diff --git a/lib/controller/action.py b/lib/controller/action.py index 4e97a7dca..bf42ea2e1 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -15,12 +15,9 @@ from lib.core.data import kb from lib.core.data import paths from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.settings import SUPPORTED_DBMS -from lib.techniques.blind.timebased import timeTest from lib.techniques.brute.use import columnExists from lib.techniques.brute.use import tableExists -from lib.techniques.error.test import errorTest from lib.techniques.inband.union.test import unionTest -from lib.techniques.outband.stacked import stackedTest def action(): """ @@ -60,15 +57,6 @@ def action(): dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) # Techniques options - if conf.stackedTest: - conf.dumper.technic("stacked queries injection payload", stackedTest()) - - if conf.errorTest: - conf.dumper.technic("error-based injection payload", errorTest()) - - if conf.timeTest: - conf.dumper.technic("time-based blind injection payload", timeTest()) - if conf.unionTest and kb.unionPosition is None: conf.dumper.technic("inband injection payload", unionTest()) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index dd10f345b..a7547ccc5 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -75,9 +75,6 @@ optDict = { }, "Techniques": { - "errorTest": "boolean", - "stackedTest": "boolean", - "timeTest": "boolean", "timeSec": "integer", "unionTest": "boolean", "uTech": "string", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 0a9af60ee..bc9d9d898 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -226,19 +226,6 @@ def cmdLineParser(): "the affected parameter(s) rather than using " "the default blind SQL injection technique.") - techniques.add_option("--error-test", dest="errorTest", - action="store_true", default=False, - help="Test for and use error based SQL injection") - - techniques.add_option("--stacked-test", dest="stackedTest", - action="store_true", default=False, - help="Test for and use stacked queries (multiple " - "statements)") - - techniques.add_option("--time-test", dest="timeTest", - action="store_true", default=False, - help="Test for time based blind SQL injection") - techniques.add_option("--time-sec", dest="timeSec", type="int", default=5, help="Seconds to delay the DBMS response " diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 9f5913cf5..49de96275 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -23,8 +23,6 @@ from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUserQuitException from lib.core.unescaper import unescaper from lib.request import inject -from lib.techniques.outband.stacked import stackedTest - class UDF: """ @@ -159,8 +157,6 @@ class UDF: errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms raise sqlmapUnsupportedFeatureException(errMsg) - stackedTest() - if not kb.stackedTest and not conf.direct: return diff --git a/lib/techniques/blind/timebased.py b/lib/techniques/blind/timebased.py index 66bb325f8..677098235 100644 --- a/lib/techniques/blind/timebased.py +++ b/lib/techniques/blind/timebased.py @@ -18,61 +18,6 @@ from lib.core.data import logger from lib.request import inject from lib.request.connect import Connect as Request -def timeTest(): - if kb.timeTest is not None: - return kb.timeTest - - infoMsg = "testing time-based blind sql injection on parameter " - infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic) - logger.info(infoMsg) - - timeQuery = getDelayQuery(andCond=True) - query = agent.prefixQuery("AND %s" % timeQuery) - query = agent.suffixQuery(query) - payload = agent.payload(newValue=query) - start = time.time() - _ = Request.queryPage(payload) - duration = calculateDeltaSeconds(start) - - if duration >= conf.timeSec: - infoMsg = "the target url is affected by a time-based blind " - infoMsg += "sql injection with AND condition syntax on parameter " - infoMsg += "'%s'" % kb.injection.parameter - logger.info(infoMsg) - - kb.timeTest = agent.removePayloadDelimiters(payload, False) - else: - warnMsg = "the target url is not affected by a time-based blind " - warnMsg += "sql injection with AND condition syntax on parameter " - warnMsg += "'%s'" % kb.injection.parameter - logger.warn(warnMsg) - - infoMsg = "testing time-based blind sql injection