mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	Adding support for #3870
This commit is contained in:
		
							parent
							
								
									0e14647573
								
							
						
					
					
						commit
						3f1a8e81b4
					
				|  | @ -20,6 +20,7 @@ _defaults = { | ||||||
|     "level": 1, |     "level": 1, | ||||||
|     "risk": 1, |     "risk": 1, | ||||||
|     "dumpFormat": "CSV", |     "dumpFormat": "CSV", | ||||||
|  |     "tablePrefix": "sqlmap", | ||||||
|     "technique": "BEUSTQ", |     "technique": "BEUSTQ", | ||||||
|     "torType": "SOCKS5", |     "torType": "SOCKS5", | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ from lib.core.enums import OS | ||||||
| from thirdparty.six import unichr as _unichr | from thirdparty.six import unichr as _unichr | ||||||
| 
 | 
 | ||||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||||
| VERSION = "1.3.8.11" | VERSION = "1.3.8.12" | ||||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||||
|  | @ -807,9 +807,6 @@ BRUTE_DOC_ROOT_PREFIXES = { | ||||||
|     OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%") |     OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%") | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS) |  | ||||||
| TAKEOVER_TABLE_PREFIX = "sqlmap" |  | ||||||
| 
 |  | ||||||
| # Suffixes used in brute force search for web server document root | # Suffixes used in brute force search for web server document root | ||||||
| BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build") | BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build") | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -666,6 +666,9 @@ def cmdLineParser(argv=None): | ||||||
|         general.add_argument("--skip-waf", dest="skipWaf", action="store_true", |         general.add_argument("--skip-waf", dest="skipWaf", action="store_true", | ||||||
|             help="Skip heuristic detection of WAF/IPS protection") |             help="Skip heuristic detection of WAF/IPS protection") | ||||||
| 
 | 
 | ||||||
|  |         general.add_argument("--table-prefix", dest="tablePrefix", | ||||||
|  |             help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix) | ||||||
|  | 
 | ||||||
|         general.add_argument("--test-filter", dest="testFilter", |         general.add_argument("--test-filter", dest="testFilter", | ||||||
|             help="Select tests by payloads and/or titles (e.g. ROW)") |             help="Select tests by payloads and/or titles (e.g. ROW)") | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -25,7 +25,6 @@ from lib.core.enums import CUSTOM_LOGGING | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
| from lib.core.enums import EXPECTED | from lib.core.enums import EXPECTED | ||||||
| from lib.core.enums import TIMEOUT_STATE | from lib.core.enums import TIMEOUT_STATE | ||||||
| from lib.core.settings import TAKEOVER_TABLE_PREFIX |  | ||||||
| from lib.core.settings import UNICODE_ENCODING | from lib.core.settings import UNICODE_ENCODING | ||||||
| from lib.utils.timeout import timeout | from lib.utils.timeout import timeout | ||||||
| 
 | 
 | ||||||
|  | @ -54,7 +53,7 @@ def direct(query, content=True): | ||||||
| 
 | 
 | ||||||
|     if not select and "EXEC " not in query.upper(): |     if not select and "EXEC " not in query.upper(): | ||||||
|         timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) |         timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) | ||||||
|     elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query): |     elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query): | ||||||
|         output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) |         output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) | ||||||
|         if state == TIMEOUT_STATE.NORMAL: |         if state == TIMEOUT_STATE.NORMAL: | ||||||
|             hashDBWrite(query, output, True) |             hashDBWrite(query, output, True) | ||||||
|  |  | ||||||
|  | @ -33,7 +33,6 @@ from lib.core.enums import DBMS | ||||||
| from lib.core.enums import EXPECTED | from lib.core.enums import EXPECTED | ||||||
| from lib.core.enums import PAYLOAD | from lib.core.enums import PAYLOAD | ||||||
| from lib.core.exception import SqlmapUndefinedMethod | from lib.core.exception import SqlmapUndefinedMethod | ||||||
| from lib.core.settings import TAKEOVER_TABLE_PREFIX |  | ||||||
| from lib.core.settings import UNICODE_ENCODING | from lib.core.settings import UNICODE_ENCODING | ||||||
| from lib.request import inject | from lib.request import inject | ||||||
| 
 | 
 | ||||||
|  | @ -43,7 +42,7 @@ class Filesystem(object): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     def __init__(self): |     def __init__(self): | ||||||
|         self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX |         self.fileTblName = "%sfile" % conf.tablePrefix | ||||||
|         self.tblField = "data" |         self.tblField = "data" | ||||||
| 
 | 
 | ||||||
|     def _checkFileLength(self, localFile, remoteFile, fileRead=False): |     def _checkFileLength(self, localFile, remoteFile, fileRead=False): | ||||||
|  |  | ||||||
|  | @ -25,7 +25,6 @@ from lib.core.exception import SqlmapNotVulnerableException | ||||||
| from lib.core.exception import SqlmapSystemException | from lib.core.exception import SqlmapSystemException | ||||||
| from lib.core.exception import SqlmapUndefinedMethod | from lib.core.exception import SqlmapUndefinedMethod | ||||||
| from lib.core.exception import SqlmapUnsupportedDBMSException | from lib.core.exception import SqlmapUnsupportedDBMSException | ||||||
| from lib.core.settings import TAKEOVER_TABLE_PREFIX |  | ||||||
| from lib.takeover.abstraction import Abstraction | from lib.takeover.abstraction import Abstraction | ||||||
| from lib.takeover.icmpsh import ICMPsh | from lib.takeover.icmpsh import ICMPsh | ||||||
| from lib.takeover.metasploit import Metasploit | from lib.takeover.metasploit import Metasploit | ||||||
|  | @ -37,7 +36,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     def __init__(self): |     def __init__(self): | ||||||
|         self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX) |         self.cmdTblName = ("%soutput" % conf.tablePrefix) | ||||||
|         self.tblField = "data" |         self.tblField = "data" | ||||||
| 
 | 
 | ||||||
|         Abstraction.__init__(self) |         Abstraction.__init__(self) | ||||||
|  |  | ||||||
|  | @ -776,6 +776,10 @@ scope = | ||||||
| # Valid: True or False | # Valid: True or False | ||||||
| skipWaf = False | skipWaf = False | ||||||
| 
 | 
 | ||||||
|  | # Prefix used for temporary tables. | ||||||
|  | # Default: sqlmap | ||||||
|  | tablePrefix = sqlmap | ||||||
|  | 
 | ||||||
| # Select tests by payloads and/or titles (e.g. ROW) | # Select tests by payloads and/or titles (e.g. ROW) | ||||||
| testFilter = | testFilter = | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user