From 5c2451d83c34d857acc165ba3861b15c1ff21f6c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 11 Dec 2012 12:48:58 +0100
Subject: [PATCH] Implementation for an Issue #293

---
 lib/controller/checks.py | 10 ++++++++++
 lib/core/optiondict.py   |  1 +
 lib/parse/cmdline.py     |  3 +++
 sqlmap.conf              |  9 ++++++---
 4 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 6c3c8ba2e..eea596db6 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -12,6 +12,9 @@ import re
 import socket
 import time
 
+from subprocess import PIPE
+from subprocess import Popen as execute
+
 from extra.beep.beep import beep
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
@@ -521,6 +524,13 @@ def checkSqlInjection(place, parameter, value):
                         if conf.beep:
                             beep()
 
+                        if conf.alert:
+                            infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
+                            logger.info(infoMsg)
+
+                            process = execute(conf.alert, shell=True)
+                            process.wait()
+
                         # There is no need to perform this test for other
                         # <where> tags
                         break
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index fae83d2fe..5d30794b1 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -191,6 +191,7 @@ optDict = {
 
             "Miscellaneous": {
                                "mnemonics":         "string",
+                               "alert":             "string",
                                "answers":           "string",
                                "beep":              "boolean",
                                "checkPayload":      "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 0d3e3f642..8c4d19755 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -603,6 +603,9 @@ def cmdLineParser():
         miscellaneous.add_option("-z", dest="mnemonics",
                                help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
 
+        miscellaneous.add_option("--alert", dest="alert",
+                                  help="Run shell command(s) when SQL injection is found")
+
         miscellaneous.add_option("--answers", dest="answers",
                                   help="Set question answers (e.g. \"quit=N,follow=N\")")
 
diff --git a/sqlmap.conf b/sqlmap.conf
index 52ac36fb7..55857cf83 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -650,13 +650,16 @@ updateAll = False
 
 [Miscellaneous]
 
-# Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
+# Use short mnemonics (e.g. "flu,bat,ban,tec=EU").
 mnemonics =
 
-# Set question answers (e.g. "quit=N,follow=N")
+# Run shell command(s) when SQL injection is found.
+alert =
+
+# Set question answers (e.g. "quit=N,follow=N").
 answers =
 
-# Make a beep sound when SQL injection is found
+# Make a beep sound when SQL injection is found.
 # Valid: True or False
 beep = False