sqlmap/lib/controller/action.py

248 lines
7.1 KiB
Python
Raw Permalink Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2023-01-03 01:24:59 +03:00
Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2008-10-15 19:38:22 +04:00
"""
from lib.controller.handler import setHandler
from lib.core.common import Backend
from lib.core.common import Format
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
2012-10-05 12:49:31 +04:00
from lib.core.data import logger
2010-09-30 16:35:45 +04:00
from lib.core.data import paths
2013-01-30 19:30:34 +04:00
from lib.core.enums import CONTENT_TYPE
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUnsupportedDBMSException
2008-10-15 19:38:22 +04:00
from lib.core.settings import SUPPORTED_DBMS
2017-04-18 14:53:41 +03:00
from lib.utils.brute import columnExists
2019-06-27 18:28:43 +03:00
from lib.utils.brute import fileExists
2017-04-18 14:53:41 +03:00
from lib.utils.brute import tableExists
2008-10-15 19:38:22 +04:00
def action():
"""
This function exploit the SQL injection on the affected
URL parameter and extract requested data from the
2008-10-15 19:38:22 +04:00
back-end database management system or operating system
if possible
"""
# First of all we have to identify the back-end database management
# system to be able to go ahead with the injection
setHandler()
2008-10-15 19:38:22 +04:00
if not Backend.getDbms() or not conf.dbmsHandler:
htmlParsed = Format.getErrorParsedDBMSes()
2008-10-15 19:38:22 +04:00
2011-04-30 17:20:05 +04:00
errMsg = "sqlmap was not able to fingerprint the "
2008-10-15 19:38:22 +04:00
errMsg += "back-end database management system"
if htmlParsed:
errMsg += ", but from the HTML error page it was "
errMsg += "possible to determinate that the "
2012-05-09 14:06:23 +04:00
errMsg += "back-end DBMS is %s" % htmlParsed
2008-10-15 19:38:22 +04:00
if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
errMsg += ". Do not specify the back-end DBMS manually, "
errMsg += "sqlmap will fingerprint the DBMS for you"
elif kb.nullConnection:
errMsg += ". You can try to rerun without using optimization "
errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")
2008-10-15 19:38:22 +04:00
raise SqlmapUnsupportedDBMSException(errMsg)
2008-10-15 19:38:22 +04:00
conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
2008-10-15 19:38:22 +04:00
2020-03-26 16:58:58 +03:00
kb.fingerprinted = True
2008-10-15 19:38:22 +04:00
# Enumeration options
if conf.getBanner:
conf.dumper.banner(conf.dbmsHandler.getBanner())
2008-10-15 19:38:22 +04:00
if conf.getCurrentUser:
conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())
2008-10-15 19:38:22 +04:00
if conf.getCurrentDb:
conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())
2008-10-15 19:38:22 +04:00
if conf.getHostname:
conf.dumper.hostname(conf.dbmsHandler.getHostname())
if conf.isDba:
conf.dumper.dba(conf.dbmsHandler.isDba())
2008-10-15 19:38:22 +04:00
if conf.getUsers:
conf.dumper.users(conf.dbmsHandler.getUsers())
2008-10-15 19:38:22 +04:00
2019-05-29 16:52:33 +03:00
if conf.getStatements:
conf.dumper.statements(conf.dbmsHandler.getStatements())
2008-10-15 19:38:22 +04:00
if conf.getPasswordHashes:
2012-10-05 12:49:31 +04:00
try:
2016-09-02 17:10:11 +03:00
conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
2019-01-22 02:40:48 +03:00
except SqlmapNoneDataException as ex:
2012-10-05 12:49:31 +04:00
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.getPrivileges:
2012-10-05 12:49:31 +04:00
try:
2016-09-02 17:10:11 +03:00
conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
2019-01-22 02:40:48 +03:00
except SqlmapNoneDataException as ex:
2012-10-05 12:49:31 +04:00
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.getRoles:
2012-10-05 12:49:31 +04:00
try:
2016-09-02 17:10:11 +03:00
conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
2019-01-22 02:40:48 +03:00
except SqlmapNoneDataException as ex:
2012-10-05 12:49:31 +04:00
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.getDbs:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbs(conf.dbmsHandler.getDbs())
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.getTables:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTables(conf.dbmsHandler.getTables())
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.commonTables:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.getSchema:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
if conf.getColumns:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
if conf.getCount:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
if conf.commonColumns:
2019-02-21 03:10:43 +03:00
try:
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.dumpTable:
2019-02-21 03:10:43 +03:00
try:
conf.dbmsHandler.dumpTable()
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.dumpAll:
2019-02-21 03:10:43 +03:00
try:
conf.dbmsHandler.dumpAll()
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2008-10-15 19:38:22 +04:00
if conf.search:
2019-02-21 03:10:43 +03:00
try:
conf.dbmsHandler.search()
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
2019-04-30 15:04:39 +03:00
if conf.sqlQuery:
2019-11-26 15:36:06 +03:00
for query in conf.sqlQuery.strip(';').split(';'):
query = query.strip()
if query:
conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))
2008-10-15 19:38:22 +04:00
if conf.sqlShell:
conf.dbmsHandler.sqlShell()
2012-07-10 03:27:08 +04:00
if conf.sqlFile:
conf.dbmsHandler.sqlFile()
# User-defined function options
if conf.udfInject:
conf.dbmsHandler.udfInjectCustom()
2008-10-15 19:38:22 +04:00
# File system options
2018-08-28 15:31:20 +03:00
if conf.fileRead:
conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))
2008-10-15 19:38:22 +04:00
2018-08-28 15:31:20 +03:00
if conf.fileWrite:
conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)
2019-06-27 18:28:43 +03:00
if conf.commonFiles:
try:
conf.dumper.rFile(fileExists(paths.COMMON_FILES))
except SqlmapNoneDataException as ex:
logger.critical(ex)
except:
raise
# Operating system options
if conf.osCmd:
conf.dbmsHandler.osCmd()
2008-10-15 19:38:22 +04:00
if conf.osShell:
conf.dbmsHandler.osShell()
if conf.osPwn:
conf.dbmsHandler.osPwn()
if conf.osSmb:
conf.dbmsHandler.osSmb()
if conf.osBof:
conf.dbmsHandler.osBof()
# Windows registry options
if conf.regRead:
conf.dumper.registerValue(conf.dbmsHandler.regRead())
if conf.regAdd:
conf.dbmsHandler.regAdd()
if conf.regDel:
conf.dbmsHandler.regDel()
# Miscellaneous options
if conf.cleanup:
conf.dbmsHandler.cleanup()
if conf.direct:
conf.dbmsConnector.close()