Added preventive check for stacked queries support when executing DDL,

DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
This commit is contained in:
Bernardo Damele 2008-12-19 20:48:33 +00:00
parent ad228e6947
commit 7e8ac16245
5 changed files with 39 additions and 18 deletions

View File

@ -2,6 +2,10 @@ sqlmap (0.6.4-1) stable; urgency=low
* Major improvement to the comparison algorithm to make it work also if * Major improvement to the comparison algorithm to make it work also if
the page content changes at each refresh; (work in progress) the page content changes at each refresh; (work in progress)
* Major enhancement to support SQL data definition statements, SQL data
manipulation statements, etc from user in SQL query and SQL shell if
stacked queries are supported by the web application technology in
use;
* Minor enhancement to support an option (--is-dba) to show if the * Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator; current user is a database management system administrator;
* Added support internally to forge CASE statements, used only by * Added support internally to forge CASE statements, used only by

View File

@ -522,7 +522,7 @@ def __setHTTPTimeout():
conf.timeout = 3.0 conf.timeout = 3.0
else: else:
conf.timeout = 10.0 conf.timeout = 30.0
socket.setdefaulttimeout(conf.timeout) socket.setdefaulttimeout(conf.timeout)

View File

@ -109,7 +109,7 @@ def cmdLineParser():
request.add_option("--timeout", dest="timeout", type="float", request.add_option("--timeout", dest="timeout", type="float",
help="Seconds to wait before timeout connection " help="Seconds to wait before timeout connection "
"(default 10)") "(default 30)")
# Injection options # Injection options

View File

@ -45,6 +45,7 @@ from lib.core.unescaper import unescaper
from lib.parse.banner import bannerParser from lib.parse.banner import bannerParser
from lib.request import inject from lib.request import inject
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.techniques.outband.stacked import stackedTest
class Enumeration: class Enumeration:
@ -1053,23 +1054,35 @@ class Enumeration:
break break
if sqlType: if selectQuery == True:
infoMsg = "fetching %s query output: '%s'" % (sqlType, query) infoMsg = "fetching %s query output: '%s'" % (sqlType, query)
else:
infoMsg = "fetching SQL query output: '%s'" % query
logger.info(infoMsg) logger.info(infoMsg)
if selectQuery == False:
# TODO: test if stacked queries are supported by the web
# application before injecting
inject.goStacked(query)
else:
output = inject.getValue(query, fromUser=True) output = inject.getValue(query, fromUser=True)
else:
if kb.stackedTest == None:
stackedTest()
if kb.stackedTest == False:
warnMsg = "the web application does not support "
warnMsg += "stacked queries"
logger.warn(warnMsg)
if output == "Quit":
return None return None
else: else:
if sqlType:
infoMsg = "executing %s query: '%s'" % (sqlType, query)
else:
infoMsg = "executing unknown SQL type query: '%s'" % query
logger.info(infoMsg)
inject.goStacked(query)
infoMsg = "done"
logger.info(infoMsg)
output = False
return output return output
@ -1105,5 +1118,9 @@ class Enumeration:
if output and output != "Quit": if output and output != "Quit":
dumper.string(query, output) dumper.string(query, output)
elif output == False:
pass
elif output != "Quit": elif output != "Quit":
print "No output" print "No output"

View File

@ -79,8 +79,8 @@ delay = 0
# Seconds to wait before timeout connection. # Seconds to wait before timeout connection.
# Valid: float # Valid: float
# Default: 10 # Default: 30
timeout = 10 timeout = 30
[Injection] [Injection]