Merge remote-tracking branch 'sqlmapproject/master'

.travis.yml

@@ -0,0 +1,6 @@
+language: python
+python:
+    - "2.6"
+    - "2.7"
+script:
+    - python -c "import sqlmap; import sqlmapapi"

README.md

@@ -1,6 +1,6 @@
-sqlmap
-==
+# sqlmap
 
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
 
@@ -61,3 +61,4 @@ Translations
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
+* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)

doc/CHANGELOG.md

@@ -1,14 +1,12 @@
-# Version 1.0 (upcoming)
+# Version 1.0 (2016-02-27)
 
 * Implemented support for automatic decoding of page content through detected charset.
 * Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).
 * Major improvements to program stabilization based on user reports.
 * Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms.
-* Added support for setting Tor proxy type together with port.
 * Fixed major bug with DNS leaking in Tor mode.
 * Added wordlist compilation made of the most popular cracking dictionaries.
-* Added support for mnemonics substantially helping user with program setup.
-* Implemented multi-processor hash cracking routine(s) on Linux OS.
+* Implemented multi-processor hash cracking routine(s).
 * Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.
 * Old resume files are now deprecated and replaced by faster SQLite based session mechanism.
 * Substantial code optimization and smaller memory footprint.
@@ -31,6 +29,69 @@
 * Major improvements to switches `--tables` and `--columns`.
 * Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof.
 * Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header.
+* Added switch `-a` to enumerate all DBMS data.
+* Added option `--alert` to run host OS command(s) when SQL injection is found.
+* Added option `--answers` to set user answers to asked questions during sqlmap run.
+* Added option `--auth-file` to set HTTP authentication PEM cert/private key file.
+* Added option `--charset` to force character encoding used during data retrieval.
+* Added switch `--check-tor` to force checking of proper usage of Tor.
+* Added option `--code` to set HTTP code to match when query is evaluated to True.
+* Added option `--cookie-del` to set character to be used while splitting cookie values.
+* Added option `--crawl` to set the crawling depth for the website starting from the target URL.
+* Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `"logout"`).
+* Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token.
+* Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token.
+* Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`).
+* Added option `--dbms-cred` to set the DBMS authentication credentials (user:password).
+* Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies.
+* Added switch `--disable-coloring` to disable console output coloring.
+* Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s).
+* Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`).
+* Added option `--eval` for setting the Python code that will be evaluated before the request.
+* Added switch `--force-ssl` to force usage of SSL/HTTPS.
+* Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval.
+* Added option `-H` to set extra HTTP header (e.g. `"X-Forwarded-For: 127.0.0.1"`).
+* Added switch `-hh` for showing advanced help message.
+* Added option `--host` to set the HTTP Host header value.
+* Added switch `--hostname` to turn on retrieval of DBMS server hostname.
+* Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.
+* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection.
+* Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).
+* Added switch `--invalid-bignum` for usage of big numbers while invalidating values.
+* Added switch `--invalid-logical` for usage of logical operations while invalidating values.
+* Added switch `--invalid-string` for usage of random strings while invalidating values.
+* Added option `--load-cookies` to set the file containing cookies in Netscape/wget format.
+* Added option `-m` to set the textual file holding multiple targets for scanning purposes.
+* Added option `--method` to force usage of provided HTTP method (e.g. `PUT`).
+* Added switch `--no-cast` for turning off payload casting mechanism.
+* Added switch `--no-escape` for turning off string escaping mechanism.
+* Added option `--not-string` for setting string to be matched when query is evaluated to False.
+* Added switch `--offline` to force work in offline mode (i.e. only use session data).
+* Added option `--output-dir` to set custom output directory path.
+* Added option `--param-del` to set character used for splitting parameter values.
+* Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing).
+* Added option `--proxy-file` to set file holding proxy list.
+* Added switch `--purge-output` to turn on safe removal of all content(s) from output directory.
+* Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run.
+* Added option `--safe-post` to set POST data for sending to safe URL.
+* Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.
+* Added option `--skip` to skip testing of given parameter(s).
+* Added switch `--skip-static` to skip testing parameters that not appear dynamic.
+* Added switch `--skip-urlencode` to skip URL encoding of payload data.
+* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection.
+* Added switch `--smart` to conduct thorough tests only if positive heuristic(s).
+* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).
+* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.
+* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).
+* Added option `--test-skip` for skiping tests by payloads and/or titles (e.g. `BENCHMARK`).
+* Added switch `--titles` to turn on comparison of pages based only on their titles.
+* Added option `--tor-port` to explicitly set Tor proxy port.
+* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).
+* Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection.
+* Added option `--where` to set `WHERE` condition to be used during the table dumping.
+* Added option `-X` to exclude DBMS database table column(s) from enumeration.
+* Added option `-x` to set URL of sitemap(.xml) for target(s) parsing.
+* Added option `-z` for usage of short mnemonics (e.g. `"flu,bat,ban,tec=EU"`).
 
