Some more fixes and adjustments before 0.6.1 release.

2025-07-16 03:02:20 +03:00 · 2008-10-17 15:26:43 +00:00 · 2008-10-17 15:26:43 +00:00 · 016118ce7a
commit 016118ce7a
parent 1f3ffc8ef7
5 changed files with 28 additions and 34 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low

  * Major bug fix to blind SQL injection bisection algorithm to handle an
    exception;
-  * Written a Metasploit 3 auxiliary module to run sqlmap;
+  * Added a Metasploit 3 auxiliary module to run sqlmap;
  * Implemented possibility to test for and inject also on LIKE
    statements;
  * Implemented --start and --stop options to set the first and the last
--- a/extra/msfauxmod/README
+++ b/extra/msfauxmod/README
@ -35,7 +35,7 @@ Module options:
   Name         Current Setting                                                 Required  Description                                          
   ----         ---------------                                                 --------  -----------                                          
   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
-   DATA                                                              no        The data string to be sent through POST
+   BODY                                                                         no        The data string to be sent through POST              
   METHOD       GET                                                             yes       HTTP Method                                          
   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
@ -49,26 +49,25 @@ Module options:
   VHOST                                                                        no        HTTP server virtual host                             

 msf auxiliary(wmap_sqlmap) > run
-[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
+[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
 SQLMAP: 
 SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
 SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
 SQLMAP: 
-SQLMAP: [*] starting at: 01:31:41
+SQLMAP: [*] starting at: 16:23:19
 SQLMAP: 
-SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
+SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
 SQLMAP: back-end DBMS:  MySQL >= 5.0.0
 SQLMAP: 
 SQLMAP: current user:    'testuser@localhost'
 SQLMAP: 
-SQLMAP: available databases [4]:
+SQLMAP: available databases [3]:
 SQLMAP: [*] information_schema
 SQLMAP: [*] mysql
-SQLMAP: [*] privatedb
 SQLMAP: [*] test
 SQLMAP: 
 SQLMAP: 
-SQLMAP: [*] shutting down at: 01:31:44
+SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
--- a/extra/msfauxmod/wmap_sqlmap.rb
+++ b/extra/msfauxmod/wmap_sqlmap.rb
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
 				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
 				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
 				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
-				OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
+				OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
 				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
 				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), 
 				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", 'true' ])
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
 			return
 		end

-		data = datastore['DATA']
+		data = datastore['BODY']
 		method = datastore['METHOD'].upcase

 		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -98,9 +98,12 @@ class Connect:

        requestMsg += " HTTP/1.1"

+        if cookie:
+            cookie = urlencode(cookie).replace("%%", "%")
+
        try:
            # Perform HTTP request
-            headers        = forgeHeaders(urlencode(cookie).replace("%%", "%"), ua)
+            headers        = forgeHeaders(cookie, ua)
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -2,15 +2,7 @@

 # Target URL.
 # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
-url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
+url = 

 # Rather than providing a target url, let Google return target
 # hosts as result of your Google dork expression. For a list of Google