initial work for issue #33

2024-11-25 02:53:46 +03:00 · 2012-07-10 00:27:08 +01:00 · 2012-07-10 00:27:08 +01:00 · c4af7b9aa0
commit c4af7b9aa0
parent d3da3f5c52
5 changed files with 25 additions and 1 deletions
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@ -118,6 +118,9 @@ def action():
    if conf.sqlShell:
        conf.dbmsHandler.sqlShell()

+    if conf.sqlFile:
+        conf.dbmsHandler.sqlFile()
+
    # User-defined function options
    if conf.udfInject:
        conf.dbmsHandler.udfInjectCustom()
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -119,7 +119,8 @@ optDict = {
                               "firstChar":         "integer",
                               "lastChar":          "integer",
                               "query":             "string",
-                               "sqlShell":          "boolean"
+                               "sqlShell":          "boolean",
+                               "sqlFile":           "string"
                             },

            "Brute":         {
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -383,6 +383,9 @@ def cmdLineParser():
                               action="store_true",
                               help="Prompt for an interactive SQL shell")

+        enumeration.add_option("--sql-file", dest="sqlFile",
+                               help="Execute SQL statements from given file(s)")
+
        # User-defined function options
        brute = OptionGroup(parser, "Brute force", "These "
                          "options can be used to run brute force "
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -16,6 +16,7 @@ from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import filterPairValues
 from lib.core.common import getLimitRange
+from lib.core.common import getSQLSnippet
 from lib.core.common import getUnicode
 from lib.core.common import isInferenceAvailable
 from lib.core.common import isListLike
@ -2463,3 +2464,16 @@ class Enumeration:

            elif output != "Quit":
                dataToStdout("No output\n")
+
+    def sqlFile(self):
+        infoMsg = "executing SQL statements from given file(s)"
+        logger.info(infoMsg)
+
+        for sfile in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
+            found = False
+            sfile = sfile.strip()
+
+            if not sfile:
+                continue
+
+            self.sqlQuery(getSQLSnippet(Backend.getDbms(), sfile))
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -432,6 +432,9 @@ query =
 # Valid: True or False
 sqlShell = False

+# Execute SQL statements from given file(s).
+sqlFile = 
+

 # These options can be used to run brute force checks.
 [Brute force]