on parameter " - infoMsg += "'%s' with stacked queries syntax" % kb.injection.parameter - logger.info(infoMsg) - - timeQuery = getDelayQuery(andCond=True) - start = time.time() - payload, _ = inject.goStacked(timeQuery) - duration = calculateDeltaSeconds(start) - - if duration >= conf.timeSec: - infoMsg = "the target url is affected by a time-based blind sql " - infoMsg += "injection with stacked queries syntax on parameter " - infoMsg += "'%s'" % kb.injection.parameter - logger.info(infoMsg) - - kb.timeTest = agent.removePayloadDelimiters(payload, False) - else: - warnMsg = "the target url is not affected by a time-based blind " - warnMsg += "sql injection with stacked queries syntax on parameter " - warnMsg += "'%s'" % kb.injection.parameter - logger.warn(warnMsg) - - kb.timeTest = False - - return kb.timeTest - def timeUse(query): start = time.time() _, _ = inject.goStacked(query) diff --git a/lib/techniques/error/test.py b/lib/techniques/error/test.py deleted file mode 100644 index 7ea5f3a12..000000000 --- a/lib/techniques/error/test.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env python - -""" -$Id$ - -Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) -See the file 'doc/COPYING' for copying permission -""" - -import time - -from lib.core.agent import agent -from lib.core.common import getUnicode -from lib.core.common import randomInt -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.data import queries -from lib.core.session import setError -from lib.request import inject - -def errorTest(): - if conf.direct: - return - - if kb.errorTest is not None: - return kb.errorTest - - infoMsg = "testing error-based sql injection on parameter " - infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic) - logger.info(infoMsg) - - randInt = getUnicode(randomInt(1)) - query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt)) - result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True) - - if result: - infoMsg = "the target url is affected by an error-based sql " - infoMsg += "injection on parameter '%s'" % kb.injection.parameter - logger.info(infoMsg) - - kb.errorTest = agent.removePayloadDelimiters(usedPayload, False) - else: - warnMsg = "the target url is not affected by an error-based sql " - warnMsg += "injection on parameter '%s'" % kb.injection.parameter - logger.warn(warnMsg) - - kb.errorTest = False - - setError() - - return kb.errorTest diff --git a/lib/techniques/outband/stacked.py b/lib/techniques/outband/stacked.py deleted file mode 100644 index b04381275..000000000 --- a/lib/techniques/outband/stacked.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python - -""" -$Id$ - -Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) -See the file 'doc/COPYING' for copying permission -""" - -import time - -from lib.core.agent import agent -from lib.core.common import calculateDeltaSeconds -from lib.core.common import getDelayQuery -from lib.core.data import conf -from lib.core.data import kb -from lib.core.data import logger -from lib.core.session import setStacked -from lib.request import inject - -def stackedTest(): - if conf.direct: - return - - if kb.stackedTest is not None: - return kb.stackedTest - - infoMsg = "testing stacked queries sql injection on parameter " - infoMsg += "'%s'" % kb.injection.parameter - logger.info(infoMsg) - - query = getDelayQuery() - start = time.time() - payload, _ = inject.goStacked(query) - duration = calculateDeltaSeconds(start) - - if duration >= conf.timeSec: - infoMsg = "the target url is affected by a stacked queries " - infoMsg += "sql injection on parameter '%s'" % kb.injection.parameter - logger.info(infoMsg) - - kb.stackedTest = agent.removePayloadDelimiters(payload, False) - else: - warnMsg = "the target url is not affected by a stacked queries " - warnMsg += "sql injection on parameter '%s'" % kb.injection.parameter - logger.warn(warnMsg) - - kb.stackedTest = False - - if kb.stackedTest: - setStacked(kb.injection.place, kb.injection.parameter, payload) - - return kb.stackedTest diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 588830896..d8c9affd1 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -44,9 +44,7 @@ from lib.request import inject from lib.request.connect import Connect as Request from