added skeleton code for issue #34, still not usable

2024-11-22 01:26:42 +03:00 · 2012-07-02 00:22:34 +01:00 · 2012-07-02 00:22:34 +01:00 · 7b4ecd9df0
commit 7b4ecd9df0
parent 4736d46677
5 changed files with 37 additions and 3 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -558,6 +558,28 @@ def __findPageForms():

    findPageForms(page, conf.url, True, True)

+def __setDBMSAuthentication():
+    """
+    Check and set the DBMS authentication credentials to run statements as
+    another user, not the session user
+    """
+
+    if not conf.dCred:
+        return
+
+    debugMsg = "setting the DBMS authentication credentials"
+    logger.debug(debugMsg)
+
+    dCredRegExp = re.search("^(.+?):(.*?)$", conf.dCred)
+
+    if not dCredRegExp:
+        errMsg = "DBMS authentication credentials value must be in format "
+        errMsg += "username:password"
+        raise sqlmapSyntaxException, errMsg
+
+    conf.dbmsUsername = dCredRegExp.group(1)
+    conf.dbmsPassword = dCredRegExp.group(2)
+
 def __setMetasploit():
    if not conf.osPwn and not conf.osSmb and not conf.osBof:
        return
@ -1992,7 +2014,7 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
    __setOS()
    __setWriteFile()
    __setMetasploit()
-
+    __setDBMSAuthentication()
    loadPayloads()
    __setPrefixSuffix()
    update()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -167,6 +167,7 @@ optDict = {
                               "checkTor":          "boolean",
                               "crawlDepth":        "integer",
                               "csvDel":            "string",
+                               "dCred":             "string",
                               "eta":               "boolean",
                               "flushSession":      "boolean",
                               "forms":             "boolean",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -516,10 +516,13 @@ def cmdLineParser():
                                  help="Delimiting character used in CSV output "
                                  "(default \"%s\")" % defaults.csvDel)

+        general.add_option("--dbms-cred", dest="dCred",
+                            help="DBMS authentication credentials (user:password)")
+
        general.add_option("--eta", dest="eta",
                            action="store_true",
                            help="Display for each output the "
-                                      "estimated time of arrival")
+                                 "estimated time of arrival")

        general.add_option("--flush-session", dest="flushSession",
                            action="store_true",
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -479,7 +479,7 @@ def goStacked(expression, silent=False):
        return direct(expression)

    comment = queries[Backend.getIdentifiedDbms()].comment.query
-    query = agent.prefixQuery("; %s" % expression)
+    query = agent.prefixQuery(";%s" % expression)
    query = agent.suffixQuery("%s;%s" % (query, comment))
    payload = agent.payload(newValue=query)
    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -567,6 +567,14 @@ crawlDepth = 0
 # Default: ,
 csvDel = ,

+# DBMS authentication credentials (user:password). Useful if you want to
+# run SQL statements as another user, the back-end database management
+# system is PostgreSQL or Microsoft SQL Server and the parameter is
+# vulnerable by stacked queries SQL injection or you are connecting directly
+# to the DBMS (-d switch).
+# Syntax: username:password
+dCred = 
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False