sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-04 03:43:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper saving and resuming when more than a parameter are injectable.

Browse Source 
Minor bug fix to --stacked-test
Minor code refactoring.
This commit is contained in:
Bernardo Damele 2010-11-29 01:04:42 +00:00
parent 75f7df75b6
commit 9d7087e2ff
6 changed files with 89 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -288,7 +288,7 @@ def checkSqlInjection(place, parameter, value):
injection.prefix = prefix injection.prefix = prefix
injection.suffix = suffix injection.suffix = suffix
injection.data[stype] = (title, where, comment, boundPayload) injection.data[stype] = (boundPayload, comment)
if "details" in test: if "details" in test:
for detailKey, detailValue in test.details.items(): for detailKey, detailValue in test.details.items():

16
lib/controller/controller.py
View File

@ -47,11 +47,13 @@ from lib.core.target import setupTargetEnv
def __saveToSessionFile(): def __saveToSessionFile():
for inj in kb.injections: for inj in kb.injections:
setInjection(inj)
place = inj.place place = inj.place
parameter = inj.parameter parameter = inj.parameter
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
payload = sdata[3] payload = sdata[0]
if stype == 1: if stype == 1:
kb.booleanTest = payload kb.booleanTest = payload
@ -66,15 +68,11 @@ def __saveToSessionFile():
kb.timeTest = payload kb.timeTest = payload
setTimeBased(place, parameter, payload) setTimeBased(place, parameter, payload)
setInjection(inj)
def __selectInjection(): def __selectInjection():
""" """
Selection function for injection place, parameters and type. Selection function for injection place, parameters and type.
""" """
# TODO: when resume from session file, feed kb.injections and call
# __selectInjection()
points = [] points = []
for i in xrange(0, len(kb.injections)): for i in xrange(0, len(kb.injections)):
@ -103,9 +101,10 @@ def __selectInjection():
if point not in points: if point not in points:
points.append(point) points.append(point)
ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype
message += "[%d] place: %s, parameter: " % (i, place) message += "[%d] place: %s, parameter: " % (i, place)
message += "%s, type: %s" % (parameter, PAYLOAD.PARAMETER[ptype]) message += "%s, type: %s" % (parameter, ptype)
if i == 0: if i == 0:
message += " (default)" message += " (default)"
@ -130,8 +129,9 @@ def __formatInjection(inj):
data += "Parameter: %s\n" % inj.parameter data += "Parameter: %s\n" % inj.parameter
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype] stype = PAYLOAD.SQLINJECTION[stype] if isinstance(stype, int) else stype
data += " Payload: %s\n\n" % sdata[3] data += " Type: %s\n" % stype
data += " Payload: %s\n\n" % sdata[0]
return data return data

3
lib/core/option.py
View File

@ -44,6 +44,7 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import queries from lib.core.data import queries
from lib.core.datatype import advancedDict from lib.core.datatype import advancedDict
from lib.core.datatype import injectionDict
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapFilePathException
@ -1146,7 +1147,7 @@ def __setKnowledgeBaseAttributes():
kb.headersFp = {} kb.headersFp = {}
kb.hintValue = None kb.hintValue = None
kb.htmlFp = [] kb.htmlFp = []
kb.injection = advancedDict() kb.injection = injectionDict()
kb.injection.parameter = None kb.injection.parameter = None
kb.injection.place = None kb.injection.place = None
kb.injections = [] kb.injections = []

