mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Update for #3486
This commit is contained in:
parent
9789d65c19
commit
8fe37f3564
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.2.21"
|
||||
VERSION = "1.3.2.22"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -773,6 +773,9 @@ BRUTE_DOC_ROOT_PREFIXES = {
|
|||
OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
|
||||
}
|
||||
|
||||
# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
|
||||
TAKEOVER_TABLE_PREFIX = "sqlmap"
|
||||
|
||||
# Suffixes used in brute force search for web server document root
|
||||
BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
|
||||
|
||||
|
@ -809,3 +812,11 @@ th{
|
|||
font-size:12px;
|
||||
}
|
||||
</style>"""
|
||||
|
||||
# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)
|
||||
|
||||
for key, value in os.environ.items():
|
||||
if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):
|
||||
_ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()
|
||||
if _ in globals():
|
||||
globals()[_] = value
|
||||
|
|
|
@ -25,6 +25,7 @@ from lib.core.enums import CUSTOM_LOGGING
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import TIMEOUT_STATE
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.utils.timeout import timeout
|
||||
|
||||
|
@ -53,7 +54,7 @@ def direct(query, content=True):
|
|||
|
||||
if not select and "EXEC " not in query.upper():
|
||||
timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
|
||||
elif not (output and "sqlmapoutput" not in query and "sqlmapfile" not in query):
|
||||
elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
|
||||
output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
|
||||
if state == TIMEOUT_STATE.NORMAL:
|
||||
hashDBWrite(query, output, True)
|
||||
|
|
|
@ -28,6 +28,7 @@ from lib.core.enums import CHARSET_TYPE
|
|||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import SqlmapUndefinedMethod
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.request import inject
|
||||
|
||||
|
@ -37,7 +38,7 @@ class Filesystem:
|
|||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.fileTblName = "sqlmapfile"
|
||||
self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
|
||||
self.tblField = "data"
|
||||
|
||||
def _checkFileLength(self, localFile, remoteFile, fileRead=False):
|
||||
|
|
|
@ -24,6 +24,7 @@ from lib.core.exception import SqlmapNotVulnerableException
|
|||
from lib.core.exception import SqlmapSystemException
|
||||
from lib.core.exception import SqlmapUndefinedMethod
|
||||
from lib.core.exception import SqlmapUnsupportedDBMSException
|
||||
from lib.core.settings import TAKEOVER_TABLE_PREFIX
|
||||
from lib.takeover.abstraction import Abstraction
|
||||
from lib.takeover.icmpsh import ICMPsh
|
||||
from lib.takeover.metasploit import Metasploit
|
||||
|
@ -37,7 +38,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.cmdTblName = "sqlmapoutput"
|
||||
self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
|
||||
self.tblField = "data"
|
||||
|
||||
Abstraction.__init__(self)
|
||||
|
|
|
@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
|
|||
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
|
||||
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
|
||||
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
|
||||
7ba3ce7dc1e4c29923c3b72f0a5b5ae2 lib/core/settings.py
|
||||
8b2b5526b9a22e010342ff8f37e1cb15 lib/core/settings.py
|
||||
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
|
||||
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
|
||||
43772ea73e9e3d446f782af591cb4eda lib/core/target.py
|
||||
|
@ -73,7 +73,7 @@ e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py
|
|||
97b7577fdfe3d8537fe9ea3a070d0507 lib/request/basic.py
|
||||
fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py
|
||||
2fde12a95133b26699e26a5c56311c38 lib/request/connect.py
|
||||
7cba86090b02558f04c6692cef66e772 lib/request/direct.py
|
||||
43005bd6a78e9cf0f3ed2283a1cb122e lib/request/direct.py
|
||||
2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py
|
||||
ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py
|
||||
fb6be55d21a70765e35549af2484f762 lib/request/__init__.py
|
||||
|
@ -218,13 +218,13 @@ d749b7f7b4bcf1f646290dec739f1e6d plugins/generic/custom.py
|
|||
b5e9bc087d2cc3defcc9e468785a0462 plugins/generic/databases.py
|
||||
4cf8eb3719c980c54a92f838a999d090 plugins/generic/entries.py
|
||||
f3624debb8ae6fbcfb5f1b7f1d0743d1 plugins/generic/enumeration.py
|
||||
cda119b7b0d1afeb60f912009cdb0cf5 plugins/generic/filesystem.py
|
||||
07733664167a2d082d253c119630d27b plugins/generic/filesystem.py
|
||||
65e75cd3c2c7acffa6ac13b086e0f383 plugins/generic/fingerprint.py
|
||||
fb6be55d21a70765e35549af2484f762 plugins/generic/__init__.py
|
||||
de1928d6865547764ae9a896da4bf1d4 plugins/generic/misc.py
|
||||
c95bf3dec22cc638100efef99e2ccc3c plugins/generic/search.py
|
||||
1989f6cbed217f4222dc2dce72992d91 plugins/generic/syntax.py
|
||||
44c388ea08d4296e2bf2706e19cbe64a plugins/generic/takeover.py
|
||||
4b539275dcee14683557da4aaf58b36c plugins/generic/takeover.py
|
||||
f57914512ae22521b988b5094f1a0d6f plugins/generic/users.py
|
||||
fb6be55d21a70765e35549af2484f762 plugins/__init__.py
|
||||
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
|
||||
|
|
Loading…
Reference in New Issue
Block a user