mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-23 15:54:24 +03:00
update
This commit is contained in:
Miroslav Stampar
parent
21d083272e
commit
36862e2efa
|
|
@ -1119,7 +1119,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
|||
logger.debug(debugMsg)
|
||||
|
||||
kb.absFilePaths = set()
|
||||
kb.assumeEmpty = False
|
||||
kb.authHeader = None
|
||||
kb.bannerFp = advancedDict()
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,13 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.shell import autoCompletion
|
||||
from lib.takeover.udf import UDF
|
||||
|
|
@ -35,7 +37,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
xp_cmdshell.__init__(self)
|
||||
|
||||
def execCmd(self, cmd, silent=False):
|
||||
if self.webBackdoorUrl and not kb.stackedTest:
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
|
|
@ -49,7 +51,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def evalCmd(self, cmd, first=None, last=None):
|
||||
if self.webBackdoorUrl and not kb.stackedTest:
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
return self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
|
|
@ -84,7 +86,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
self.execCmd(cmd)
|
||||
|
||||
def shell(self):
|
||||
if self.webBackdoorUrl and not kb.stackedTest:
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
infoMsg = "calling OS shell. To quit type "
|
||||
infoMsg += "'x' or 'q' and press ENTER"
|
||||
logger.info(infoMsg)
|
||||
|
|
|
|||
|
|
@ -11,12 +11,14 @@ import os
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapFilePathException
|
||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
|
@ -157,7 +159,7 @@ class UDF:
|
|||
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
|
||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
self.checkDbmsOs()
|
||||
|
|
|
|||
|
|
@ -279,26 +279,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
if conf.threadContinue:
|
||||
charStart = time.time()
|
||||
val = getChar(curidx)
|
||||
|
||||
if val is None:
|
||||
if not kb.assumeEmpty:
|
||||
iolock.acquire()
|
||||
|
||||
warnMsg = "failed to get character at index %d (expected %d total)." % (curidx, length)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
message = "assume empty character? [Y/n/a]"
|
||||
choice = readInput(message, default="Y")
|
||||
iolock.release()
|
||||
|
||||
if choice in ("a", "A"):
|
||||
kb.assumeEmpty = True
|
||||
elif not choice or choice in ("y", "Y"):
|
||||
pass # do nothing
|
||||
else:
|
||||
raise sqlmapValueException
|
||||
|
||||
val = ''
|
||||
val = '?'
|
||||
else:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,14 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import normalizePath
|
||||
from lib.core.common import ntToPosixSlashes
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import paths
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
|
@ -100,7 +102,7 @@ class Takeover(GenericTakeover):
|
|||
logger.debug("keeping existing UDF '%s' as requested" % udf)
|
||||
|
||||
def uncPathRequest(self):
|
||||
if not kb.stackedTest:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ from lib.core.common import getConsoleWidth
|
|||
from lib.core.common import getFileItems
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import parsePasswordHash
|
||||
from lib.core.common import parseSqliteTableSchema
|
||||
from lib.core.common import popValue
|
||||
|
|
@ -34,6 +35,7 @@ from lib.core.data import paths
|
|||
from lib.core.data import queries
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
|
@ -1758,7 +1760,7 @@ class Enumeration:
|
|||
|
||||
return output
|
||||
else:
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
warnMsg = "execution of custom SQL queries is only "
|
||||
warnMsg += "available when stacked queries are supported"
|
||||
logger.warn(warnMsg)
|
||||
|
|
|
|||
|
|
@ -13,12 +13,14 @@ import os
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToOutFile
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapUndefinedMethod
|
||||
from lib.request import inject
|
||||
|
||||
|
|
@ -254,8 +256,8 @@ class Filesystem:
|
|||
|
||||
self.checkDbmsOs()
|
||||
|
||||
if conf.direct or kb.stackedTest:
|
||||
if kb.stackedTest:
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
debugMsg = "going to read the file with stacked query SQL "
|
||||
debugMsg += "injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
|
@ -294,8 +296,8 @@ class Filesystem:
|
|||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
self.checkDbmsOs()
|
||||
|
||||
if conf.direct or kb.stackedTest:
|
||||
if kb.stackedTest:
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
debugMsg = "going to upload the %s file with " % fileType
|
||||
debugMsg += "stacked query SQL injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import normalizePath
|
||||
from lib.core.common import ntToPosixSlashes
|
||||
from lib.core.common import posixToNtSlashes
|
||||
|
|
@ -19,6 +20,7 @@ from lib.core.data import kb
|
|||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.session import setRemoteTempPath
|
||||
|
|
@ -94,7 +96,7 @@ class Miscellaneous:
|
|||
Cleanup database from sqlmap create tables and functions
|
||||
"""
|
||||
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
if kb.os == "Windows":
|
||||
|
|
|
|||
|
|
@ -9,12 +9,14 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import os
|
||||
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import runningAsAdmin
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapMissingDependence
|
||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||
from lib.core.exception import sqlmapMissingPrivileges
|
||||
|
|
@ -40,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
Abstraction.__init__(self)
|
||||
|
||||
def osCmd(self):
|
||||
if kb.stackedTest or conf.direct:
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
|
||||
infoMsg = "going to use a web backdoor for command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -61,9 +63,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.cleanup()
|
||||
|
||||
def osShell(self):
|
||||
if kb.stackedTest or conf.direct:
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
|
||||
infoMsg = "going to use a web backdoor for command prompt"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -149,7 +151,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.sysUdfs.pop("sys_bineval")
|
||||
|
||||
if kb.stackedTest or conf.direct:
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
|
||||
self.getRemoteTempPath()
|
||||
|
|
@ -204,7 +206,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadIcmpshSlave(web=web)
|
||||
self.icmpPwn()
|
||||
|
||||
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
|
||||
web = True
|
||||
|
||||
infoMsg = "going to use a web backdoor to establish the tunnel"
|
||||
|
|
@ -252,7 +254,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
errMsg += "relay attack"
|
||||
raise sqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ):
|
||||
errMsg = "on this back-end DBMS it is only possible to "
|
||||
errMsg += "perform the SMB relay attack if stacked "
|
||||
|
|
@ -294,7 +296,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.smb()
|
||||
|
||||
def osBof(self):
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ):
|
||||
|
|
@ -320,7 +322,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
raise sqlmapUndefinedMethod, errMsg
|
||||
|
||||
def __regInit(self):
|
||||
if not kb.stackedTest and not conf.direct:
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
self.checkDbmsOs()
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user