sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 02:53:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

initial work for issue #33

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-10 00:27:08 +01:00
parent d3da3f5c52
commit c4af7b9aa0
5 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/action.py
View File

@ -118,6 +118,9 @@ def action():
if conf.sqlShell: if conf.sqlShell:
conf.dbmsHandler.sqlShell() conf.dbmsHandler.sqlShell()
if conf.sqlFile:
conf.dbmsHandler.sqlFile()
# User-defined function options # User-defined function options
if conf.udfInject: if conf.udfInject:
conf.dbmsHandler.udfInjectCustom() conf.dbmsHandler.udfInjectCustom()

3
lib/core/optiondict.py
View File

@ -119,7 +119,8 @@ optDict = {
"firstChar": "integer", "firstChar": "integer",
"lastChar": "integer", "lastChar": "integer",
"query": "string", "query": "string",
"sqlShell": "boolean" "sqlShell": "boolean",
"sqlFile": "string"
}, },
"Brute": { "Brute": {

3
lib/parse/cmdline.py
View File

@ -383,6 +383,9 @@ def cmdLineParser():
action="store_true", action="store_true",
help="Prompt for an interactive SQL shell") help="Prompt for an interactive SQL shell")
enumeration.add_option("--sql-file", dest="sqlFile",
help="Execute SQL statements from given file(s)")
# User-defined function options # User-defined function options
brute = OptionGroup(parser, "Brute force", "These " brute = OptionGroup(parser, "Brute force", "These "
"options can be used to run brute force " "options can be used to run brute force "

14
plugins/generic/enumeration.py
View File

@ -16,6 +16,7 @@ from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import filterPairValues from lib.core.common import filterPairValues
from lib.core.common import getLimitRange from lib.core.common import getLimitRange
from lib.core.common import getSQLSnippet
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import isInferenceAvailable from lib.core.common import isInferenceAvailable
from lib.core.common import isListLike from lib.core.common import isListLike
@ -2463,3 +2464,16 @@ class Enumeration:
elif output != "Quit": elif output != "Quit":
dataToStdout("No output\n") dataToStdout("No output\n")
def sqlFile(self):
infoMsg = "executing SQL statements from given file(s)"
logger.info(infoMsg)
for sfile in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
found = False
sfile = sfile.strip()
if not sfile:
continue
self.sqlQuery(getSQLSnippet(Backend.getDbms(), sfile))

3
sqlmap.conf
View File

@ -432,6 +432,9 @@ query =
# Valid: True or False # Valid: True or False
sqlShell = False sqlShell = False
# Execute SQL statements from given file(s).
sqlFile =
# These options can be used to run brute force checks. # These options can be used to run brute force checks.
[Brute force] [Brute force]