sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-04 11:53:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper saving and resuming when more than a parameter are injectable.

Browse Source 
Minor bug fix to --stacked-test
Minor code refactoring.
This commit is contained in:
Bernardo Damele 2010-11-29 01:04:42 +00:00
parent 75f7df75b6
commit 9d7087e2ff
6 changed files with 89 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -288,7 +288,7 @@ def checkSqlInjection(place, parameter, value):
injection.prefix = prefix injection.prefix = prefix
injection.suffix = suffix injection.suffix = suffix
injection.data[stype] = (title, where, comment, boundPayload) injection.data[stype] = (boundPayload, comment)
if "details" in test: if "details" in test:
for detailKey, detailValue in test.details.items(): for detailKey, detailValue in test.details.items():

16
lib/controller/controller.py
View File

@ -47,11 +47,13 @@ from lib.core.target import setupTargetEnv
def __saveToSessionFile(): def __saveToSessionFile():
for inj in kb.injections: for inj in kb.injections:
setInjection(inj)
place = inj.place place = inj.place
parameter = inj.parameter parameter = inj.parameter
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
payload = sdata[3] payload = sdata[0]
if stype == 1: if stype == 1:
kb.booleanTest = payload kb.booleanTest = payload
@ -66,15 +68,11 @@ def __saveToSessionFile():
kb.timeTest = payload kb.timeTest = payload
setTimeBased(place, parameter, payload) setTimeBased(place, parameter, payload)
setInjection(inj)
def __selectInjection(): def __selectInjection():
""" """
Selection function for injection place, parameters and type. Selection function for injection place, parameters and type.
""" """
# TODO: when resume from session file, feed kb.injections and call
# __selectInjection()
points = [] points = []
for i in xrange(0, len(kb.injections)): for i in xrange(0, len(kb.injections)):
@ -103,9 +101,10 @@ def __selectInjection():
if point not in points: if point not in points:
points.append(point) points.append(point)
ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype
message += "[%d] place: %s, parameter: " % (i, place) message += "[%d] place: %s, parameter: " % (i, place)
message += "%s, type: %s" % (parameter, PAYLOAD.PARAMETER[ptype]) message += "%s, type: %s" % (parameter, ptype)
if i == 0: if i == 0:
message += " (default)" message += " (default)"
@ -130,8 +129,9 @@ def __formatInjection(inj):
data += "Parameter: %s\n" % inj.parameter data += "Parameter: %s\n" % inj.parameter
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype] stype = PAYLOAD.SQLINJECTION[stype] if isinstance(stype, int) else stype
data += " Payload: %s\n\n" % sdata[3] data += " Type: %s\n" % stype
data += " Payload: %s\n\n" % sdata[0]
return data return data

3
lib/core/option.py
View File

@ -44,6 +44,7 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import queries from lib.core.data import queries
from lib.core.datatype import advancedDict from lib.core.datatype import advancedDict
from lib.core.datatype import injectionDict
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapFilePathException
@ -1146,7 +1147,7 @@ def __setKnowledgeBaseAttributes():
kb.headersFp = {} kb.headersFp = {}
kb.hintValue = None kb.hintValue = None
kb.htmlFp = [] kb.htmlFp = []
kb.injection = advancedDict() kb.injection = injectionDict()
kb.injection.parameter = None kb.injection.parameter = None
kb.injection.place = None kb.injection.place = None
kb.injections = [] kb.injections = []

95
lib/core/session.py
View File

@ -15,6 +15,7 @@ from lib.core.common import readInput
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.datatype import injectionDict
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.settings import MSSQL_ALIASES from lib.core.settings import MSSQL_ALIASES
@ -89,14 +90,17 @@ def setInjection(inj):
) )
if condition: if condition:
for stype in inj.data.keys():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place)) dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place))
dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter)) dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter))
dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype])) dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype]))
dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix)) dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix))
dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix)) dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix))
for stype, sdata in inj.data.items():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection payload][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[0]))
dataToSessionFile("[%s][%s][%s][Injection comment][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[1]))
def setDbms(dbms): def setDbms(dbms):
""" """
@param dbms: database management system to be set into the knowledge @param dbms: database management system to be set into the knowledge
@ -354,12 +358,6 @@ def resumeConfKb(expression, url, value):
except ValueError: except ValueError:
pass pass
elif expression == "Injection type" and url == conf.url:
kb.injection.stype = unSafeFormatString(value[:-1])
logMsg = "resuming injection type '%s' from session file" % kb.injection.stype
logger.info(logMsg)
elif expression == "Injection point" and url == conf.url: elif expression == "Injection point" and url == conf.url:
injPlace = value[:-1] injPlace = value[:-1]
@ -373,6 +371,10 @@ def resumeConfKb(expression, url, value):
warnMsg += "injectable point" warnMsg += "injectable point"
logger.warn(warnMsg) logger.warn(warnMsg)
else: else:
if kb.injection.place is not None:
kb.injections.append(kb.injection)
kb.injection = injectionDict()
kb.injection.place = injPlace kb.injection.place = injPlace
elif expression == "Injection parameter" and url == conf.url: elif expression == "Injection parameter" and url == conf.url:
@ -413,6 +415,55 @@ def resumeConfKb(expression, url, value):
logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix
logger.info(logMsg) logger.info(logMsg)
elif expression == "Injection type" and url == conf.url:
stype = unSafeFormatString(value[:-1])
kb.injection.data[stype] = []
logMsg = "resuming injection type '%s' from session file" % stype
logger.info(logMsg)
elif expression == "Injection payload" and url == conf.url:
payload = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(payload)
logMsg = "resuming injection payload '%s' from session file" % payload
logger.info(logMsg)
elif expression == "Injection comment" and url == conf.url:
comment = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(comment)
logMsg = "resuming injection comment '%s' from session file" % comment
logger.info(logMsg)
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg)
elif expression == "DBMS" and url == conf.url: elif expression == "DBMS" and url == conf.url:
dbms = unSafeFormatString(value[:-1]) dbms = unSafeFormatString(value[:-1])
dbms = dbms.lower() dbms = dbms.lower()
@ -468,34 +519,6 @@ def resumeConfKb(expression, url, value):
else: else:
conf.os = os conf.os = os
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg)
elif expression == "Union comment" and url == conf.url: elif expression == "Union comment" and url == conf.url:
kb.unionComment = unSafeFormatString(value[:-1]) kb.unionComment = unSafeFormatString(value[:-1])

1
lib/core/target.py
View File

@ -173,6 +173,7 @@ def __setOutputResume():
elif len(value) >= len(kb.resumedQueries[url][expression]): elif len(value) >= len(kb.resumedQueries[url][expression]):
kb.resumedQueries[url][expression] = value kb.resumedQueries[url][expression] = value
kb.injections.append(kb.injection)
readSessionFP.close() readSessionFP.close()
else: else:
try: try:

3
lib/techniques/outband/stacked.py
View File

@ -47,6 +47,7 @@ def stackedTest():
kb.stackedTest = False kb.stackedTest = False
setStacked() if kb.stackedTest:
setStacked(kb.injection.place, kb.injection.parameter, payload)
return kb.stackedTest return kb.stackedTest