sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

updates, fixes and stuff

Browse Source
This commit is contained in:
Miroslav Stampar 2010-03-30 11:06:30 +00:00
parent f04449be03
commit 87d8c6719e
7 changed files with 82 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/core/common.py
View File

@ -606,15 +606,21 @@ def parseTargetDirect():
details = None details = None
for dbms in SUPPORTED_DBMS: for dbms in SUPPORTED_DBMS:
details = re.search("^(%s)://(.+?)\:(.+?)\@(.+?)\:([\d]+)\/(.+?)$" % dbms, conf.direct, re.I) details = re.search("^(?P<dbms>%s)://(?P<optional>(?P<dbmsUser>.+?)\:(?P<dbmsPass>.+?)\@(?P<hostname>.+?)\:(?P<port>[\d]+)\/)?(?P<dbmsDb>.+?)$" % dbms, conf.direct, re.I)
if details: if details:
conf.dbms = details.group(1) conf.dbms = details.group('dbms')
conf.dbmsUser = details.group(2) if details.group('optional'):
conf.dbmsPass = details.group(3) conf.dbmsUser = details.group('dbmsUser')
conf.hostname = details.group(4) conf.dbmsPass = details.group('dbmsPass')
conf.port = int(details.group(5)) conf.hostname = details.group('hostname')
conf.dbmsDb = details.group(6) conf.port = int(details.group('port'))
else:
conf.dbmsUser = str()
conf.dbmsPass = str()
conf.hostname = "localhost"
conf.port = 0
conf.dbmsDb = details.group('dbmsDb')
conf.parameters[None] = "direct connection" conf.parameters[None] = "direct connection"

59
plugins/dbms/access/connector.py
View File

@ -22,14 +22,67 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
""" """
try:
import pyodbc
except ImportError, _:
pass
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
""" """
Homepage: Homepage: http://pyodbc.googlecode.com/
User guide: User guide: http://code.google.com/p/pyodbc/wiki/GettingStarted
API: API: http://code.google.com/p/pyodbc/w/list
Debian package: python-pyodbc
License: MIT
""" """
def __init__(self): def __init__(self):
GenericConnector.__init__(self) GenericConnector.__init__(self)
def connect(self):
self.initConnection()
try:
self.connector = pyodbc.connect(driver='{Microsoft Access Driver (*.mdb)}', dbq=self.db)
except pyodbc.OperationalError, msg:
raise sqlmapConnectionException, msg[1]
self.setCursor()
self.connected()
def fetchall(self):
try:
return self.cursor.fetchall()
except pyodbc.OperationalError, msg:
logger.log(8, msg[1])
return None
def execute(self, query):
logger.debug(query)
try:
self.cursor.execute(query)
except pyodbc.OperationalError, msg:
logger.log(8, msg[1])
except pyodbc.Error, msg:
raise sqlmapConnectionException, msg[1]
self.connector.commit()
def select(self, query):
self.cursor.execute(query)
return self.cursor.fetchall()
def setCursor(self):
self.cursor = self.connector.cursor()
def close(self):
self.cursor.close()
self.connector.close()

3
plugins/dbms/access/fingerprint.py
View File

@ -143,6 +143,9 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing Microsoft Access" logMsg = "testing Microsoft Access"
logger.info(logMsg) logger.info(logMsg)
if conf.direct:
conf.dbmsConnector.connect()
payload = agent.fullPayload(" AND VAL(CVAR(1))=1") payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
result = Request.queryPage(payload) result = Request.queryPage(payload)

4
plugins/dbms/firebird/connector.py
View File

@ -74,8 +74,8 @@ class Connector(GenericConnector):
self.connector.commit() self.connector.commit()
def select(self, query): def select(self, query):
self.execute(query) self.cursor.execute(query)
return self.fetchall() return self.cursor.fetchall()
def setCursor(self): def setCursor(self):
self.cursor = self.connector.cursor() self.cursor = self.connector.cursor()

3
plugins/dbms/firebird/fingerprint.py
View File

@ -127,6 +127,9 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing Firebird" logMsg = "testing Firebird"
logger.info(logMsg) logger.info(logMsg)
if conf.direct:
conf.dbmsConnector.connect()
randInt = randomInt() randInt = randomInt()
payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt)) payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))

4
plugins/dbms/sqlite/connector.py
View File

@ -78,8 +78,8 @@ class Connector(GenericConnector):
self.connector.commit() self.connector.commit()
def select(self, query): def select(self, query):
self.execute(query) self.cursor.execute(query)
return self.fetchall() return self.cursor.fetchall()
def setCursor(self): def setCursor(self):
self.cursor = self.connector.cursor() self.cursor = self.connector.cursor()

3
plugins/dbms/sqlite/fingerprint.py
View File

@ -93,6 +93,9 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing SQLite" logMsg = "testing SQLite"
logger.info(logMsg) logger.info(logMsg)
if conf.direct:
conf.dbmsConnector.connect()
payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()") payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
result = Request.queryPage(payload) result = Request.queryPage(payload)