mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
added --tamper option
This commit is contained in:
parent
9a08f7feb8
commit
34580f56fc
|
@ -542,6 +542,45 @@ def __setDBMS():
|
|||
errMsg += "fingerprint it for you."
|
||||
raise sqlmapUnsupportedDBMSException, errMsg
|
||||
|
||||
def __setTamperingFunctions():
|
||||
"""
|
||||
Loads tampering functions from given module path(s).
|
||||
"""
|
||||
if conf.tamper:
|
||||
kb.tamperFunctions = []
|
||||
import inspect
|
||||
import sys
|
||||
for file in conf.tamper.split(';'):
|
||||
if not file:
|
||||
continue
|
||||
elif not os.path.exists(file):
|
||||
errMsg = "missing tampering module file '%s'" % file
|
||||
raise sqlmapFilePathException, errMsg
|
||||
elif os.path.splitext(file)[1] != '.py':
|
||||
errMsg = "tampering module file should have an extension '.py'"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
dirname, filename = os.path.split(file)
|
||||
dirname = os.path.abspath(dirname)
|
||||
if not os.path.exists(os.path.join(dirname, '__init__.py')):
|
||||
errMsg = "make sure that there is an empty file '__init__.py' "
|
||||
errMsg += "inside of tampering module directory '%s'" % dirname
|
||||
raise sqlmapGenericException, errMsg
|
||||
if dirname not in sys.path:
|
||||
sys.path.insert(0, dirname)
|
||||
try:
|
||||
module = __import__(filename[:-3])
|
||||
except ImportError, msg:
|
||||
raise sqlmapSyntaxException, "can't import module file '%s' (%s)" % (file, msg)
|
||||
|
||||
found = False
|
||||
for name, function in inspect.getmembers(module, inspect.isfunction):
|
||||
if name=="tamper" and function.func_code.co_argcount == 2:
|
||||
kb.tamperFunctions.append(function)
|
||||
found = True
|
||||
break
|
||||
if not found:
|
||||
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tampering module '%s'" % filename
|
||||
|
||||
def __setThreads():
|
||||
if not isinstance(conf.threads, int) or conf.threads <= 0:
|
||||
conf.threads = 1
|
||||
|
@ -1032,6 +1071,7 @@ def __setKnowledgeBaseAttributes():
|
|||
kb.queryCounter = 0
|
||||
kb.resumedQueries = {}
|
||||
kb.stackedTest = None
|
||||
kb.tamperFunctions = None
|
||||
kb.targetUrls = set()
|
||||
kb.testedParams = set()
|
||||
kb.timeTest = None
|
||||
|
@ -1185,6 +1225,7 @@ def init(inputOptions=advancedDict()):
|
|||
__basicOptionValidation()
|
||||
__setRequestFromFile()
|
||||
__setMultipleTargets()
|
||||
__setTamperingFunctions()
|
||||
|
||||
parseTargetUrl()
|
||||
parseTargetDirect()
|
||||
|
|
|
@ -204,6 +204,9 @@ def cmdLineParser():
|
|||
action="store_true", default=False,
|
||||
help="Use operator BETWEEN instead of default '>'")
|
||||
|
||||
injection.add_option("--tamper", dest="tamper",
|
||||
help="Use given module(s) for tampering injection data")
|
||||
|
||||
# Techniques options
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can "
|
||||
"be used to test for specific SQL injection "
|
||||
|
|
|
@ -306,6 +306,10 @@ class Connect:
|
|||
if not place:
|
||||
place = kb.injPlace
|
||||
|
||||
if kb.tamperFunctions:
|
||||
for function in kb.tamperFunctions:
|
||||
value = function(place, value)
|
||||
|
||||
if "GET" in conf.parameters:
|
||||
get = conf.parameters["GET"] if place != "GET" or not value else value
|
||||
|
||||
|
|
0
tamper/__init__.py
Normal file
0
tamper/__init__.py
Normal file
6
tamper/dummy.py
Normal file
6
tamper/dummy.py
Normal file
|
@ -0,0 +1,6 @@
|
|||
def tamper(place, value):
|
||||
print "Hi, World!"
|
||||
print value
|
||||
if place=="GET" and value:
|
||||
value=value.upper()
|
||||
return value
|
11
tamper/ifnull2ifisnull.py
Normal file
11
tamper/ifnull2ifisnull.py
Normal file
|
@ -0,0 +1,11 @@
|
|||
import re
|
||||
|
||||
#not finished (watch for number of parenthesis)
|
||||
#IFNULL(A,B) -> IF(ISNULL(A),B,A)
|
||||
def tamper(place, value):
|
||||
if value:
|
||||
if value.find("IFNULL") > -1:
|
||||
import pdb
|
||||
pdb.set_trace()
|
||||
value = re.sub(r"IFNULL(\(|%28)(?P<A>.+?)(,|%2C)(?P<B>.+?)(\)|%29)", lambda match: "IF%%28ISNULL%%28%s%%29%%2C%s%%2C%s%%29" % ("A="+match.group("A"), "B="+match.group("B"), "A="+match.group("A")), value)
|
||||
return value
|
Loading…
Reference in New Issue
Block a user