125
lib/core/session.py
View File

@ -15,6 +15,7 @@ from lib.core.common import readInput
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.datatype import injectionDict
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.settings import MSSQL_ALIASES from lib.core.settings import MSSQL_ALIASES
@ -89,14 +90,17 @@ def setInjection(inj):
) )
if condition: if condition:
for stype in inj.data.keys():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place)) dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place))
dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter)) dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter))
dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype])) dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype]))
dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix)) dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix))
dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix)) dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix))
for stype, sdata in inj.data.items():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection payload][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[0]))
dataToSessionFile("[%s][%s][%s][Injection comment][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[1]))
def setDbms(dbms): def setDbms(dbms):
""" """
@param dbms: database management system to be set into the knowledge @param dbms: database management system to be set into the knowledge
@ -303,7 +307,7 @@ def resumeConfKb(expression, url, value):
if expression == "String" and url == conf.url: if expression == "String" and url == conf.url:
string = unSafeFormatString(value[:-1]) string = unSafeFormatString(value[:-1])
logMsg = "resuming string match '%s' from session file" % string logMsg = "resuming string match '%s' from session file" % string
logger.info(logMsg) logger.info(logMsg)
if string and ( not conf.string or string != conf.string ): if string and ( not conf.string or string != conf.string ):
@ -324,7 +328,7 @@ def resumeConfKb(expression, url, value):
elif expression == "Regular expression" and url == conf.url: elif expression == "Regular expression" and url == conf.url:
regexp = unSafeFormatString(value[:-1]) regexp = unSafeFormatString(value[:-1])
logMsg = "resuming regular expression match '%s' from session file" % regexp logMsg = "resuming regular expression match '%s' from session file" % regexp
logger.info(logMsg) logger.info(logMsg)
if regexp and ( not conf.regexp or regexp != conf.regexp ): if regexp and ( not conf.regexp or regexp != conf.regexp ):
@ -346,7 +350,7 @@ def resumeConfKb(expression, url, value):
elif expression == "Match ratio" and url == conf.url and conf.matchRatio is None: elif expression == "Match ratio" and url == conf.url and conf.matchRatio is None:
matchRatio = value[:-1] matchRatio = value[:-1]
logMsg = "resuming match ratio '%s' from session file" % matchRatio logMsg = "resuming match ratio '%s' from session file" % matchRatio
logger.info(logMsg) logger.info(logMsg)
try: try:
@ -354,16 +358,10 @@ def resumeConfKb(expression, url, value):
except ValueError: except ValueError:
pass pass
elif expression == "Injection type" and url == conf.url:
kb.injection.stype = unSafeFormatString(value[:-1])
logMsg = "resuming injection type '%s' from session file" % kb.injection.stype
logger.info(logMsg)
elif expression == "Injection point" and url == conf.url: elif expression == "Injection point" and url == conf.url:
injPlace = value[:-1] injPlace = value[:-1]
logMsg = "resuming injection point '%s' from session file" % injPlace logMsg = "resuming injection point '%s' from session file" % injPlace
logger.info(logMsg) logger.info(logMsg)
if not conf.paramDict.has_key(injPlace): if not conf.paramDict.has_key(injPlace):
@ -373,12 +371,16 @@ def resumeConfKb(expression, url, value):
warnMsg += "injectable point" warnMsg += "injectable point"
logger.warn(warnMsg) logger.warn(warnMsg)
else: else:
if kb.injection.place is not None:
kb.injections.append(kb.injection)
kb.injection = injectionDict()
kb.injection.place = injPlace kb.injection.place = injPlace
elif expression == "Injection parameter" and url == conf.url: elif expression == "Injection parameter" and url == conf.url:
injParameter = unSafeFormatString(value[:-1]) injParameter = unSafeFormatString(value[:-1])
logMsg = "resuming injection parameter '%s' from session file" % injParameter logMsg = "resuming injection parameter '%s' from session file" % injParameter
logger.info(logMsg) logger.info(logMsg)
condition = ( condition = (
@ -398,19 +400,68 @@ def resumeConfKb(expression, url, value):
elif expression == "Injection parameter type" and url == conf.url: elif expression == "Injection parameter type" and url == conf.url:
kb.injection.ptype = unSafeFormatString(value[:-1]) kb.injection.ptype = unSafeFormatString(value[:-1])
logMsg = "resuming injection parameter type '%s' from session file" % kb.injection.ptype logMsg = "resuming injection parameter type '%s' from session file" % kb.injection.ptype
logger.info(logMsg) logger.info(logMsg)
elif expression == "Injection prefix" and url == conf.url: elif expression == "Injection prefix" and url == conf.url:
