sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
c00ea7f5e5
sqlmap/lib/core/session.py

600 lines
23 KiB
Python
Raw Normal View History

After the storm, a restore..
2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
propsets..
2008-10-15 19:56:32 +04:00
$Id$
After the storm, a restore..
2008-10-15 19:38:22 +04:00
large commit with copyright header modifications
2010-10-14 18:41:14 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
sorry, cosmetics
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
import re
from lib.core.common import dataToSessionFile
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
from lib.core.common import formatFingerprintString
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
from lib.core.datatype import injectionDict
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
from lib.core.enums import PAYLOAD
further refactoring (all enumerations are now put into enums.py)
2010-11-08 12:20:02 +03:00
from lib.core.enums import PLACE
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import ORACLE_ALIASES
After the storm, a restore..
2008-10-15 19:38:22 +04:00
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
def safeFormatString(value):
retVal = value
if retVal:
retVal = retVal.replace("[", "__LEFT_SQUARE_BRACKET__").replace("]", "__RIGHT_SQUARE_BRACKET__")
return retVal
def unSafeFormatString(value):
retVal = value
if retVal:
retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]")
return retVal
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def setString():
"""
Save string to match in session file.
"""
condition = (
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 19:31:02 +04:00
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("String") )
After the storm, a restore..
2008-10-15 19:38:22 +04:00
)
if condition:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, safeFormatString(conf.string)))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
def setRegexp():
"""
Save regular expression to match in session file.
"""
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Regular expression") )
)
if condition:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, safeFormatString(conf.regexp)))
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
def setMatchRatio():
condition = (
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
2010-11-12 13:31:42 +03:00
isinstance(conf.matchRatio, (int, float))
and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and not
kb.resumedQueries[conf.url].has_key("Match ratio") ) )
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Match ratio][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), conf.matchRatio))
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
def setInjection(inj):
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
Save information retrieved about injection place and parameter in the
session file.
"""
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
if inj.place == PLACE.UA:
inj.parameter = conf.agent
After the storm, a restore..
2008-10-15 19:38:22 +04:00
condition = (
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
( not kb.resumedQueries
After the storm, a restore..
2008-10-15 19:38:22 +04:00
or ( kb.resumedQueries.has_key(conf.url) and
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
( not kb.resumedQueries[conf.url].has_key("Injection point")
After the storm, a restore..
2008-10-15 19:38:22 +04:00
or not kb.resumedQueries[conf.url].has_key("Injection parameter")
) ) )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place))
dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter))
dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype]))
dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix))
dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
for stype, sdata in inj.data.items():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
dataToSessionFile("[%s][%s][%s][Injection title][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[0]))
dataToSessionFile("[%s][%s][%s][Injection payload][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[1]))
dataToSessionFile("[%s][%s][%s][Injection where][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[2]))
dataToSessionFile("[%s][%s][%s][Injection comment][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[3]))
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def setDbms(dbms):
"""
@param dbms: database management system to be set into the knowledge
base as fingerprint.
@type dbms: C{str}
"""
condition = (
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 19:31:02 +04:00
not kb.resumedQueries
After the storm, a restore..
2008-10-15 19:38:22 +04:00
or ( kb.resumedQueries.has_key(conf.url) and
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 19:31:02 +04:00
not kb.resumedQueries[conf.url].has_key("DBMS") )
After the storm, a restore..
2008-10-15 19:38:22 +04:00
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][DBMS][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(dbms)))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
"|".join([alias for alias in MYSQL_ALIASES]),
"|".join([alias for alias in PGSQL_ALIASES]),
"|".join([alias for alias in ORACLE_ALIASES]))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
dbmsRegExp = re.search("^%s" % firstRegExp, dbms, re.I)
if dbmsRegExp:
dbms = dbmsRegExp.group(1)
kb.dbms = dbms
Minor adjustments
2008-12-31 00:24:01 +03:00
logger.info("the back-end DBMS is %s" % kb.dbms)
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
def setOs():
"""
Example of kb.bannerFp dictionary:
{
'sp': set(['Service Pack 4']),
'dbmsVersion': '8.00.194',
'dbmsServicePack': '0',
'distrib': set(['2000']),
'dbmsRelease': '2000',
'type': set(['Windows'])
}
"""
infoMsg = ""
condition = (
not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("OS") )
)
if not kb.bannerFp:
return
if "type" in kb.bannerFp:
kb.os = formatFingerprintString(kb.bannerFp["type"])
infoMsg = "the back-end DBMS operating system is %s" % kb.os
if "distrib" in kb.bannerFp:
kb.osVersion = formatFingerprintString(kb.bannerFp["distrib"])
infoMsg += " %s" % kb.osVersion
if "sp" in kb.bannerFp:
kb.osSP = int(formatFingerprintString(kb.bannerFp["sp"]).replace("Service Pack ", ""))
elif "sp" not in kb.bannerFp and kb.os == "Windows":
kb.osSP = 0
Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks!
