diff --git a/lib/core/common.py b/lib/core/common.py index ec39124ac..8989f4ed2 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3228,7 +3228,7 @@ def maskSensitiveData(msg): retVal = getUnicode(msg) - for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))): + for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))): regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item)) while extractRegexResult(regex, retVal): value = extractRegexResult(regex, retVal) diff --git a/lib/core/option.py b/lib/core/option.py index a48f5cc34..6c3a8fa3f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2277,7 +2277,7 @@ def _setTrafficOutputFP(): conf.trafficFP = openFile(conf.trafficFile, "w+") def _setDNSServer(): - if not conf.dnsName: + if not conf.dnsDomain: return infoMsg = "setting up DNS server instance" diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 3c8337717..a8d90d48f 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -106,7 +106,7 @@ optDict = { "uCols": "string", "uChar": "string", "uFrom": "string", - "dnsName": "string", + "dnsDomain": "string", "secondOrder": "string", }, diff --git a/lib/core/settings.py b/lib/core/settings.py index d6c624aa4..d72059f28 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.0.10.52" +VERSION = "1.0.10.53" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -398,7 +398,7 @@ HASH_MOD_ITEM_DISPLAY = 11 MAX_INT = sys.maxint # Options that need to be restored in multiple targets run mode -RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user") +RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user") # Parameters to be ignored in detection phase (upper case) IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index e247df969..c3244a99d 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -364,7 +364,7 @@ def cmdLineParser(argv=None): techniques.add_option("--union-from", dest="uFrom", help="Table to use in FROM part of UNION query SQL injection") - techniques.add_option("--dns-domain", dest="dnsName", + techniques.add_option("--dns-domain", dest="dnsDomain", help="Domain name used for DNS exfiltration attack") techniques.add_option("--second-order", dest="secondOrder", diff --git a/lib/request/inject.py b/lib/request/inject.py index 75bf95260..ec4ae468d 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -57,7 +57,7 @@ from lib.techniques.union.use import unionUse def _goDns(payload, expression): value = None - if conf.dnsName and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None: + if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None: if kb.dnsTest is None: dnsTest(payload) @@ -293,7 +293,7 @@ def _goBooleanProxy(expression): initTechnique(kb.technique) - if conf.dnsName: + if conf.dnsDomain: query = agent.prefixQuery(kb.injection.data[kb.technique].vector) query = agent.suffixQuery(query) payload = agent.payload(newValue=query) @@ -413,7 +413,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser count += 1 found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE - if found and conf.dnsName: + if found and conf.dnsDomain: _ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items()))) warnMsg = "option '--dns-domain' will be ignored " warnMsg += "as faster techniques are usable " diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 6ef664829..e40e43a11 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -24,7 +24,7 @@ def dnsTest(payload): if not kb.dnsTest: errMsg = "data retrieval through DNS channel failed" if not conf.forceDns: - conf.dnsName = None + conf.dnsDomain = None errMsg += ". Turning off DNS exfiltration support" logger.error(errMsg) else: diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 1e4216ef3..86d5bfcba 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -46,7 +46,7 @@ def dnsUse(payload, expression): count = 0 offset = 1 - if conf.dnsName and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL): + if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL): output = hashDBRetrieve(expression, checkConf=True) if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None: @@ -69,7 +69,7 @@ def dnsUse(payload, expression): nulledCastedField = agent.hexConvertField(nulledCastedField) expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) - expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName) + expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain) expressionUnescaped = unescaper.escape(expressionRequest) if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): @@ -111,7 +111,7 @@ def dnsUse(payload, expression): debugMsg = "performed %d queries in %.2f seconds" % (count, calculateDeltaSeconds(start)) logger.debug(debugMsg) - elif conf.dnsName: + elif conf.dnsDomain: warnMsg = "DNS data exfiltration method through SQL injection " warnMsg += "is currently not available for DBMS %s" % Backend.getIdentifiedDbms() singleTimeWarnMessage(warnMsg) diff --git a/sqlmap.conf b/sqlmap.conf index bd6ce400e..b8961289b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -377,7 +377,7 @@ uFrom = # Domain name used for DNS exfiltration attack # Valid: string -dnsName = +dnsDomain = # Resulting page URL searched for second-order response # Valid: string diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b674b5a1c..37ce14d17 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -26,7 +26,7 @@ ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py 04f16204c899438dc7599a9a8426bfee lib/core/agent.py eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py -01c42757ab2928edcf62789e94397d1c lib/core/common.py +7e424aadf807efa352733fb95a6ab431 lib/core/common.py 5680d0c446a3bed5c0f2a0402d031557 lib/core/convert.py e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py 1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py @@ -38,14 +38,14 @@ b218e03ef7426fb0414881b05add1092 lib/core/enums.py e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py 91c514013daa796e2cdd940389354eac lib/core/log.py -468ca9a68a5a40a1cb8395602083ba32 lib/core/optiondict.py -470577bfa701af901b29fbc837c5d537 lib/core/option.py +d027df65e7cbb99758daf77aaa6ab61c lib/core/optiondict.py +814b261b06f12d54a9e6c5b62a2402f8 lib/core/option.py 7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -e39defdec6e34d32ab82541c88d64880 lib/core/settings.py +c211b7b7ed1f4d628961e9e9457899da lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py @@ -56,7 +56,7 @@ d43f059747ffd48952922c94152e2a07 lib/core/testing.py 8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py -cbca40e76a5a6e93c9fb523f69a99d88 lib/parse/cmdline.py +344781507a052d4d37157c5017f670ba lib/parse/cmdline.py 8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py 8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py @@ -72,7 +72,7 @@ d4d52c1073c75a6eecd2ebb98b670b96 lib/request/direct.py 1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py 70ceefe39980611494d4f99afb96f652 lib/request/httpshandler.py cc9c82cfffd8ee9b25ba3af6284f057e lib/request/__init__.py -aa155f8b27d56485d3ff15efa5e1b07a lib/request/inject.py +62aff2a7bdd43f6e4d33385f57ec3e4c lib/request/inject.py 3fc323d525beddd14cd4d4dca4934fa8 lib/request/methodrequest.py 585a6705cfac79f795b835affb80c901 lib/request/pkihandler.py b2ffd261947994f4a4af555d468b4970 lib/request/rangehandler.py @@ -91,8 +91,8 @@ cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/blind/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/brute/__init__.py d36effffe64e63ef9b3be490f850e2cc lib/techniques/brute/use.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/dns/__init__.py -b658a1df33fd967c0b6d82911383abda lib/techniques/dns/test.py -4033bdb9e6973ee814fb68d3cf9e710c lib/techniques/dns/use.py +99484ca6f1c12dac031e6a0ebef33ef1 lib/techniques/dns/test.py +77b414d35fd13c8ba6aa171d5d420dc9 lib/techniques/dns/use.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/error/__init__.py 4a1fb475f4a193e2cac48c8c038f5677 lib/techniques/error/use.py cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/__init__.py