mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-15 10:42:27 +03:00
Some more fixes and adjustments before 0.6.1 release.
This commit is contained in:
parent
1f3ffc8ef7
commit
016118ce7a
|
@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
|
||||||
|
|
||||||
* Major bug fix to blind SQL injection bisection algorithm to handle an
|
* Major bug fix to blind SQL injection bisection algorithm to handle an
|
||||||
exception;
|
exception;
|
||||||
* Written a Metasploit 3 auxiliary module to run sqlmap;
|
* Added a Metasploit 3 auxiliary module to run sqlmap;
|
||||||
* Implemented possibility to test for and inject also on LIKE
|
* Implemented possibility to test for and inject also on LIKE
|
||||||
statements;
|
statements;
|
||||||
* Implemented --start and --stop options to set the first and the last
|
* Implemented --start and --stop options to set the first and the last
|
||||||
|
|
|
@ -32,43 +32,42 @@ msf auxiliary(wmap_sqlmap) > show options
|
||||||
|
|
||||||
Module options:
|
Module options:
|
||||||
|
|
||||||
Name Current Setting Required Description
|
Name Current Setting Required Description
|
||||||
---- --------------- -------- -----------
|
---- --------------- -------- -----------
|
||||||
BATCH true yes Never ask for user input, use the default behaviour
|
BATCH true yes Never ask for user input, use the default behaviour
|
||||||
DATA no The data string to be sent through POST
|
BODY no The data string to be sent through POST
|
||||||
METHOD GET yes HTTP Method
|
METHOD GET yes HTTP Method
|
||||||
OPTS --dbs --current-user no The sqlmap options to use
|
OPTS --dbs --current-user no The sqlmap options to use
|
||||||
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
|
PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection
|
||||||
Proxies no Use a proxy chain
|
Proxies no Use a proxy chain
|
||||||
QUERY id=1 no HTTP GET query
|
QUERY id=1 no HTTP GET query
|
||||||
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
|
RHOSTS 192.168.1.121 yes The target address range or CIDR identifier
|
||||||
RPORT 80 yes The target port
|
RPORT 80 yes The target port
|
||||||
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
|
SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path
|
||||||
SSL false no Use SSL
|
SSL false no Use SSL
|
||||||
THREADS 1 yes The number of concurrent threads
|
THREADS 1 yes The number of concurrent threads
|
||||||
VHOST no HTTP server virtual host
|
VHOST no HTTP server virtual host
|
||||||
|
|
||||||
msf auxiliary(wmap_sqlmap) > run
|
msf auxiliary(wmap_sqlmap) > run
|
||||||
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
|
[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||||
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
|
SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: [*] starting at: 01:31:41
|
SQLMAP: [*] starting at: 16:23:19
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
|
SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
|
||||||
SQLMAP: back-end DBMS: MySQL >= 5.0.0
|
SQLMAP: back-end DBMS: MySQL >= 5.0.0
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: current user: 'testuser@localhost'
|
SQLMAP: current user: 'testuser@localhost'
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: available databases [4]:
|
SQLMAP: available databases [3]:
|
||||||
SQLMAP: [*] information_schema
|
SQLMAP: [*] information_schema
|
||||||
SQLMAP: [*] mysql
|
SQLMAP: [*] mysql
|
||||||
SQLMAP: [*] privatedb
|
|
||||||
SQLMAP: [*] test
|
SQLMAP: [*] test
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
SQLMAP: [*] shutting down at: 01:31:44
|
SQLMAP: [*] shutting down at: 16:23:21
|
||||||
SQLMAP:
|
SQLMAP:
|
||||||
[*] Auxiliary module execution completed
|
[*] Auxiliary module execution completed
|
||||||
msf auxiliary(wmap_sqlmap) >
|
msf auxiliary(wmap_sqlmap) >
|
||||||
|
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
|
OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]),
|
||||||
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
|
OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]),
|
||||||
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
|
OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
|
||||||
OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
|
OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
|
||||||
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
|
OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]),
|
||||||
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
|
OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]),
|
||||||
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", 'true' ])
|
OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", 'true' ])
|
||||||
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
data = datastore['DATA']
|
data = datastore['BODY']
|
||||||
method = datastore['METHOD'].upcase
|
method = datastore['METHOD'].upcase
|
||||||
|
|
||||||
sqlmap_url = (datastore['SSL'] ? "https" : "http")
|
sqlmap_url = (datastore['SSL'] ? "https" : "http")
|
||||||
|
|
|
@ -98,9 +98,12 @@ class Connect:
|
||||||
|
|
||||||
requestMsg += " HTTP/1.1"
|
requestMsg += " HTTP/1.1"
|
||||||
|
|
||||||
|
if cookie:
|
||||||
|
cookie = urlencode(cookie).replace("%%", "%")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Perform HTTP request
|
# Perform HTTP request
|
||||||
headers = forgeHeaders(urlencode(cookie).replace("%%", "%"), ua)
|
headers = forgeHeaders(cookie, ua)
|
||||||
req = urllib2.Request(url, post, headers)
|
req = urllib2.Request(url, post, headers)
|
||||||
conn = urllib2.urlopen(req)
|
conn = urllib2.urlopen(req)
|
||||||
|
|
||||||
|
|
10
sqlmap.conf
10
sqlmap.conf
|
@ -2,15 +2,7 @@
|
||||||
|
|
||||||
# Target URL.
|
# Target URL.
|
||||||
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
||||||
url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
|
url =
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
|
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
|
|
||||||
|
|
||||||
# Rather than providing a target url, let Google return target
|
# Rather than providing a target url, let Google return target
|
||||||
# hosts as result of your Google dork expression. For a list of Google
|
# hosts as result of your Google dork expression. For a list of Google
|
||||||
|
|
Loading…
Reference in New Issue
Block a user