 # Version 0.9 (2011-04-10)
 

doc/translations/README-es-MX.md

@@ -1,5 +1,6 @@
-sqlmap
-== 
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
 

doc/translations/README-gr-GR.md

@@ -1,6 +1,6 @@
-sqlmap
-==
+# sqlmap
 
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
 

doc/translations/README-hr-HR.md

@@ -1,6 +1,6 @@
-sqlmap
-==
+# sqlmap
 
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
 

doc/translations/README-id-ID.md

@@ -1,5 +1,6 @@
-sqlmap
-==
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basisdata. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basisdata, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. 
 

doc/translations/README-pt-BR.md

@@ -1,5 +1,6 @@
-sqlmap
-==
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap é uma ferramenta de teste de penetração de código aberto que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de penetração por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
 

doc/translations/README-tr-TR.md

@@ -0,0 +1,56 @@
+# sqlmap
+
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
+
+
+Ekran görüntüleri
+----
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+
+İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
+
+
+Kurulum
+----
+
+[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.
+
+Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz
+
+    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap [Python](http://www.python.org/download/) sitesinde bulunan **2.6.x** and **2.7.x** versiyonları ile bütün platformlarda çalışabilmektedir.
+
+Kullanım
+----
+
+
+Bütün basit seçeneklerin listesini gösterir
+
+    python sqlmap.py -h
+
+Bütün seçenekleri gösterir
+
+    python sqlmap.py -hh
+
+Program ile ilgili örnekleri [burada](https://gist.github.com/stamparm/5335217) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki) bakmanızı tavsiye ediyoruz
+
+Links
+----
+
+* Anasayfa: http://sqlmap.org
+* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues
+* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki
+* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Mail listesi: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
+* Mail RSS takibi: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
+* Mail listesi arşivi: http://news.gmane.org/gmane.comp.security.sqlmap
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demolar: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
+* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

doc/translations/README-zh-CN.md

@@ -1,6 +1,6 @@
-sqlmap
-==
+# sqlmap
 
+[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
 sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过外带数据连接的方式执行操作系统命令。
 

extra/shutils/precommit-hook

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+SETTINGS="../../lib/core/settings.py"
+
+declare -x SCRIPTPATH="${0}"
+
+FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
+
+if [ -f $FULLPATH ]
+then
+    LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
+    declare -a LINE;
+    INCREMENTED=$(python -c "import re, sys; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
+    if [ -n "$INCREMENTED" ]
+    then
+        sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH
+        echo "Updated ${INCREMENTED} in ${FULLPATH}";
+    else
+        echo "Something went wrong in VERSION increment"
+        exit 1
+    fi
+fi;

lib/core/option.py

@@ -2165,7 +2165,6 @@ def _mergeOptions(inputOptions, overrideOptions):
         if hasattr(conf, key) and conf[key] is None:
             conf[key] = value
 
-
     lut = {}
     for group in optDict.keys():
         lut.update((_.upper(), _) for _ in optDict[group])

lib/core/settings.py

@@ -20,9 +20,10 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version and site
-VERSION = "1.0-dev"
+VERSION = "1.0.0.8"
 REVISION = getRevisionNumber()
-VERSION_STRING = "sqlmap/%s%s" % (VERSION, "-%s" % REVISION if REVISION else "-nongit-%s-%04x" % (time.strftime("%Y%m%d", time.gmtime(os.path.getmtime(__file__))), os.path.getsize(os.path.join(os.path.dirname(__file__), "common.py")) & 0xffff))
+STABLE = VERSION.count('.') <= 2
+VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
 DESCRIPTION = "automatic SQL injection and database takeover tool"
 SITE = "http://sqlmap.org"
 ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new"
@@ -35,7 +36,7 @@ BANNER = """\033[01;33m         _
 |_ -| . | |     | .'| . |
 |___|_  |_|_|_|_|__,|  _|
       |_|           |_|   \033[0m\033[4;37m%s\033[0m\n
-""" % ((31 + hash(REVISION) % 6) if REVISION else 30, VERSION_STRING.split('/')[-1], SITE)
+""" % ((31 + hash(VERSION) % 6) if not STABLE else 30, VERSION_STRING.split('/')[-1], SITE)
 
 # Minimum distance of ratio from kb.matchRatio to result in True
 DIFF_TOLERANCE = 0.05

lib/parse/cmdline.py

@@ -861,7 +861,7 @@ def cmdLineParser(argv=None):
                 if not command:
                     continue
                 elif command.lower() == "clear":
-                    clearHistory()                    
+                    clearHistory()
                     print "[i] history cleared"
                     saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)
                 elif command.lower() in ("x", "q", "exit", "quit"):

lib/parse/configfile.py

@@ -11,6 +11,7 @@ from lib.core.common import getUnicode
 from lib.core.common import openFile
 from lib.core.common import unArrayizeValue
 from lib.core.common import UnicodeRawConfigParser
+from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.exception import SqlmapMissingMandatoryOptionException
@@ -75,16 +76,14 @@ def configFileParser(configFile):
         errMsg = "missing a mandatory section 'Target' in the configuration file"
         raise SqlmapMissingMandatoryOptionException(errMsg)
 
