mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-24 18:43:47 +03:00
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
This commit is contained in:
parent
072eb7154c
commit
bf2a857b9a
1484
doc/README.html
1484
doc/README.html
File diff suppressed because it is too large
Load Diff
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
1445
doc/README.sgml
1445
doc/README.sgml
File diff suppressed because it is too large
Load Diff
|
@ -2,10 +2,9 @@ To use Metasploit's sqlmap auxiliary module launch msfconsole and follow
|
|||
the example below.
|
||||
|
||||
Note that if you are willing to run Metasploit's sqlmap auxiliary module on
|
||||
Metasploit Framework 3.0 or 3.1 you first need to copy wmap_sqlmap.rb to
|
||||
your <msf3 root path>/modules/auxiliary/scanner/http/ folder then launch
|
||||
msfconsole because this module has been officially integrated in Metasploit
|
||||
from the release 3.2.
|
||||
through WMAP framework you first need to install sqlmap on your system or
|
||||
add its file system path to the PATH environment variable.
|
||||
|
||||
|
||||
$ ./msfconsole
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||
|
||||
|
||||
|
||||
import re
|
||||
import time
|
||||
|
||||
from lib.controller.action import action
|
||||
|
@ -35,6 +36,7 @@ from lib.core.data import kb
|
|||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapConnectionException
|
||||
from lib.core.session import setString
|
||||
from lib.core.session import setRegexp
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
||||
|
@ -337,6 +339,38 @@ def checkString():
|
|||
return False
|
||||
|
||||
|
||||
def checkRegexp():
|
||||
if not conf.regexp:
|
||||
return True
|
||||
|
||||
condition = (
|
||||
kb.resumedQueries.has_key(conf.url) and
|
||||
kb.resumedQueries[conf.url].has_key("Regular expression") and
|
||||
kb.resumedQueries[conf.url]["Regular expression"][:-1] == conf.regexp
|
||||
)
|
||||
|
||||
if condition:
|
||||
return True
|
||||
|
||||
infoMsg = "testing if the provided regular expression matches within "
|
||||
infoMsg += "the target URL page content"
|
||||
logger.info(infoMsg)
|
||||
|
||||
page = Request.queryPage(content=True)
|
||||
|
||||
if re.search(conf.regexp, page, re.I | re.M):
|
||||
setRegexp()
|
||||
return True
|
||||
else:
|
||||
errMsg = "you provided '%s' as the regular expression to " % conf.regexp
|
||||
errMsg += "match, but such a regular expression does not have any "
|
||||
errMsg += "match within the target URL page content, please provide "
|
||||
errMsg += "another regular expression."
|
||||
logger.error(errMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
def checkConnection():
|
||||
infoMsg = "testing connection to the target url"
|
||||
logger.info(infoMsg)
|
||||
|
|
|
@ -29,6 +29,7 @@ from lib.controller.checks import checkSqlInjection
|
|||
from lib.controller.checks import checkDynParam
|
||||
from lib.controller.checks import checkStability
|
||||
from lib.controller.checks import checkString
|
||||
from lib.controller.checks import checkRegexp
|
||||
from lib.controller.checks import checkConnection
|
||||
from lib.core.common import paramToDict
|
||||
from lib.core.common import readInput
|
||||
|
@ -117,7 +118,7 @@ def start():
|
|||
|
||||
if conf.multipleTargets:
|
||||
hostCount += 1
|
||||
message = "url %d:\n%s %s" % (hostCount, conf.method, targetUrl)
|
||||
message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
|
||||
|
||||
if conf.cookie:
|
||||
message += "\nCookie: %s" % conf.cookie
|
||||
|
@ -140,7 +141,7 @@ def start():
|
|||
|
||||
initTargetEnv()
|
||||
|
||||
if not checkConnection() or not checkString():
|
||||
if not checkConnection() or not checkString() or not checkRegexp():
|
||||
continue
|
||||
|
||||
for _, cookie in enumerate(conf.cj):
|
||||
|
@ -173,14 +174,14 @@ def start():
|
|||
__testableParameters = True
|
||||
|
||||
if not kb.injPlace or not kb.injParameter or not kb.injType:
|
||||
if not conf.string:
|
||||
if not conf.string and not conf.regexp and not conf.eRegexp:
|
||||
if checkStability():
|
||||
logMsg = "url is stable"
|
||||
logger.info(logMsg)
|
||||
else:
|
||||
errMsg = "url is not stable, try with --string option, refer "
|
||||
errMsg += "to the user's manual paragraph 'String match' "
|
||||
errMsg += "for details"
|
||||
errMsg = "url is not stable, try with --string or "
|
||||
errMsg += "--regexp options, refer to the user's manual "
|
||||
errMsg += "paragraph 'Page comparison' for details"
|
||||
|
||||
if conf.multipleTargets:
|
||||
errMsg += ", skipping to next url"
|
||||
|
@ -214,7 +215,6 @@ def start():
|
|||
|
||||
if injType:
|
||||
injData.append((place, parameter, injType))
|
||||
kb.parenthesis = parenthesis
|
||||
|
||||
break
|
||||
else:
|
||||
|
|
|
@ -48,6 +48,20 @@ def setString():
|
|||
dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
|
||||
|
||||
|
||||
def setRegexp():
|
||||
"""
|
||||
Save regular expression to match in session file.
