added skeleton code for issue #34, still not usable

lib/core/option.py

@@ -558,6 +558,28 @@ def __findPageForms():
 
     findPageForms(page, conf.url, True, True)
 
+def __setDBMSAuthentication():
+    """
+    Check and set the DBMS authentication credentials to run statements as
+    another user, not the session user
+    """
+
+    if not conf.dCred:
+        return
+
+    debugMsg = "setting the DBMS authentication credentials"
+    logger.debug(debugMsg)
+
+    dCredRegExp = re.search("^(.+?):(.*?)$", conf.dCred)
+
+    if not dCredRegExp:
+        errMsg = "DBMS authentication credentials value must be in format "
+        errMsg += "username:password"
+        raise sqlmapSyntaxException, errMsg
+
+    conf.dbmsUsername = dCredRegExp.group(1)
+    conf.dbmsPassword = dCredRegExp.group(2)
+
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
         return
@@ -1992,7 +2014,7 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
     __setOS()
     __setWriteFile()
     __setMetasploit()
-
+    __setDBMSAuthentication()
     loadPayloads()
     __setPrefixSuffix()
     update()

lib/core/optiondict.py

@@ -167,6 +167,7 @@ optDict = {
                                "checkTor":          "boolean",
                                "crawlDepth":        "integer",
                                "csvDel":            "string",
+                               "dCred":             "string",
                                "eta":               "boolean",
                                "flushSession":      "boolean",
                                "forms":             "boolean",

lib/parse/cmdline.py

@@ -516,10 +516,13 @@ def cmdLineParser():
                                   help="Delimiting character used in CSV output "
                                   "(default \"%s\")" % defaults.csvDel)
 
+        general.add_option("--dbms-cred", dest="dCred",
+                            help="DBMS authentication credentials (user:password)")
+
         general.add_option("--eta", dest="eta",
                             action="store_true",
                             help="Display for each output the "
-                                      "estimated time of arrival")
+                                 "estimated time of arrival")
 
         general.add_option("--flush-session", dest="flushSession",
                             action="store_true",

lib/request/inject.py

@@ -479,7 +479,7 @@ def goStacked(expression, silent=False):
         return direct(expression)
 
     comment = queries[Backend.getIdentifiedDbms()].comment.query
-    query = agent.prefixQuery("; %s" % expression)
+    query = agent.prefixQuery(";%s" % expression)
     query = agent.suffixQuery("%s;%s" % (query, comment))
     payload = agent.payload(newValue=query)
     Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)

sqlmap.conf

@@ -567,6 +567,14 @@ crawlDepth = 0
 # Default: ,
 csvDel = ,
 
+# DBMS authentication credentials (user:password). Useful if you want to
+# run SQL statements as another user, the back-end database management
+# system is PostgreSQL or Microsoft SQL Server and the parameter is
+# vulnerable by stacked queries SQL injection or you are connecting directly
+# to the DBMS (-d switch).
+# Syntax: username:password
+dCred = 
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False