sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

changes regarding Feature #160

Browse Source
This commit is contained in:
Miroslav Stampar 2010-09-26 14:02:13 +00:00
parent 99d9f9e624
commit 35f35605df
7 changed files with 100 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/action.py
View File

@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
from lib.controller.handler import setHandler
from lib.core.common import getHtmlErrorFp
from lib.core.common import dataToStdout
from lib.core.data import conf
from lib.core.data import kb
from lib.core.exception import sqlmapUnsupportedDBMSException
@ -64,7 +65,7 @@ def action():
raise sqlmapUnsupportedDBMSException, errMsg
print "%s\n" % conf.dbmsHandler.getFingerprint()
dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint())
# Techniques options
if conf.stackedTest:

14
lib/controller/controller.py
View File

@ -42,8 +42,6 @@ from lib.core.exception import sqlmapNotVulnerableException
from lib.core.session import setInjection
from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv
from lib.core.testing import smokeTest
from lib.core.testing import liveTest
from lib.utils.parenthesis import checkForParenthesis
def __selectInjection(injData):
@ -99,16 +97,6 @@ def start():
if conf.optimize:
conf.useCommonPrediction = conf.useNullConnection = conf.keepAlive = True
if conf.smokeTest:
smokeTest()
if conf.liveTest:
liveTest()
if conf.smokeTest or conf.liveTest:
return
if conf.direct:
initTargetEnv()
setupTargetEnv()
@ -173,7 +161,7 @@ def start():
if conf.useNullConnection:
checkNullConnection()
if not conf.dropSetCookie:
if not conf.dropSetCookie and conf.cj:
for _, cookie in enumerate(conf.cj):
cookie = getUnicode(cookie)
index = cookie.index(" for ")

12
lib/core/common.py
View File

@ -412,11 +412,12 @@ def filePathToString(filePath):
return strRepl
def dataToStdout(data):
try:
sys.stdout.write(data)
sys.stdout.flush()
except UnicodeEncodeError:
print data.encode(conf.dataEncoding)
if conf.verbose > 0:
try:
sys.stdout.write(data)
sys.stdout.flush()
except UnicodeEncodeError:
print data.encode(conf.dataEncoding)
def dataToSessionFile(data):
if not conf.sessionFile:
@ -659,6 +660,7 @@ def setPaths():
paths.FUZZ_VECTORS = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
paths.DETECTION_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml")

6
lib/core/option.py
View File

@ -1098,7 +1098,9 @@ def __setVerbosity():
conf.verbose = int(conf.verbose)
if conf.verbose == 1:
if conf.verbose == 0:
logger.setLevel(logging.CRITICAL)
elif conf.verbose == 1:
logger.setLevel(logging.INFO)
elif conf.verbose > 2 and conf.eta:
conf.verbose = 2
@ -1173,7 +1175,7 @@ def init(inputOptions=advancedDict()):
parseTargetUrl()
parseTargetDirect()
if conf.url or conf.list or conf.requestFile or conf.googleDork:
if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest:
__setHTTPTimeout()
__setHTTPExtraHeaders()
__setHTTPCookies()

68
lib/core/testing.py
View File

@ -21,15 +21,25 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import codecs
import logging
import os
import re
import sys
import tempfile
import time
from xml.dom import minidom
from lib.controller.controller import start
from lib.core.common import dataToStdout
from lib.core.common import getCompiledRegex
from lib.core.common import getConsoleWidth
from lib.core.data import conf
from lib.core.data import logger
from lib.core.data import paths
from lib.core.option import init
from lib.parse.cmdline import cmdLineParser
def smokeTest():
"""
@ -80,4 +90,60 @@ def liveTest():
"""
This will run the test of a program against the live testing environment
"""
pass
vars = {}
xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
livetests = minidom.parse(xfile).documentElement
xfile.close()
global_ = livetests.getElementsByTagName("global")
if global_:
for item in global_:
for child in item.childNodes:
if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
vars[child.tagName] = child.getAttribute("value")
for case in livetests.getElementsByTagName("case"):
log = []
session = []
switches = {}
if case.getElementsByTagName("switches"):
for child in case.getElementsByTagName("switches")[0].childNodes:
if child.nodeType == child.ELEMENT_NODE and child.hasAttribute("value"):
switches[child.tagName] = replaceVars(child.getAttribute("value"), vars)
if case.getElementsByTagName("log"):
for item in case.getElementsByTagName("log")[0].getElementsByTagName("item"):
if item.hasAttribute("value"):
log.append(replaceVars(item.getAttribute("value"), vars))
if case.getElementsByTagName("session"):
for item in case.getElementsByTagName("session")[0].getElementsByTagName("item"):
if item.hasAttribute("value"):
session.append(replaceVars(item.getAttribute("value"), vars))
runCase(switches, log, session)
def initCase():
paths.SQLMAP_OUTPUT_PATH = tempfile.mkdtemp()
paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
cmdLineOptions = cmdLineParser()
cmdLineOptions.liveTest = cmdLineOptions.smokeTest = False
init(cmdLineOptions)
conf.suppressOutput = True
logger.setLevel(logging.CRITICAL)
def runCase(switches, log=None, session=None):
initCase()
for key, value in switches.items():
conf[key] = value
start()
def replaceVars(item, vars):
retVal = item
if item and vars:
for var in re.findall(getCompiledRegex("\$\{([^}]+)\}"), item):
if var in vars:
retVal = retVal.replace("${%s}" % var, vars[var])
return retVal

10
sqlmap.py
View File

@ -54,6 +54,8 @@ from lib.core.exception import exceptionsTuple
from lib.core.exception import unhandledException
from lib.core.option import init
from lib.core.profiling import profile
from lib.core.testing import smokeTest
from lib.core.testing import liveTest
from lib.core.xmldump import closeDumper
from lib.parse.cmdline import cmdLineParser
@ -84,7 +86,11 @@ def main():
try:
init(cmdLineOptions)
if conf.profile:
profile()
profile()
elif conf.smokeTest:
smokeTest()
elif conf.liveTest:
liveTest()
else:
start()
except exceptionsTuple, e:
@ -107,7 +113,7 @@ def main():
except:
print
errMsg = unhandledException()
logger.error(errMsg)
logger.critical(errMsg)
traceback.print_exc()
closeDumper(False, errMsg)

14
xml/livetests.xml
View File

@ -2,12 +2,19 @@
<root>
<global>
<host value="172.16.104.130"/>
<host value="192.168.228.130"/>
</global>
<!-- Oracle -->
<!-- MySQL -->
<case>
<switches>
<url value="http://$host/sqlmap/oracle/get_int.php?id=1"/>
<url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/>
<getBanner value="True"/>
</switches>
</case>
<!-- Oracle
<case>
<switches>
<url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/>
<extensiveFp value="True"/>
<getUsers value="True"/>
</switches>
@ -20,4 +27,5 @@
<item value="[DBMS][Oracle]"/>
</session>
</case>
-->
</root>