2009-07-29 14:44:24 +04:00
if kb.os and kb.osVersion and kb.osSP:
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
infoMsg += " Service Pack %d" % kb.osSP
if infoMsg:
logger.info(infoMsg)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][OS][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(kb.os)))
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
def setBooleanBased(place, parameter, payload):
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Boolean-based blind injection") )
)
if condition:
dataToSessionFile("[%s][%s][%s][Boolean-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
def setStacked(place, parameter, payload):
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Stacked queries") )
)
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
if condition:
dataToSessionFile("[%s][%s][%s][Stacked queries][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
def setError(place, parameter, payload):
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Error-based injection") )
)
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Error-based injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
def setTimeBased(place, parameter, payload):
more update regarding error based injection support
2010-10-19 22:17:34 +04:00
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
not kb.resumedQueries[conf.url].has_key("Time-based blind injection") )
more update regarding error based injection support
2010-10-19 22:17:34 +04:00
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
more update regarding error based injection support
2010-10-19 22:17:34 +04:00
Store and resume also UNION char to session file (--union-char)
2010-12-01 13:59:58 +03:00
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, char=None, payload=None):
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
@param comment: union comment to save in session file
@type comment: C{str}
@param count: union count to save in session file
@type count: C{str}
@param position: union position to save in session file
@type position: C{str}
"""
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
if comment:
After the storm, a restore..
2008-10-15 19:38:22 +04:00
condition = (
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 19:31:02 +04:00
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
not kb.resumedQueries[conf.url].has_key("Union comment") )
After the storm, a restore..
2008-10-15 19:38:22 +04:00
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union comment][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(comment)))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
kb.unionComment = comment
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
if count:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Union count") )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union count][%d]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), count))
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
kb.unionCount = count
Major bug fix to --union-test
2010-10-26 03:39:55 +04:00
if position is not None:
After the storm, a restore..
2008-10-15 19:38:22 +04:00
condition = (
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 19:31:02 +04:00
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
not kb.resumedQueries[conf.url].has_key("Union position") )
After the storm, a restore..
2008-10-15 19:38:22 +04:00
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union position][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), position))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
kb.unionPosition = position
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
if negative:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union negative")
) )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union negative][Yes]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place])))
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
kb.unionNegative = True
if falseCond:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union false condition")
) )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union false condition][Yes]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place])))
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
kb.unionFalseCond = True
Store and resume also UNION char to session file (--union-char)
2010-12-01 13:59:58 +03:00
if char:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union char")
) )
)
if condition:
dataToSessionFile("[%s][%s][%s][Union char][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), char))
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file.
2010-11-14 02:24:41 +03:00
if payload:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union payload")
) )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Union payload][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), payload))
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file.
