From 8fe37f3564f9f45f1de63e0a1cf32534be628ca3 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 15 Feb 2019 17:08:55 +0100
Subject: [PATCH] Update for #3486

---
 lib/core/settings.py          | 13 ++++++++++++-
 lib/request/direct.py         |  3 ++-
 plugins/generic/filesystem.py |  3 ++-
 plugins/generic/takeover.py   |  3 ++-
 txt/checksum.md5              |  8 ++++----
 5 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 062671ba0..ab0a61af0 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.2.21"
+VERSION = "1.3.2.22"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -773,6 +773,9 @@ BRUTE_DOC_ROOT_PREFIXES = {
     OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }
 
+# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
+TAKEOVER_TABLE_PREFIX = "sqlmap"
+
 # Suffixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
 
@@ -809,3 +812,11 @@ th{
     font-size:12px;
 }
 </style>"""
+
+# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)
+
+for key, value in os.environ.items():
+    if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):
+        _ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()
+        if _ in globals():
+            globals()[_] = value
diff --git a/lib/request/direct.py b/lib/request/direct.py
index c4a8a5b22..3a0dea4eb 100644
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -25,6 +25,7 @@ from lib.core.enums import CUSTOM_LOGGING
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import TIMEOUT_STATE
+from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.utils.timeout import timeout
 
@@ -53,7 +54,7 @@ def direct(query, content=True):
 
     if not select and "EXEC " not in query.upper():
         timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
-    elif not (output and "sqlmapoutput" not in query and "sqlmapfile" not in query):
+    elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
         output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
         if state == TIMEOUT_STATE.NORMAL:
             hashDBWrite(query, output, True)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index 257b2deec..740109211 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -28,6 +28,7 @@ from lib.core.enums import CHARSET_TYPE
 from lib.core.enums import EXPECTED
 from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapUndefinedMethod
+from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.request import inject
 
@@ -37,7 +38,7 @@ class Filesystem:
     """
 
     def __init__(self):
-        self.fileTblName = "sqlmapfile"
+        self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
         self.tblField = "data"
 
     def _checkFileLength(self, localFile, remoteFile, fileRead=False):
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index 426de1211..3f2092f93 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -24,6 +24,7 @@ from lib.core.exception import SqlmapNotVulnerableException
 from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUndefinedMethod
 from lib.core.exception import SqlmapUnsupportedDBMSException
+from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.takeover.abstraction import Abstraction
 from lib.takeover.icmpsh import ICMPsh
 from lib.takeover.metasploit import Metasploit
@@ -37,7 +38,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
     """
 
     def __init__(self):
-        self.cmdTblName = "sqlmapoutput"
+        self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
         self.tblField = "data"
 
         Abstraction.__init__(self)
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 837ad56ce..6f6da31b0 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb  lib/core/readlineng.py
 7d8a22c582ad201f65b73225e4456170  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-7ba3ce7dc1e4c29923c3b72f0a5b5ae2  lib/core/settings.py
+8b2b5526b9a22e010342ff8f37e1cb15  lib/core/settings.py
 4483b4a5b601d8f1c4281071dff21ecc  lib/core/shell.py
 10fd19b0716ed261e6d04f311f6f527c  lib/core/subprocessng.py
 43772ea73e9e3d446f782af591cb4eda  lib/core/target.py
@@ -73,7 +73,7 @@ e4ea70bcd461f5176867dcd89d372386  lib/request/basicauthhandler.py
 97b7577fdfe3d8537fe9ea3a070d0507  lib/request/basic.py
 fc25d951217077fe655ed2a3a81552ae  lib/request/comparison.py
 2fde12a95133b26699e26a5c56311c38  lib/request/connect.py
-7cba86090b02558f04c6692cef66e772  lib/request/direct.py
+43005bd6a78e9cf0f3ed2283a1cb122e  lib/request/direct.py
 2b7509ba38a667c61cefff036ec4ca6f  lib/request/dns.py
 ceac6b3bf1f726f8ff43c6814e9d7281  lib/request/httpshandler.py
 fb6be55d21a70765e35549af2484f762  lib/request/__init__.py
@@ -218,13 +218,13 @@ d749b7f7b4bcf1f646290dec739f1e6d  plugins/generic/custom.py
 b5e9bc087d2cc3defcc9e468785a0462  plugins/generic/databases.py
 4cf8eb3719c980c54a92f838a999d090  plugins/generic/entries.py
 f3624debb8ae6fbcfb5f1b7f1d0743d1  plugins/generic/enumeration.py
-cda119b7b0d1afeb60f912009cdb0cf5  plugins/generic/filesystem.py
+07733664167a2d082d253c119630d27b  plugins/generic/filesystem.py
 65e75cd3c2c7acffa6ac13b086e0f383  plugins/generic/fingerprint.py
 fb6be55d21a70765e35549af2484f762  plugins/generic/__init__.py
 de1928d6865547764ae9a896da4bf1d4  plugins/generic/misc.py
 c95bf3dec22cc638100efef99e2ccc3c  plugins/generic/search.py
 1989f6cbed217f4222dc2dce72992d91  plugins/generic/syntax.py
-44c388ea08d4296e2bf2706e19cbe64a  plugins/generic/takeover.py
+4b539275dcee14683557da4aaf58b36c  plugins/generic/takeover.py
 f57914512ae22521b988b5094f1a0d6f  plugins/generic/users.py
 fb6be55d21a70765e35549af2484f762  plugins/__init__.py
 5dc693e22f5d020c5c568d7325bd4226  shell/backdoors/backdoor.asp_