Implementation for an Issue #293

2024-11-22 09:36:35 +03:00 · 2012-12-11 12:48:58 +01:00 · 2012-12-11 12:48:58 +01:00 · 5c2451d83c
commit 5c2451d83c
parent cb13735788
4 changed files with 20 additions and 3 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -12,6 +12,9 @@ import re
 import socket
 import time

+from subprocess import PIPE
+from subprocess import Popen as execute
+
 from extra.beep.beep import beep
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
@ -521,6 +524,13 @@ def checkSqlInjection(place, parameter, value):
                        if conf.beep:
                            beep()

+                        if conf.alert:
+                            infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
+                            logger.info(infoMsg)
+
+                            process = execute(conf.alert, shell=True)
+                            process.wait()
+
                        # There is no need to perform this test for other
                        # <where> tags
                        break
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -191,6 +191,7 @@ optDict = {

            "Miscellaneous": {
                               "mnemonics":         "string",
+                               "alert":             "string",
                               "answers":           "string",
                               "beep":              "boolean",
                               "checkPayload":      "boolean",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -603,6 +603,9 @@ def cmdLineParser():
        miscellaneous.add_option("-z", dest="mnemonics",
                               help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")

+        miscellaneous.add_option("--alert", dest="alert",
+                                  help="Run shell command(s) when SQL injection is found")
+
        miscellaneous.add_option("--answers", dest="answers",
                                  help="Set question answers (e.g. \"quit=N,follow=N\")")

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -650,13 +650,16 @@ updateAll = False

 [Miscellaneous]

-# Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
+# Use short mnemonics (e.g. "flu,bat,ban,tec=EU").
 mnemonics =

-# Set question answers (e.g. "quit=N,follow=N")
+# Run shell command(s) when SQL injection is found.
+alert =
+
+# Set question answers (e.g. "quit=N,follow=N").
 answers =

-# Make a beep sound when SQL injection is found
+# Make a beep sound when SQL injection is found.
 # Valid: True or False
 beep = False