2010-11-14 02:24:41 +03:00
kb.unionTest = payload
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
def setRemoteTempPath():
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Remote temp path") )
)
if condition:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath)))
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def resumeConfKb(expression, url, value):
if expression == "String" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
string = unSafeFormatString(value[:-1])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming string match '%s' from session file" % string
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logger.info(logMsg)
if string and ( not conf.string or string != conf.string ):
if not conf.string:
message = "you did not provide any string to match. "
else:
message = "The string you provided does not match "
message += "the resumed string. "
message += "Do you want to use the resumed string "
message += "to be matched in page when the query "
message += "is valid? [Y/n] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
conf.string = string
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
elif expression == "Regular expression" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
regexp = unSafeFormatString(value[:-1])
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming regular expression match '%s' from session file" % regexp
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 22:06:31 +03:00
logger.info(logMsg)
if regexp and ( not conf.regexp or regexp != conf.regexp ):
if not conf.regexp:
message = "you did not provide any regular expression "
message += "to match. "
else:
message = "The regular expression you provided does not "
message += "match the resumed regular expression. "
message += "Do you want to use the resumed regular expression "
message += "to be matched in page when the query "
message += "is valid? [Y/n] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
conf.regexp = regexp
little update (--ratio has a bigger priority then resumed value)
2010-08-10 23:57:59 +04:00
elif expression == "Match ratio" and url == conf.url and conf.matchRatio is None:
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
matchRatio = value[:-1]
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming match ratio '%s' from session file" % matchRatio
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
logger.info(logMsg)
minor update :)
2010-11-19 12:02:44 +03:00
try:
Little precaution
2010-11-18 17:32:52 +03:00
conf.matchRatio = round(float(matchRatio), 3)
minor update :)
2010-11-19 12:02:44 +03:00
except ValueError:
pass
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
After the storm, a restore..
2008-10-15 19:38:22 +04:00
elif expression == "Injection point" and url == conf.url:
injPlace = value[:-1]
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming injection point '%s' from session file" % injPlace
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logger.info(logMsg)
if not conf.paramDict.has_key(injPlace):
warnMsg = "none of the parameters you provided "
warnMsg += "matches the resumable injection point. "
warnMsg += "sqlmap is going to reidentify the "
warnMsg += "injectable point"
logger.warn(warnMsg)
else:
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
if kb.injection.place is not None and kb.injection.parameter is not None:
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
kb.injections.append(kb.injection)
kb.injection = injectionDict()
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
kb.injection.place = injPlace
After the storm, a restore..
2008-10-15 19:38:22 +04:00
elif expression == "Injection parameter" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
injParameter = unSafeFormatString(value[:-1])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming injection parameter '%s' from session file" % injParameter
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logger.info(logMsg)
condition = (
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
not conf.paramDict.has_key(kb.injection.place) or
not conf.paramDict[kb.injection.place].has_key(injParameter)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
)
if condition:
warnMsg = "none of the parameters you provided "
warnMsg += "matches the resumable injection parameter. "
warnMsg += "sqlmap is going to reidentify the "
warnMsg += "injectable point"
logger.warn(warnMsg)
else:
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
kb.injection.parameter = injParameter
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
elif expression == "Injection parameter type" and url == conf.url:
kb.injection.ptype = unSafeFormatString(value[:-1])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming injection parameter type '%s' from session file" % kb.injection.ptype
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logger.info(logMsg)
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
elif expression == "Injection prefix" and url == conf.url:
kb.injection.prefix = unSafeFormatString(value[:-1])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming injection prefix '%s' from session file" % kb.injection.prefix
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 21:10:54 +03:00
logger.info(logMsg)
elif expression == "Injection suffix" and url == conf.url:
kb.injection.suffix = unSafeFormatString(value[:-1])
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix
logger.info(logMsg)
elif expression == "Injection type" and url == conf.url:
stype = unSafeFormatString(value[:-1])
kb.injection.data[stype] = []
logMsg = "resuming injection type '%s' from session file" % stype
logger.info(logMsg)
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
elif expression == "Injection title" and url == conf.url:
title = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(title)
logMsg = "resuming injection title '%s' from session file" % title
logger.info(logMsg)
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
elif expression == "Injection payload" and url == conf.url:
payload = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(payload)
logMsg = "resuming injection payload '%s' from session file" % payload
logger.info(logMsg)
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
elif expression == "Injection where" and url == conf.url:
where = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(where)
logMsg = "resuming injection where '%s' from session file" % where
logger.info(logMsg)
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
elif expression == "Injection comment" and url == conf.url:
comment = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(comment)
logMsg = "resuming injection comment '%s' from session file" % comment
logger.info(logMsg)
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logger.info(logMsg)
elif expression == "DBMS" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
dbms = unSafeFormatString(value[:-1])
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
dbms = dbms.lower()
dbmsVersion = None
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming back-end DBMS '%s' " % dbms
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logMsg += "from session file"
logger.info(logMsg)
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
"|".join([alias for alias in MYSQL_ALIASES]),
"|".join([alias for alias in PGSQL_ALIASES]),
"|".join([alias for alias in ORACLE_ALIASES]))
After the storm, a restore..