lib.techniques.brute.use import columnExists from lib.techniques.brute.use import tableExists -from lib.techniques.error.test import errorTest from lib.techniques.inband.union.test import unionTest -from lib.techniques.outband.stacked import stackedTest from lib.utils.hash import dictionaryAttack class Enumeration: @@ -80,9 +78,7 @@ class Enumeration: logger.info(infoMsg) if not kb.data.banner: - if conf.errorTest: - conf.dumper.technic("error-based injection payload", errorTest()) - elif conf.unionTest: + if conf.unionTest: conf.dumper.technic("inband injection payload", unionTest()) query = queries[kb.dbms].banner.query @@ -1745,9 +1741,6 @@ class Enumeration: return output else: - if kb.stackedTest is None: - stackedTest() - if not kb.stackedTest and not conf.direct: warnMsg = "execution of custom SQL queries is only " warnMsg += "available when stacked queries are supported" diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 2f1cbd266..170ac7ce2 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -21,7 +21,6 @@ from lib.core.data import logger from lib.core.enums import DBMS from lib.core.exception import sqlmapUndefinedMethod from lib.request import inject -from lib.techniques.outband.stacked import stackedTest class Filesystem: """ @@ -253,8 +252,6 @@ class Filesystem: def readFile(self, rFile): fileContent = None - stackedTest() - self.checkDbmsOs() if conf.direct or kb.stackedTest: @@ -295,8 +292,6 @@ class Filesystem: return rFilePath def writeFile(self, wFile, dFile, fileType=None, confirm=True): - stackedTest() - self.checkDbmsOs() if conf.direct or kb.stackedTest: diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 5b4005bd4..5a43e3ce9 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -23,8 +23,6 @@ from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.session import setRemoteTempPath from lib.request import inject -from lib.techniques.outband.stacked import stackedTest - class Miscellaneous: """ @@ -96,8 +94,6 @@ class Miscellaneous: Cleanup database from sqlmap create tables and functions """ - stackedTest() - if not kb.stackedTest and not conf.direct: return diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 1241a8c81..c62a120b6 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -25,7 +25,6 @@ from lib.takeover.abstraction import Abstraction from lib.takeover.icmpsh import ICMPsh from lib.takeover.metasploit import Metasploit from lib.takeover.registry import Registry -from lib.techniques.outband.stacked import stackedTest from plugins.generic.misc import Miscellaneous @@ -41,8 +40,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): Abstraction.__init__(self) def osCmd(self): - stackedTest() - if kb.stackedTest or conf.direct: web = False elif not kb.stackedTest and kb.dbms == DBMS.MYSQL: @@ -64,8 +61,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.cleanup() def osShell(self): - stackedTest() - if kb.stackedTest or conf.direct: web = False elif not kb.stackedTest and kb.dbms == DBMS.MYSQL: @@ -89,8 +84,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): def osPwn(self): goUdf = False - stackedTest() - self.checkDbmsOs() msg = "how do you want to establish the tunnel?" @@ -251,8 +244,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.cleanup() def osSmb(self): - stackedTest() - self.checkDbmsOs() if kb.os != "Windows": @@ -303,8 +294,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.smb() def osBof(self): - stackedTest() - if not kb.stackedTest and not conf.direct: return @@ -331,8 +320,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): raise sqlmapUndefinedMethod, errMsg def __regInit(self): - stackedTest() - if not kb.stackedTest and not conf.direct: return diff --git a/sqlmap.conf b/sqlmap.conf index 96b814279..a57062a25 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -246,18 +246,6 @@ longestCommon = False # using the default blind SQL injection technique. [Techniques] -# Test for and use error based SQL injection. -# Valid: True or False -errorTest = False - -# Test for and use stacked queries (multiple statements). -# Valid: True or False -stackedTest = False - -# Test for time based blind SQL injection. -# Valid: True or False -timeTest = False - # Seconds to delay the response from the DBMS. # Valid: integer # Default: 5