mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
This commit is contained in:
parent
072eb7154c
commit
bf2a857b9a
1468
doc/README.html
1468
doc/README.html
File diff suppressed because it is too large
Load Diff
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
1429
doc/README.sgml
1429
doc/README.sgml
File diff suppressed because it is too large
Load Diff
|
@ -2,10 +2,9 @@ To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
|
||||||
the example below.
|
the example below.
|
||||||
|
|
||||||
Note that if you are willing to run Metasploit's sqlmap auxiliary module on
|
Note that if you are willing to run Metasploit's sqlmap auxiliary module on
|
||||||
Metasploit Framework 3.0 or 3.1 you first need to copy wmap_sqlmap.rb to
|
through WMAP framework you first need to install sqlmap on your system or
|
||||||
your <msf3 root path>/modules/auxiliary/scanner/http/ folder then launch
|
add its file system path to the PATH environment variable.
|
||||||
msfconsole because this module has been officially integrated in Metasploit
|
|
||||||
from the release 3.2.
|
|
||||||
|
|
||||||
$ ./msfconsole
|
$ ./msfconsole
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
import re
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from lib.controller.action import action
|
from lib.controller.action import action
|
||||||
|
@ -35,6 +36,7 @@ from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.exception import sqlmapConnectionException
|
from lib.core.exception import sqlmapConnectionException
|
||||||
from lib.core.session import setString
|
from lib.core.session import setString
|
||||||
|
from lib.core.session import setRegexp
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
|
|
||||||
|
@ -337,6 +339,38 @@ def checkString():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def checkRegexp():
|
||||||
|
if not conf.regexp:
|
||||||
|
return True
|
||||||
|
|
||||||
|
condition = (
|
||||||
|
kb.resumedQueries.has_key(conf.url) and
|
||||||
|
kb.resumedQueries[conf.url].has_key("Regular expression") and
|
||||||
|
kb.resumedQueries[conf.url]["Regular expression"][:-1] == conf.regexp
|
||||||
|
)
|
||||||
|
|
||||||
|
if condition:
|
||||||
|
return True
|
||||||
|
|
||||||
|
infoMsg = "testing if the provided regular expression matches within "
|
||||||
|
infoMsg += "the target URL page content"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
page = Request.queryPage(content=True)
|
||||||
|
|
||||||
|
if re.search(conf.regexp, page, re.I | re.M):
|
||||||
|
setRegexp()
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
errMsg = "you provided '%s' as the regular expression to " % conf.regexp
|
||||||
|
errMsg += "match, but such a regular expression does not have any "
|
||||||
|
errMsg += "match within the target URL page content, please provide "
|
||||||
|
errMsg += "another regular expression."
|
||||||
|
logger.error(errMsg)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
def checkConnection():
|
def checkConnection():
|
||||||
infoMsg = "testing connection to the target url"
|
infoMsg = "testing connection to the target url"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -29,6 +29,7 @@ from lib.controller.checks import checkSqlInjection
|
||||||
from lib.controller.checks import checkDynParam
|
from lib.controller.checks import checkDynParam
|
||||||
from lib.controller.checks import checkStability
|
from lib.controller.checks import checkStability
|
||||||
from lib.controller.checks import checkString
|
from lib.controller.checks import checkString
|
||||||
|
from lib.controller.checks import checkRegexp
|
||||||
from lib.controller.checks import checkConnection
|
from lib.controller.checks import checkConnection
|
||||||
from lib.core.common import paramToDict
|
from lib.core.common import paramToDict
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
|
@ -117,7 +118,7 @@ def start():
|
||||||
|
|
||||||