|
||||
"""
|
||||
|
||||
condition = (
|
||||
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||
not kb.resumedQueries[conf.url].has_key("Regular expression") )
|
||||
)
|
||||
|
||||
if condition:
|
||||
dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
|
||||
|
||||
|
||||
def setInjection():
|
||||
"""
|
||||
Save information retrieved about injection place and parameter in the
|
||||
|
@ -178,6 +192,28 @@ def resumeConfKb(expression, url, value):
|
|||
if not test or test[0] in ("y", "Y"):
|
||||
conf.string = string
|
||||
|
||||
elif expression == "Regular expression" and url == conf.url:
|
||||
regexp = value[:-1]
|
||||
|
||||
logMsg = "resuming regular expression match '%s' from session file" % regexp
|
||||
logger.info(logMsg)
|
||||
|
||||
if regexp and ( not conf.regexp or regexp != conf.regexp ):
|
||||
if not conf.regexp:
|
||||
message = "you did not provide any regular expression "
|
||||
message += "to match. "
|
||||
else:
|
||||
message = "The regular expression you provided does not "
|
||||
message += "match the resumed regular expression. "
|
||||
|
||||
message += "Do you want to use the resumed regular expression "
|
||||
message += "to be matched in page when the query "
|
||||
message += "is valid? [Y/n] "
|
||||
test = readInput(message, default="Y")
|
||||
|
||||
if not test or test[0] in ("y", "Y"):
|
||||
conf.regexp = regexp
|
||||
|
||||
elif expression == "Injection point" and url == conf.url:
|
||||
injPlace = value[:-1]
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ import sys
|
|||
|
||||
|
||||
# sqlmap version and site
|
||||
VERSION = "0.6.3-rc5"
|
||||
VERSION = "0.6.3"
|
||||
VERSION_STRING = "sqlmap/%s" % VERSION
|
||||
SITE = "http://sqlmap.sourceforge.net"
|
||||
|
||||
|
|
|
@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||
|
||||
|
||||
|
||||
import sys
|
||||
|
||||
from optparse import OptionError
|
||||
from optparse import OptionGroup
|
||||
from optparse import OptionParser
|
||||
|
@ -37,7 +39,7 @@ def cmdLineParser():
|
|||
This function parses the command line parameters and arguments
|
||||
"""
|
||||
|
||||
usage = "sqlmap.py [options]"
|
||||
usage = "%s [options]" % sys.argv[0]
|
||||
parser = OptionParser(usage=usage, version=VERSION_STRING)
|
||||
|
||||
try:
|
||||
|
@ -108,7 +110,12 @@ def cmdLineParser():
|
|||
|
||||
|
||||
# Injection options
|
||||
injection = OptionGroup(parser, "Injection")
|
||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||
"used to specify which parameters to test "
|
||||
"for, provide custom injection payloads and "
|
||||
"how to parse and compare HTTP responses "
|
||||
"page content when using the blind SQL "
|
||||
"injection technique.")
|
||||
|
||||
injection.add_option("-p", dest="testParameter",
|
||||
help="Testable parameter(s)")
|
||||
|
|
|
@ -46,7 +46,11 @@ def checkForParenthesis():
|
|||
|
||||
count = 0
|
||||
|
||||
if kb.parenthesis != None:
|
||||
return
|
||||
|
||||
if conf.prefix or conf.postfix:
|
||||
kb.parenthesis = 0
|
||||
return
|
||||
|
||||
for parenthesis in range(1, 4):
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
# Target URL.
|
||||
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
||||
# PHP and MySQL (local)
|
||||
url = http://127.0.0.1/sqlmap/mysql/get_str.php?id=1
|
||||
#url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
|
||||
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
|
||||
url = http://127.0.0.1/sqlmap/mysql/get_int_partialunion.php?id=1
|
||||
# PHP and Oracle (local)
|
||||
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
|
||||
# PHP and PostgreSQL (local)
|
||||
|
|
|
@ -7,6 +7,10 @@
|
|||
|
||||
<!-- Ubuntu -->
|
||||
<regexp value="PostgreSQL\s+(8\.2\.7)\s+on\s+.*?\s+\(Ubuntu 4\.2\.3-2ubuntu4\)">
|
||||
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.10" codename="Intrepid"/>
|
||||
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.04" codename="Hardy Heron"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="PostgreSQL\s+(8\.3\.5)\s+on\s+.*?\s+\(Ubuntu 4\.3\.2-1ubuntu11\)">
|
||||
<info dbms_version="1" type="Linux" distrib="Ubuntu" release="8.10" codename="Intrepid Ibex"/>
|
||||
</regexp>
|
||||
</root>
|
||||
|
|
Loading…
Reference in New Issue
Block a user