sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-26 07:59:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge f168a19d7a into 67ab79a625

Browse Source
This commit is contained in:
Vasilis Koulis 2023-11-25 23:19:42 -03:00 committed by GitHub
commit 64b38d0a85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/controller/controller.py
View File

@ -167,6 +167,38 @@ def _formatInjection(inj):
return data return data
def _formatDictInjection(inj):
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
data = {
"parameter": inj.parameter,
"paramtype": paramType,
"injection": []
}
for stype, sdata in inj.data.items():
title = sdata.title
vector = sdata.vector
comment = sdata.comment
payload = agent.adjustLateValues(sdata.payload)
if inj.place == PLACE.CUSTOM_HEADER:
payload = payload.split(',', 1)[1]
if stype == PAYLOAD.TECHNIQUE.UNION:
count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
title = re.sub(r"\d+ to \d+", str(count), title)
vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
if count == 1:
title = title.replace("columns", "column")
elif comment:
vector = "%s%s" % (vector, comment)
injection = {
"type": PAYLOAD.SQLINJECTION[stype],
"payload": urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus)),
"vector": vector
}
data["injection"].append(injection)
return data
def _showInjections(): def _showInjections():
if conf.wizard and kb.wizardMode: if conf.wizard and kb.wizardMode:
kb.wizardMode = False kb.wizardMode = False
@ -194,6 +226,18 @@ def _showInjections():
warnMsg += "included in shown payload content(s)" warnMsg += "included in shown payload content(s)"
logger.warning(warnMsg) logger.warning(warnMsg)
def _saveInjections():
data = [_formatDictInjection(inj) for inj in kb.injections]
if conf.jsonFile:
data = {
"url": conf.url,
"query": conf.parameters.get(PLACE.GET),
"data": conf.parameters.get(PLACE.POST),
"injections": data,
}
conf.dumper.json(conf.jsonFile, data)
def _randomFillBlankFields(value): def _randomFillBlankFields(value):
retVal = value retVal = value
@ -649,6 +693,7 @@ def start():
if place == PLACE.COOKIE: if place == PLACE.COOKIE:
kb.mergeCookies = popValue() kb.mergeCookies = popValue()
_saveInjections()
if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None): if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
if kb.vainRun and not conf.multipleTargets: if kb.vainRun and not conf.multipleTargets:
errMsg = "no parameter(s) found for testing in the provided data " errMsg = "no parameter(s) found for testing in the provided data "

4
lib/core/common.py
View File

@ -1071,6 +1071,10 @@ def dataToDumpFile(dumpFile, data):
errMsg = "error occurred when writing dump data to file ('%s')" % getUnicode(ex) errMsg = "error occurred when writing dump data to file ('%s')" % getUnicode(ex)
logger.error(errMsg) logger.error(errMsg)
def dataToJsonFile(jsonFile, data):
with open(jsonFile, 'w') as f:
f.write(json.dumps(data))
def dataToOutFile(filename, data): def dataToOutFile(filename, data):
""" """
Saves data to filename Saves data to filename

4
lib/core/dump.py
View File

@ -15,6 +15,7 @@ import threading
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import checkFile from lib.core.common import checkFile
from lib.core.common import dataToDumpFile from lib.core.common import dataToDumpFile
from lib.core.common import dataToJsonFile
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import filterNone from lib.core.common import filterNone
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
@ -143,6 +144,9 @@ class Dump(object):
else: else:
self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, six.string_types) else _)) self._write("%s: %s" % (header, ("'%s'" % _) if isinstance(data, six.string_types) else _))
def json(self, jsonFile, data):
dataToJsonFile(jsonFile, data)
def lister(self, header, elements, content_type=None, sort=True): def lister(self, header, elements, content_type=None, sort=True):
if elements and sort: if elements and sort:
try: try:

1
lib/core/optiondict.py
View File

@ -219,6 +219,7 @@ optDict = {
"crawlExclude": "string", "crawlExclude": "string",
"csvDel": "string", "csvDel": "string",
"dumpFile": "string", "dumpFile": "string",
"jsonFile": "string",
"dumpFormat": "string", "dumpFormat": "string",
"encoding": "string", "encoding": "string",
"eta": "boolean", "eta": "boolean",

3
lib/parse/cmdline.py
View File

@ -673,6 +673,9 @@ def cmdLineParser(argv=None):
general.add_argument("--dump-file", dest="dumpFile", general.add_argument("--dump-file", dest="dumpFile",
help="Store dumped data to a custom file") help="Store dumped data to a custom file")
general.add_argument("--json-file", dest="jsonFile",
help="Store json data to a custom file")
general.add_argument("--dump-format", dest="dumpFormat", general.add_argument("--dump-format", dest="dumpFormat",
help="Format of dumped data (CSV (default), HTML or SQLITE)") help="Format of dumped data (CSV (default), HTML or SQLITE)")

3
sqlmap.conf
View File

@ -753,6 +753,9 @@ csvDel = ,
# Store dumped data to a custom file. # Store dumped data to a custom file.
dumpFile = dumpFile =
# Store json data to a custom file.
jsonFile =
# Format of dumped data # Format of dumped data
# Valid: CSV, HTML or SQLITE # Valid: CSV, HTML or SQLITE
dumpFormat = CSV dumpFormat = CSV