if conf.multipleTargets:
|
if conf.multipleTargets:
|
||||||
hostCount += 1
|
hostCount += 1
|
||||||
message = "url %d:\n%s %s" % (hostCount, conf.method, targetUrl)
|
message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
|
||||||
|
|
||||||
if conf.cookie:
|
if conf.cookie:
|
||||||
message += "\nCookie: %s" % conf.cookie
|
message += "\nCookie: %s" % conf.cookie
|
||||||
|
@ -140,7 +141,7 @@ def start():
|
||||||
|
|
||||||
initTargetEnv()
|
initTargetEnv()
|
||||||
|
|
||||||
if not checkConnection() or not checkString():
|
if not checkConnection() or not checkString() or not checkRegexp():
|
||||||
continue
|
continue
|
||||||
|
|
||||||
for _, cookie in enumerate(conf.cj):
|
for _, cookie in enumerate(conf.cj):
|
||||||
|
@ -173,14 +174,14 @@ def start():
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
if not kb.injPlace or not kb.injParameter or not kb.injType:
|
if not kb.injPlace or not kb.injParameter or not kb.injType:
|
||||||
if not conf.string:
|
if not conf.string and not conf.regexp and not conf.eRegexp:
|
||||||
if checkStability():
|
if checkStability():
|
||||||
logMsg = "url is stable"
|
logMsg = "url is stable"
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
else:
|
else:
|
||||||
errMsg = "url is not stable, try with --string option, refer "
|
errMsg = "url is not stable, try with --string or "
|
||||||
errMsg += "to the user's manual paragraph 'String match' "
|
errMsg += "--regexp options, refer to the user's manual "
|
||||||
errMsg += "for details"
|
errMsg += "paragraph 'Page comparison' for details"
|
||||||
|
|
||||||
if conf.multipleTargets:
|
if conf.multipleTargets:
|
||||||
errMsg += ", skipping to next url"
|
errMsg += ", skipping to next url"
|
||||||
|
@ -214,7 +215,6 @@ def start():
|
||||||
|
|
||||||
if injType:
|
if injType:
|
||||||
injData.append((place, parameter, injType))
|
injData.append((place, parameter, injType))
|
||||||
kb.parenthesis = parenthesis
|
|
||||||
|
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -48,6 +48,20 @@ def setString():
|
||||||
dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
|
dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
|
||||||
|
|
||||||
|
|
||||||
|
def setRegexp():
|
||||||
|
"""
|
||||||
|
Save regular expression to match in session file.
|
||||||
|
"""
|
||||||
|
|
||||||
|
condition = (
|
||||||
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
|
not kb.resumedQueries[conf.url].has_key("Regular expression") )
|
||||||
|
)
|
||||||
|
|
||||||
|
if condition:
|
||||||
|
dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
|
||||||
|
|
||||||
|
|
||||||
def setInjection():
|
def setInjection():
|
||||||
"""
|
"""
|
||||||
Save information retrieved about injection place and parameter in the
|
Save information retrieved about injection place and parameter in the
|
||||||
|
@ -178,6 +192,28 @@ def resumeConfKb(expression, url, value):
|
||||||
if not test or test[0] in ("y", "Y"):
|
if not test or test[0] in ("y", "Y"):
|
||||||
conf.string = string
|
conf.string = string
|
||||||
|
|
||||||
|
elif expression == "Regular expression" and url == conf.url:
|
||||||
|
regexp = value[:-1]
|
||||||
|
|
||||||
|
logMsg = "resuming regular expression match '%s' from session file" % regexp
|
||||||
|
logger.info(logMsg)
|
||||||
|
|
||||||
|
if regexp and ( not conf.regexp or regexp != conf.regexp ):
|
||||||
|
if not conf.regexp:
|
||||||
|
message = "you did not provide any regular expression "
|
||||||
|
message += "to match. "
|
||||||
|
else:
|
||||||
|
message = "The regular expression you provided does not "
|
||||||
|
message += "match the resumed regular expression. "
|
||||||
|
|
||||||
|
message += "Do you want to use the resumed regular expression "
|
||||||
|
message += "to be matched in page when the query "
|
||||||
|
message += "is valid? [Y/n] "
|
||||||
|
test = readInput(message, default="Y")
|
||||||
|
|
||||||
|