-    condition = not config.has_option("Target", "direct")
-    condition &= not config.has_option("Target", "url")
-    condition &= not config.has_option("Target", "logFile")
-    condition &= not config.has_option("Target", "bulkFile")
-    condition &= not config.has_option("Target", "googleDork")
-    condition &= not config.has_option("Target", "requestFile")
-    condition &= not config.has_option("Target", "sitemapUrl")
-    condition &= not config.has_option("Target", "wizard")
+    mandatory = False
 
-    if condition:
+    for option in ("direct", "url", "logFile", "bulkFile", "googleDork", "requestFile", "sitemapUrl", "wizard"):
+        if config.has_option("Target", option) and config.get("Target", option) or cmdLineOptions.get(option):
+            mandatory = True
+            break
+
+    if not mandatory:
         errMsg = "missing a mandatory option in the configuration file "
         errMsg += "(direct, url, logFile, bulkFile, googleDork, requestFile, sitemapUrl or wizard)"
         raise SqlmapMissingMandatoryOptionException(errMsg)

lib/utils/api.py

@@ -622,14 +622,13 @@ def download(taskid, target, filename):
         logger.warning("[%s] Invalid task ID provided to download()" % taskid)
         return jsonize({"success": False, "message": "Invalid task ID"})
 
-    # Prevent file path traversal - the lame way
-    if ".." in target:
+    path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename))
+    # Prevent file path traversal
+    if not path.startswith(paths.SQLMAP_OUTPUT_PATH):
         logger.warning("[%s] Forbidden path (%s)" % (taskid, target))
         return jsonize({"success": False, "message": "Forbidden path"})
 
-    path = os.path.join(paths.SQLMAP_OUTPUT_PATH, target)
-
-    if os.path.exists(path):
+    if os.path.isfile(path):
         logger.debug("[%s] Retrieved content of file %s" % (taskid, target))
         with open(path, 'rb') as inf:
             file_content = inf.read()

lib/utils/hashdb.py

@@ -14,6 +14,7 @@ import time
 from lib.core.common import getSafeExString
 from lib.core.common import getUnicode
 from lib.core.common import serializeObject
+from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unserializeObject
 from lib.core.data import logger
 from lib.core.exception import SqlmapDataException
@@ -83,8 +84,8 @@ class HashDB(object):
                         if not any(_ in getSafeExString(ex) for _ in ("locked", "no such table")):
                             raise
                         else:
-                            debugMsg = "problem occurred while accessing session file '%s' ('%s')" % (self.filepath, getSafeExString(ex))
-                            logger.debug(debugMsg)
+                            warnMsg = "problem occurred while accessing session file '%s' ('%s')" % (self.filepath, getSafeExString(ex))
+                            singleTimeWarnMessage(warnMsg)
                     except sqlite3.DatabaseError, ex:
                         errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex))
                         errMsg += "If the problem persists please rerun with `--flush-session`"

plugins/dbms/mssqlserver/connector.py

@@ -41,7 +41,7 @@ class Connector(GenericConnector):
 
         try:
             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
-        except (pymssql.InterfaceError, pymssql.OperationalError), msg:
+        except (pymssql.ProgrammingError, pymssql.OperationalError, _mssql.MssqlDatabaseException), msg:
             raise SqlmapConnectionException(msg)
 
         self.initCursor()

plugins/dbms/sybase/connector.py

@@ -41,7 +41,7 @@ class Connector(GenericConnector):
 
         try:
             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
-        except pymssql.OperationalError, msg:
+        except (pymssql.ProgrammingError, pymssql.OperationalError, _mssql.MssqlDatabaseException), msg:
             raise SqlmapConnectionException(msg)
 
         self.initCursor()

tamper/escapequotes.py

@@ -19,8 +19,8 @@ def tamper(payload, **kwargs):
     """
     Slash escape quotes (' and ")
 
-    >>> tamper("1' AND SLEEP(5)#")
-    '1\' AND SLEEP(5)#'
+    >>> tamper('1" AND SLEEP(5)#')
+    '1\\\\" AND SLEEP(5)#'
     """
 
     return payload.replace("'", "\\'").replace('"', '\\"')

thirdparty/clientform/clientform.py

@@ -1139,7 +1139,11 @@ def _ParseFileEx(file, base_uri,
                 type, name, attrs, select_default=select_default, index=ii*10)
         forms.append(form)
     for form in forms:
-        form.fixup()
+        try:
+            form.fixup()
+        except AttributeError, ex:
+            if "item is disabled" not in str(ex):
+                raise
     return forms