Implementation for an Issue #423

This commit is contained in:
stamparm 2013-03-21 11:28:44 +01:00
parent 3740a97cc9
commit ad039c335d
4 changed files with 13 additions and 1 deletions

View File

@ -647,6 +647,9 @@ class Agent(object):
@rtype: C{str} @rtype: C{str}
""" """
if conf.uFrom:
fromTable = " FROM %s" % conf.uFrom
else:
fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "") fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
if query.startswith("SELECT "): if query.startswith("SELECT "):

View File

@ -88,6 +88,7 @@ optDict = {
"timeSec": "integer", "timeSec": "integer",
"uCols": "string", "uCols": "string",
"uChar": "string", "uChar": "string",
"uFrom": "string",
"dnsName": "string", "dnsName": "string",
"secondOrder": "string", "secondOrder": "string",
}, },

View File

@ -287,6 +287,9 @@ def cmdLineParser():
techniques.add_option("--union-char", dest="uChar", techniques.add_option("--union-char", dest="uChar",
help="Character to use for bruteforcing number of columns") help="Character to use for bruteforcing number of columns")
techniques.add_option("--union-from", dest="uFrom",
help="Table to use in FROM part of UNION query SQL injection")
techniques.add_option("--dns-domain", dest="dnsName", techniques.add_option("--dns-domain", dest="dnsName",
help="Domain name used for DNS exfiltration attack") help="Domain name used for DNS exfiltration attack")

View File

@ -303,6 +303,11 @@ uCols =
# Example: NULL # Example: NULL
uChar = uChar =
# Table to use in FROM part of UNION query SQL injection
# Valid: string
# Example: INFORMATION_SCHEMA.COLLATIONS
uFrom =
# Domain name used for DNS exfiltration attack # Domain name used for DNS exfiltration attack
# Valid: string # Valid: string
dnsName = dnsName =