2008-10-15 19:38:22 +04:00
dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms)
if dbmsRegExp:
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
dbms = dbmsRegExp.group(1)
dbmsVersion = [ dbmsRegExp.group(2) ]
After the storm, a restore..
2008-10-15 19:38:22 +04:00
if conf.dbms and conf.dbms.lower() != dbms:
message = "you provided '%s' as back-end DBMS, " % conf.dbms
message += "but from a past scan information on the target URL "
message += "sqlmap assumes the back-end DBMS is %s. " % dbms
message += "Do you really want to force the back-end "
message += "DBMS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
kb.dbms = dbms
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
kb.dbmsVersion = dbmsVersion
After the storm, a restore..
2008-10-15 19:38:22 +04:00
else:
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
kb.dbms = dbms
Minor bug fix to --dbms, updated user's manual
2009-07-09 15:05:24 +04:00
kb.dbmsVersion = dbmsVersion
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
elif expression == "OS" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
os = unSafeFormatString(value[:-1])
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming back-end DBMS operating system '%s' " % os
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
logMsg += "from session file"
logger.info(logMsg)
if conf.os and conf.os.lower() != os.lower():
message = "you provided '%s' as back-end DBMS operating " % conf.os
message += "system, but from a past scan information on the "
message += "target URL sqlmap assumes the back-end DBMS "
message += "operating system is %s. " % os
message += "Do you really want to force the back-end DBMS "
message += "OS value? [y/N] "
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
conf.os = os
else:
conf.os = os
After the storm, a restore..
2008-10-15 19:38:22 +04:00
elif expression == "Union comment" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
kb.unionComment = unSafeFormatString(value[:-1])
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming union comment "
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logMsg += "'%s' from session file" % kb.unionComment
logger.info(logMsg)
elif expression == "Union count" and url == conf.url:
kb.unionCount = int(value[:-1])
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming union count "
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logMsg += "%s from session file" % kb.unionCount
logger.info(logMsg)
elif expression == "Union position" and url == conf.url:
kb.unionPosition = int(value[:-1])
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming union position "
After the storm, a restore..
2008-10-15 19:38:22 +04:00
logMsg += "%s from session file" % kb.unionPosition
logger.info(logMsg)
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
elif expression == "Union negative" and url == conf.url:
kb.unionNegative = True if value[:-1] == "Yes" else False
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
logMsg = "resuming union negative from session file"
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
logger.info(logMsg)
elif expression == "Union false condition" and url == conf.url:
kb.unionFalseCond = True if value[:-1] == "Yes" else False
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 20:55:43 +03:00
logMsg = "resuming union false condition from session file"
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 18:39:29 +03:00
logger.info(logMsg)
Store and resume also UNION char to session file (--union-char)
2010-12-01 13:59:58 +03:00
elif expression == "Union char" and url == conf.url:
conf.uChar = value[:-1]
logMsg = "resuming union char %s from session file" % conf.uChar
logger.info(logMsg)
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file.
2010-11-14 02:24:41 +03:00
elif expression == "Union payload" and url == conf.url:
kb.unionTest = value[:-1]
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming union payload "
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file.
2010-11-14 02:24:41 +03:00
logMsg += "%s from session file" % kb.unionTest
logger.info(logMsg)
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
elif expression == "Remote temp path" and url == conf.url:
bug fix (reported by james@ev6.net)
2010-10-11 00:51:11 +04:00
conf.tmpPath = unSafeFormatString(value[:-1])
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.
2010-11-29 04:04:42 +03:00
logMsg = "resuming remote absolute path of temporary "
Updated to sqlmap 0.7 release candidate 1
2009-04-22 15:48:07 +04:00
logMsg += "files directory '%s' from session file" % conf.tmpPath
logger.info(logMsg)
Reference in New Issue Copy Permalink