Update for an Issue #287

2025-06-06 06:03:22 +03:00 · 2012-12-12 11:54:59 +01:00 · 2012-12-12 11:54:59 +01:00 · a6448e8768
commit a6448e8768
parent ef33729381
5 changed files with 54 additions and 15 deletions
--- a/_sqlmap.py
+++ b/_sqlmap.py
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """

 import bdb
+import logging
 import os
 import sys
 import time
@ -33,6 +34,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.option import init
 from lib.core.profiling import profile
 from lib.core.settings import LEGAL_DISCLAIMER
+from lib.core.settings import XMLRPC_SERVER_PORT
 from lib.core.testing import smokeTest
 from lib.core.testing import liveTest
 from lib.parse.cmdline import cmdLineParser
@ -63,7 +65,8 @@ def main():
        cmdLineOptions.update(cmdLineParser().__dict__)

        if cmdLineOptions.xmlRpc:
-            server = XMLRPCServer()
+            logger.setLevel(logging.INFO)
+            server = XMLRPCServer(cmdLineOptions.xmlRpcPort or XMLRPC_SERVER_PORT)
            server.serve()
        else:
            init(cmdLineOptions)
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -421,11 +421,11 @@ class Backend:
            dbms = Backend.getForcedDbms()
        elif Backend.getDbms() is not None:
            dbms = kb.dbms
-        elif conf.get('dbms'):
+        elif conf.get("dbms"):
            dbms = conf.dbms
        elif Backend.getErrorParsedDBMSes():
            dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())
-        elif kb.injection.dbms:
+        elif kb.get("injection") and kb.injection.dbms:
            dbms = unArrayizeValue(kb.injection.dbms)

        return aliasToDbmsEnum(dbms)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -483,7 +483,7 @@ EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<re
 LIMITED_ROWS_TEST_NUMBER = 15

 # Default TCP port used for XML-RPC server instance
-XML_RPC_SERVER_PORT = 8776
+XMLRPC_SERVER_PORT = 8776

 # Regular expression for SOAP-like POST data
 SOAP_RECOGNITION_REGEX = r"(?s)\A(<\?xml[^>]+>)?\s*<([^> ]+)( [^>]+)?>.+</\2.*>\s*\Z"
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -685,6 +685,9 @@ def cmdLineParser():
        parser.add_option("--xmlrpc", dest="xmlRpc", action="store_true",
                          help=SUPPRESS_HELP)

+        parser.add_option("--xmlrpc-port", dest="xmlRpcPort", type="int",
+                          help=SUPPRESS_HELP)
+
        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
--- a/lib/utils/xmlrpc.py
+++ b/lib/utils/xmlrpc.py
@ -5,6 +5,10 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import sys
+import xmlrpclib
+
+try:
    from SimpleXMLRPCServer import SimpleXMLRPCServer

    from lib.controller.controller import start
@ -12,11 +16,14 @@ from lib.core.datatype import AttribDict
    from lib.core.data import cmdLineOptions
    from lib.core.data import logger
    from lib.core.option import init
-from lib.core.settings import XML_RPC_SERVER_PORT
    from lib.core.settings import UNICODE_ENCODING
+    from lib.core.settings import XMLRPC_SERVER_PORT
+except ImportError:
+    pass

 class XMLRPCServer:
-    def __init__(self):
+    def __init__(self, port):
+        self.port = port
        self.reset()

    def reset(self):
@ -36,11 +43,37 @@ class XMLRPCServer:
        return start()

    def serve(self):
-        server = SimpleXMLRPCServer(addr=("", XML_RPC_SERVER_PORT), logRequests=False, allow_none=True, encoding=UNICODE_ENCODING)
-        server.register_introspection_functions()
+        server = SimpleXMLRPCServer(addr=("", self.port), logRequests=False, allow_none=True, encoding=UNICODE_ENCODING)
        server.register_function(self.reset)
        server.register_function(self.set_option)
        server.register_function(self.get_option)
        server.register_function(self.get_option_names)
        server.register_function(self.run)
+        logger.info("Registering RPC methods: %s" % str(server.system_listMethods()).strip("[]"))
+        server.register_introspection_functions()
+        logger.info("Running XML-RPC server at '0.0.0.0:%d'..." % self.port)
        server.serve_forever()
+
+if __name__ == "__main__":
+    try:
+        import readline
+    except ImportError:
+        pass
+
+    server = xmlrpclib.ServerProxy("http://localhost:%d" % (int(sys.argv[1]) if len(sys.argv) > 1 else 8776))
+
+    print "[o] Server instance: 'server'"
+    print "[i] Available RPC methods: %s" % str(server.system.listMethods()).strip("[]")
+    print "[i] Sample usage: 'server.system.listMethods()'"
+
+    while True:
+        try:
+            _ = raw_input("> ")
+            if not _.startswith("print"):
+                print eval(_) or ""
+            else:
+                exec(_)
+        except KeyboardInterrupt:
+            exit(0)
+        except Exception, ex:
+            print "[x] '%s'" % str(ex)