if not test or test[0] in ("y", "Y"):
|
||||||
|
conf.regexp = regexp
|
||||||
|
|
||||||
elif expression == "Injection point" and url == conf.url:
|
elif expression == "Injection point" and url == conf.url:
|
||||||
injPlace = value[:-1]
|
injPlace = value[:-1]
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ import sys
|
||||||
|
|
||||||
|
|
||||||
# sqlmap version and site
|
# sqlmap version and site
|
||||||
VERSION = "0.6.3-rc5"
|
VERSION = "0.6.3"
|
||||||
VERSION_STRING = "sqlmap/%s" % VERSION
|
VERSION_STRING = "sqlmap/%s" % VERSION
|
||||||
SITE = "http://sqlmap.sourceforge.net"
|
SITE = "http://sqlmap.sourceforge.net"
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
from optparse import OptionError
|
from optparse import OptionError
|
||||||
from optparse import OptionGroup
|
from optparse import OptionGroup
|
||||||
from optparse import OptionParser
|
from optparse import OptionParser
|
||||||
|
@ -37,7 +39,7 @@ def cmdLineParser():
|
||||||
This function parses the command line parameters and arguments
|
This function parses the command line parameters and arguments
|
||||||
"""
|
"""
|
||||||
|
|
||||||
usage = "sqlmap.py [options]"
|
usage = "%s [options]" % sys.argv[0]
|
||||||
parser = OptionParser(usage=usage, version=VERSION_STRING)
|
parser = OptionParser(usage=usage, version=VERSION_STRING)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -108,7 +110,12 @@ def cmdLineParser():
|
||||||
|
|
||||||
|
|
||||||
# Injection options
|
# Injection options
|
||||||
injection = OptionGroup(parser, "Injection")
|
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||||
|
"used to specify which parameters to test "
|
||||||
|
"for, provide custom injection payloads and "
|
||||||
|
"how to parse and compare HTTP responses "
|
||||||
|
"page content when using the blind SQL "
|
||||||
|
"injection technique.")
|
||||||
|
|
||||||
injection.add_option("-p", dest="testParameter",
|
injection.add_option("-p", dest="testParameter",
|
||||||
help="Testable parameter(s)")
|
help="Testable parameter(s)")
|
||||||
|
|
|
@ -46,7 +46,11 @@ def checkForParenthesis():
|
||||||
|
|
||||||
count = 0
|
count = 0
|
||||||
|
|
||||||
|
if kb.parenthesis != None:
|
||||||
|
return
|
||||||
|
|
||||||
if conf.prefix or conf.postfix:
|
if conf.prefix or conf.postfix:
|
||||||
|
kb.parenthesis = 0
|
||||||
return
|
return
|
||||||
|
|
||||||
for parenthesis in range(1, 4):
|
for parenthesis in range(1, 4):
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# Target URL.
|
# Target URL.
|
||||||
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
||||||
# PHP and MySQL (local)
|
# PHP and MySQL (local)
|
||||||
url = http://127.0.0.1/sqlmap/mysql/get_str.php?id=1
|
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
|
||||||
#url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
|
url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
|
||||||
# PHP and Oracle (local)
|
# PHP and Oracle (local)
|
||||||
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
|
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
|
||||||
# PHP and PostgreSQL (local)
|
# PHP and PostgreSQL (local)
|
||||||
|
|
|
@ -7,6 +7,10 @@
|
||||||
|
|
||||||
<!-- Ubuntu -->
|
<!-- Ubuntu -->
|
||||||
<regexp value="PostgreSQL\s+(8\.2\.7)\s+on\s+.*?\s+\(Ubuntu 4\.2\.3-2ubuntu4\)">
|
<regexp value="PostgreSQL\s+(8\.2\.7)\s+on\s+.*?\s+\(Ubuntu 4\.2\.3-2ubuntu4\)">
|
||||||
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.10" codename="Intrepid"/>
|
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.04" codename="Hardy Heron"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="PostgreSQL\s+(8\.3\.5)\s+on\s+.*?\s+\(Ubuntu 4\.3\.2-1ubuntu11\)">
|
||||||
|
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.10" codename="Intrepid Ibex"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
</root>
|
</root>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user