sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some more fixes and adjustments before 0.6.1 release.

Browse Source
This commit is contained in:
Bernardo Damele 2008-10-17 15:26:43 +00:00
parent 1f3ffc8ef7
commit 016118ce7a
5 changed files with 28 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/ChangeLog
View File

@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
* Major bug fix to blind SQL injection bisection algorithm to handle an
exception;
* Written a Metasploit 3 auxiliary module to run sqlmap;
* Added a Metasploit 3 auxiliary module to run sqlmap;
* Implemented possibility to test for and inject also on LIKE
statements;
* Implemented --start and --stop options to set the first and the last

41
extra/msfauxmod/README
View File

@ -32,43 +32,42 @@ msf auxiliary(wmap_sqlmap) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
BATCH true yes Never ask for user input, use the default behaviour
DATA no The data string to be sent through POST
METHOD GET yes HTTP Method
OPTS --dbs --current-user no The sqlmap options to use
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
Proxies no Use a proxy chain
QUERY id=1 no HTTP GET query
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
RPORT 80 yes The target port
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
SSL false no Use SSL
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
Name Current Setting Required Description
---- --------------- -------- -----------
BATCH true yes Never ask for user input, use the default behaviour
BODY no The data string to be sent through POST
METHOD GET yes HTTP Method
OPTS --dbs --current-user no The sqlmap options to use
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
Proxies no Use a proxy chain
QUERY id=1 no HTTP GET query
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
RPORT 80 yes The target port
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
SSL false no Use SSL
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
msf auxiliary(wmap_sqlmap) > run
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
SQLMAP:
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
SQLMAP:
SQLMAP: [*] starting at: 01:31:41
SQLMAP: [*] starting at: 16:23:19
SQLMAP:
SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
SQLMAP: back-end DBMS: MySQL >= 5.0.0
SQLMAP:
SQLMAP: current user: 'testuser@localhost'
SQLMAP:
SQLMAP: available databases [4]:
SQLMAP: available databases [3]:
SQLMAP: [*] information_schema
SQLMAP: [*] mysql
SQLMAP: [*] privatedb
SQLMAP: [*] test
SQLMAP:
SQLMAP:
SQLMAP: [*] shutting down at: 01:31:44
SQLMAP: [*] shutting down at: 16:23:21
SQLMAP:
[*] Auxiliary module execution completed
msf auxiliary(wmap_sqlmap) >

4
extra/msfauxmod/wmap_sqlmap.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", 'true' ])
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
return
end
data = datastore['DATA']
data = datastore['BODY']
method = datastore['METHOD'].upcase
sqlmap_url = (datastore['SSL'] ? "https" : "http")

5
lib/request/connect.py
View File

@ -98,9 +98,12 @@ class Connect:
requestMsg += " HTTP/1.1"
if cookie:
cookie = urlencode(cookie).replace("%%", "%")
try:
# Perform HTTP request
headers = forgeHeaders(urlencode(cookie).replace("%%", "%"), ua)
headers = forgeHeaders(cookie, ua)
req = urllib2.Request(url, post, headers)
conn = urllib2.urlopen(req)

10
sqlmap.conf
View File

@ -2,15 +2,7 @@
# Target URL.
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
url =
# Rather than providing a target url, let Google return target
# hosts as result of your Google dork expression. For a list of Google