Adding support for #3870

2024-11-22 01:26:42 +03:00 · 2019-08-13 15:22:02 +02:00 · 2019-08-13 15:22:02 +02:00 · 3f1a8e81b4
commit 3f1a8e81b4
parent 0e14647573
7 changed files with 12 additions and 10 deletions
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@ -20,6 +20,7 @@ _defaults = {
    "level": 1,
    "risk": 1,
    "dumpFormat": "CSV",
+    "tablePrefix": "sqlmap",
    "technique": "BEUSTQ",
    "torType": "SOCKS5",
 }
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.8.11"
+VERSION = "1.3.8.12"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -807,9 +807,6 @@ BRUTE_DOC_ROOT_PREFIXES = {
    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }

-# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
-TAKEOVER_TABLE_PREFIX = "sqlmap"
-
 # Suffixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -666,6 +666,9 @@ def cmdLineParser(argv=None):
        general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
            help="Skip heuristic detection of WAF/IPS protection")

+        general.add_argument("--table-prefix", dest="tablePrefix",
+            help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix)
+
        general.add_argument("--test-filter", dest="testFilter",
            help="Select tests by payloads and/or titles (e.g. ROW)")

--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@ -25,7 +25,6 @@ from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import TIMEOUT_STATE
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.utils.timeout import timeout

@ -54,7 +53,7 @@ def direct(query, content=True):

    if not select and "EXEC " not in query.upper():
        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
-    elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
+    elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
        if state == TIMEOUT_STATE.NORMAL:
            hashDBWrite(query, output, True)
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -33,7 +33,6 @@ from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapUndefinedMethod
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.request import inject

@ -43,7 +42,7 @@ class Filesystem(object):
    """

    def __init__(self):
-        self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
+        self.fileTblName = "%sfile" % conf.tablePrefix
        self.tblField = "data"

    def _checkFileLength(self, localFile, remoteFile, fileRead=False):
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -25,7 +25,6 @@ from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUndefinedMethod
 from lib.core.exception import SqlmapUnsupportedDBMSException
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.takeover.abstraction import Abstraction
 from lib.takeover.icmpsh import ICMPsh
 from lib.takeover.metasploit import Metasploit
@ -37,7 +36,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry):
    """

    def __init__(self):
-        self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
+        self.cmdTblName = ("%soutput" % conf.tablePrefix)
        self.tblField = "data"

        Abstraction.__init__(self)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -776,6 +776,10 @@ scope =
 # Valid: True or False
 skipWaf = False

+# Prefix used for temporary tables.
+# Default: sqlmap
+tablePrefix = sqlmap
+
 # Select tests by payloads and/or titles (e.g. ROW)
 testFilter =