kb.injection.prefix = unSafeFormatString(value[:-1]) kb.injection.prefix = unSafeFormatString(value[:-1])
logMsg = "resuming injection prefix '%s' from session file" % kb.injection.prefix logMsg = "resuming injection prefix '%s' from session file" % kb.injection.prefix
logger.info(logMsg) logger.info(logMsg)
elif expression == "Injection suffix" and url == conf.url: elif expression == "Injection suffix" and url == conf.url:
kb.injection.suffix = unSafeFormatString(value[:-1]) kb.injection.suffix = unSafeFormatString(value[:-1])
logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix
logger.info(logMsg)
elif expression == "Injection type" and url == conf.url:
stype = unSafeFormatString(value[:-1])
kb.injection.data[stype] = []
logMsg = "resuming injection type '%s' from session file" % stype
logger.info(logMsg)
elif expression == "Injection payload" and url == conf.url:
payload = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(payload)
logMsg = "resuming injection payload '%s' from session file" % payload
logger.info(logMsg)
elif expression == "Injection comment" and url == conf.url:
comment = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(comment)
logMsg = "resuming injection comment '%s' from session file" % comment
logger.info(logMsg)
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg) logger.info(logMsg)
elif expression == "DBMS" and url == conf.url: elif expression == "DBMS" and url == conf.url:
@ -418,7 +469,7 @@ def resumeConfKb(expression, url, value):
dbms = dbms.lower() dbms = dbms.lower()
dbmsVersion = None dbmsVersion = None
logMsg = "resuming back-end DBMS '%s' " % dbms logMsg = "resuming back-end DBMS '%s' " % dbms
logMsg += "from session file" logMsg += "from session file"
logger.info(logMsg) logger.info(logMsg)
@ -450,7 +501,7 @@ def resumeConfKb(expression, url, value):
elif expression == "OS" and url == conf.url: elif expression == "OS" and url == conf.url:
os = unSafeFormatString(value[:-1]) os = unSafeFormatString(value[:-1])
logMsg = "resuming back-end DBMS operating system '%s' " % os logMsg = "resuming back-end DBMS operating system '%s' " % os
logMsg += "from session file" logMsg += "from session file"
logger.info(logMsg) logger.info(logMsg)
@ -468,52 +519,24 @@ def resumeConfKb(expression, url, value):
else: else:
conf.os = os conf.os = os
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg)
elif expression == "Union comment" and url == conf.url: elif expression == "Union comment" and url == conf.url:
kb.unionComment = unSafeFormatString(value[:-1]) kb.unionComment = unSafeFormatString(value[:-1])
logMsg = "resuming union comment " logMsg = "resuming union comment "
logMsg += "'%s' from session file" % kb.unionComment logMsg += "'%s' from session file" % kb.unionComment
logger.info(logMsg) logger.info(logMsg)
elif expression == "Union count" and url == conf.url: elif expression == "Union count" and url == conf.url:
kb.unionCount = int(value[:-1]) kb.unionCount = int(value[:-1])
logMsg = "resuming union count " logMsg = "resuming union count "
logMsg += "%s from session file" % kb.unionCount logMsg += "%s from session file" % kb.unionCount
logger.info(logMsg) logger.info(logMsg)
elif expression == "Union position" and url == conf.url: elif expression == "Union position" and url == conf.url:
kb.unionPosition = int(value[:-1]) kb.unionPosition = int(value[:-1])
logMsg = "resuming union position " logMsg = "resuming union position "
logMsg += "%s from session file" % kb.unionPosition logMsg += "%s from session file" % kb.unionPosition
logger.info(logMsg) logger.info(logMsg)
@ -532,13 +555,13 @@ def resumeConfKb(expression, url, value):
elif expression == "Union payload" and url == conf.url: elif expression == "Union payload" and url == conf.url:
kb.unionTest = value[:-1] kb.unionTest = value[:-1]
logMsg = "resuming union payload " logMsg = "resuming union payload "
logMsg += "%s from session file" % kb.unionTest logMsg += "%s from session file" % kb.unionTest
logger.info(logMsg) logger.info(logMsg)
elif expression == "Remote temp path" and url == conf.url: elif expression == "Remote temp path" and url == conf.url:
conf.tmpPath = unSafeFormatString(value[:-1]) conf.tmpPath = unSafeFormatString(value[:-1])
logMsg = "resuming remote absolute path of temporary " logMsg = "resuming remote absolute path of temporary "
logMsg += "files directory '%s' from session file" % conf.tmpPath logMsg += "files directory '%s' from session file" % conf.tmpPath
logger.info(logMsg) logger.info(logMsg)

1
lib/core/target.py
View File

@ -173,6 +173,7 @@ def __setOutputResume():
elif len(value) >= len(kb.resumedQueries[url][expression]): elif len(value) >= len(kb.resumedQueries[url][expression]):
kb.resumedQueries[url][expression] = value kb.resumedQueries[url][expression] = value
kb.injections.append(kb.injection)
readSessionFP.close() readSessionFP.close()
else: else:
try: try:

3
lib/techniques/outband/stacked.py
View File

@ -47,6 +47,7 @@ def stackedTest():
kb.stackedTest = False kb.stackedTest = False
setStacked() if kb.stackedTest:
setStacked(kb.injection.place, kb.injection.parameter, payload)
return kb.stackedTest return kb.stackedTest