mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Adding support for #3870
This commit is contained in:
parent
0e14647573
commit
3f1a8e81b4
|
@ -20,6 +20,7 @@ _defaults = {
|
|||
"level": 1,
|
||||
"risk": 1,
|
||||
"dumpFormat": "CSV",
|
||||
"tablePrefix": "sqlmap",
|
||||
"technique": "BEUSTQ",
|
||||
"torType": "SOCKS5",
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.8.11"
|
||||
VERSION = "1.3.8.12"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -807,9 +807,6 @@ BRUTE_DOC_ROOT_PREFIXES = {
|
|||
OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
|
||||
}
|
||||
|
||||
# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
|
||||
TAKEOVER_TABLE_PREFIX = "sqlmap"
|
||||
|
||||
# Suffixes used in brute force search for web server document root
|
||||
BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
|
||||
|
||||
|
|
|
@ -666,6 +666,9 @@ def cmdLineParser(argv=None):
|
|||
general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
|
||||
help="Skip heuristic detection of WAF/IPS protection")
|
||||
|
||||
general.add_argument("--table-prefix", dest="tablePrefix",
|
||||
help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix)
|
||||
|
||||
general.add_argument("--test-filter", dest="testFilter",
|
||||
help="Select tests by payloads and/or titles (e.g. ROW)")
|
||||
|
||||
|
|
|
@ -25,7 +25,6 @@ from lib.core.enums import CUSTOM_LOGGING
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import TIMEOUT_STATE
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.utils.timeout import timeout
|
||||
|
||||
|
@ -54,7 +53,7 @@ def direct(query, content=True):
|
|||
|
||||
if not select and "EXEC " not in query.upper():
|
||||
timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
|
||||
elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
|
||||
elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
|
||||
output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
|
||||
if state == TIMEOUT_STATE.NORMAL:
|
||||
hashDBWrite(query, output, True)
|
||||
|
|
|
@ -33,7 +33,6 @@ from lib.core.enums import DBMS
|
|||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import SqlmapUndefinedMethod
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.request import inject
|
||||
|
||||
|
@ -43,7 +42,7 @@ class Filesystem(object):
|
|||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
|
||||
self.fileTblName = "%sfile" % conf.tablePrefix
|
||||
self.tblField = "data"
|
||||
|
||||
def _checkFileLength(self, localFile, remoteFile, fileRead=False):
|
||||
|
|
|
@ -25,7 +25,6 @@ from lib.core.exception import SqlmapNotVulnerableException
|
|||
from lib.core.exception import SqlmapSystemException
|
||||
from lib.core.exception import SqlmapUndefinedMethod
|
||||
from lib.core.exception import SqlmapUnsupportedDBMSException
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.takeover.abstraction import Abstraction
|
||||
from lib.takeover.icmpsh import ICMPsh
|
||||
from lib.takeover.metasploit import Metasploit
|
||||
|
@ -37,7 +36,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry):
|
|||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
|
||||
self.cmdTblName = ("%soutput" % conf.tablePrefix)
|
||||
self.tblField = "data"
|
||||
|
||||
Abstraction.__init__(self)
|
||||
|
|
|
@ -776,6 +776,10 @@ scope =
|
|||
# Valid: True or False
|
||||
skipWaf = False
|
||||
|
||||
# Prefix used for temporary tables.
|
||||
# Default: sqlmap
|
||||
tablePrefix = sqlmap
|
||||
|
||||
# Select tests by payloads and/or titles (e.g. ROW)
|
||||
testFilter =
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user