sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-30 01:50:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add support for --rw-dirs <rwDirs> cmd line argumant / conf file

Browse Source 
option. This allows one to fully automate commands where the default
upload directories cannot be used, as in:

$ sqlmap --batch --rw-dirs='/var/www/html/uploads' --os-cmd="ls;id" \
	-u 'http://nullbyte/kzMb5nVYJw/420search.php?usrtosearch=ramses'
This commit is contained in:
Mr.T_cpdump 2015-09-06 11:55:33 -04:00
parent b3fdbe24c2
commit 5ca0e11acb
3 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/parse/cmdline.py
View File

@ -566,6 +566,11 @@ def cmdLineParser():
help="Remote absolute path of temporary files " help="Remote absolute path of temporary files "
"directory") "directory")
takeover.add_option("--rw-dirs", dest="rwDirs",
help="Remote absolute path of writable "
"directories for overriding defaults "
"(comma separated if multiple)")
# Windows registry options # Windows registry options
windows = OptionGroup(parser, "Windows registry access", "These " windows = OptionGroup(parser, "Windows registry access", "These "
"options can be used to access the back-end " "options can be used to access the back-end "

8
lib/takeover/web.py
View File

@ -197,7 +197,13 @@ class Web:
self.webApi = choices[int(choice) - 1] self.webApi = choices[int(choice) - 1]
break break
directories = list(arrayizeValue(getManualDirectories())) # If specified in the conf file/cmd line then use those, else ask/use defaults for them
if conf.rwDirs:
logger.info("Trying to upload to user supplied dirs: %s" % conf.rwDirs)
directories = conf.rwDirs.split(',')
else:
directories = list(arrayizeValue(getManualDirectories()))
directories.extend(getAutoDirectories()) directories.extend(getAutoDirectories())
directories = list(oset(directories)) directories = list(oset(directories))

6
sqlmap.conf
View File

@ -606,6 +606,12 @@ msfPath =
# Valid: absolute file system path # Valid: absolute file system path
tmpPath = tmpPath =
# Remote absolute path of writable directories
# for overriding defaults (comma separated if
# multiple)
# E.g.: /var/www/html/uploads,/var/www/wordpress/images
rwDirs =
# These options can be used to access the back-end database management # These options can be used to access the back-end database management
# system Windows registry. # system Windows registry.