandler()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`if not Backend.getDbms() or not conf.dbmsHandler:`
			`htmlParsed = Format.getErrorParsedDBMSes()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor code restyling 2011-04-30 17:20:05 +04:00			`errMsg = "sqlmap was not able to fingerprint the "`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`errMsg += "back-end database management system"`

			`if htmlParsed:`
			`errMsg += ", but from the HTML error page it was "`
			`errMsg += "possible to determinate that the "`
minor update 2012-05-09 14:06:23 +04:00			`errMsg += "back-end DBMS is %s" % htmlParsed`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:`
			`errMsg += ". Do not specify the back-end DBMS manually, "`
			`errMsg += "sqlmap will fingerprint the DBMS for you"`
update of dynamicity testing and few misc fixes 2010-11-05 16:14:12 +03:00			`elif kb.nullConnection:`
			`errMsg += ". You can try to rerun without using optimization "`
			`errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Replacing old and deprecated raise Exception style (PEP8) 2013-01-04 02:20:55 +04:00			`raise SqlmapUnsupportedDBMSException(errMsg)`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
minor fix: add also back-end DBMS and web app fingerprint output to log file 2012-12-17 17:02:09 +04:00			`conf.dumper.singleString(conf.dbmsHandler.getFingerprint())`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor update 2020-03-26 16:58:58 +03:00			`kb.fingerprinted = True`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`# Enumeration options`
			`if conf.getBanner:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.banner(conf.dbmsHandler.getBanner())`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.getCurrentUser:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.getCurrentDb:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 03:01:57 +04:00			`if conf.getHostname:`
			`conf.dumper.hostname(conf.dbmsHandler.getHostname())`

Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator. 2008-12-18 23:41:11 +03:00			`if conf.isDba:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.dba(conf.dbmsHandler.isDba())`
Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator. 2008-12-18 23:41:11 +03:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if conf.getUsers:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.users(conf.dbmsHandler.getUsers())`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Implements #1222 2019-05-29 16:52:33 +03:00			`if conf.getStatements:`
			`conf.dumper.statements(conf.dbmsHandler.getStatements())`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if conf.getPasswordHashes:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`try:`
Minor cosmetics 2016-09-02 17:10:11 +03:00			`conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)`
Baby steps (2 to 3 at a time) 2019-01-22 02:40:48 +03:00			`except SqlmapNoneDataException as ex:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.getPrivileges:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`try:`
Minor cosmetics 2016-09-02 17:10:11 +03:00			`conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)`
Baby steps (2 to 3 at a time) 2019-01-22 02:40:48 +03:00			`except SqlmapNoneDataException as ex:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180. Minor enhancement to Firebird to determine if a DB user is a DBA. Minor code refactoring. 2010-03-25 18:46:06 +03:00			`if conf.getRoles:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`try:`
Minor cosmetics 2016-09-02 17:10:11 +03:00			`conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)`
Baby steps (2 to 3 at a time) 2019-01-22 02:40:48 +03:00			`except SqlmapNoneDataException as ex:`
Patch for an Issue #127 2012-10-05 12:49:31 +04:00			`logger.critical(ex)`
			`except:`
			`raise`
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180. Minor enhancement to Firebird to determine if a DB user is a DBA. Minor code refactoring. 2010-03-25 18:46:06 +03:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if conf.getDbs:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbs(conf.dbmsHandler.getDbs())`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.getTables:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTables(conf.dbmsHandler.getTables())`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-30 01:09:07 +04:00			`if conf.commonTables:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-29 03:59:00 +04:00			`if conf.getSchema:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
update regarding brute force retrieval of table names and table column names 2010-11-09 19:15:55 +03:00
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-30 01:09:07 +04:00			`if conf.getColumns:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-30 01:09:07 +04:00
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 04:22:22 +04:00			`if conf.getCount:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 04:22:22 +04:00
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-30 01:09:07 +04:00			`if conf.commonColumns:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-30 01:09:07 +04:00
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`if conf.dumpTable:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dbmsHandler.dumpTable()`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.dumpAll:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dbmsHandler.dumpAll()`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: * --search -D foobar: searches all database names like the ones provided * --search -T foobar: searches all databases' table names like the ones provided (soon) * --search -C foobar: replaces --dump -C 2010-05-07 17:40:57 +04:00			`if conf.search:`
Fixes #373 2019-02-21 03:10:43 +03:00			`try:`
			`conf.dbmsHandler.search()`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: * --search -D foobar: searches all database names like the ones provided * --search -T foobar: searches all databases' table names like the ones provided (soon) * --search -C foobar: replaces --dump -C 2010-05-07 17:40:57 +04:00
Minor update 2019-04-30 15:04:39 +03:00			`if conf.sqlQuery:`
Minor improvement 2019-11-26 15:36:06 +03:00			`for query in conf.sqlQuery.strip(';').split(';'):`
			`query = query.strip()`
			`if query:`
			`conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.sqlShell:`
			`conf.dbmsHandler.sqlShell()`

initial work for issue #33 2012-07-10 03:27:08 +04:00			`if conf.sqlFile:`
			`conf.dbmsHandler.sqlFile()`

Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00			`# User-defined function options`
			`if conf.udfInject:`
			`conf.dbmsHandler.udfInjectCustom()`

After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`# File system options`
Minor refactoring 2018-08-28 15:31:20 +03:00			`if conf.fileRead:`
			`conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
Minor refactoring 2018-08-28 15:31:20 +03:00			`if conf.fileWrite:`
			`conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
Implements #2908 2019-06-27 18:28:43 +03:00			`if conf.commonFiles:`
			`try:`
			`conf.dumper.rFile(fileExists(paths.COMMON_FILES))`
			`except SqlmapNoneDataException as ex:`
			`logger.critical(ex)`
			`except:`
			`raise`

Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`# Operating system options`
			`if conf.osCmd:`
			`conf.dbmsHandler.osCmd()`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
			`if conf.osShell:`
			`conf.dbmsHandler.osShell()`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`if conf.osPwn:`
			`conf.dbmsHandler.osPwn()`

			`if conf.osSmb:`
			`conf.dbmsHandler.osSmb()`

			`if conf.osBof:`
			`conf.dbmsHandler.osBof()`

Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00			`# Windows registry options`
			`if conf.regRead:`
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments. 2010-05-28 20:43:04 +04:00			`conf.dumper.registerValue(conf.dbmsHandler.regRead())`
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00
			`if conf.regAdd:`
			`conf.dbmsHandler.regAdd()`

			`if conf.regDel:`
			`conf.dbmsHandler.regDel()`

Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`# Miscellaneous options`
			`if conf.cleanup:`
			`conf.dbmsHandler.cleanup()`
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00
			`if conf.direct:`
			`conf.dbmsConnector.close()`