sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactoring for issue #51

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-10 00:19:32 +01:00
parent 25eca9d671
commit d3da3f5c52
17 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@ -11,7 +11,7 @@ from xml.etree import ElementTree as ET
from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getSPQLSnippet
from lib.core.common import getSQLSnippet
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomInt
@ -820,7 +820,7 @@ class Agent:
def runAsDBMSUser(self, query):
if conf.dCred and "Ad Hoc Distributed Queries" not in query:
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
query = getSQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
return query

11
lib/core/common.py
View File

@ -1543,15 +1543,15 @@ def parseXmlFile(xmlFile, handler):
with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream:
parse(stream, handler)
def getSPQLSnippet(dbms, name, **variables):
def getSQLSnippet(dbms, sfile, **variables):
"""
Returns content of SP(Q)L snippet located inside "procs" directory
Returns content of SQL snippet located inside 'procs/' directory
"""
filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], "%s.txt" % name)
filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
checkFile(filename)
retVal = readCachedFileContent(filename)
retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal)
retVal = re.sub(r"(?s);\s+", "; ", retVal).strip()
@ -1565,8 +1565,9 @@ def getSPQLSnippet(dbms, name, **variables):
retVal = retVal.replace(_, randomInt())
_ = re.search(r"%(\w+)%", retVal, re.I)
if _:
errMsg = "unresolved variable '%s' in SPL snippet '%s'" % (_.group(1), name)
errMsg = "unresolved variable '%s' in SQL file '%s'" % (_.group(1), sfile)
raise sqlmapGenericException, errMsg
return retVal

6
lib/takeover/abstraction.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import dataToStdout
from lib.core.common import Backend
from lib.core.common import getSPQLSnippet
from lib.core.common import getSQLSnippet
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@ -163,12 +163,12 @@ class Abstraction(Web, UDF, xp_cmdshell):
choice = readInput(msg, default="Y")
if not choice or choice in ("y", "Y"):
expression = getSPQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
expression = getSQLSnippet(DBMS.MSSQL, "configure_openrowset", ENABLE="1")
inject.goStacked(expression)
# TODO: add support for PostgreSQL
#elif Backend.isDbms(DBMS.PGSQL):
# expression = getSPQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1")
# expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1")
# inject.goStacked(expression)
def initEnv(self, mandatory=True, detailed=False, web=False):

12
lib/takeover/xp_cmdshell.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import getLimitRange
from lib.core.common import getSPQLSnippet
from lib.core.common import getSQLSnippet
from lib.core.common import hashDBWrite
from lib.core.common import isListLike
from lib.core.common import isNoneValue
@ -48,14 +48,14 @@ class xp_cmdshell:
if Backend.isVersionWithin(("2005", "2008")):
logger.debug("activating sp_OACreate")
cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
inject.goStacked(agent.runAsDBMSUser(cmd))
self.__randStr = randomStr(lowercase=True)
self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew
cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
if Backend.isVersionWithin(("2005", "2008")):
cmd += ";RECONFIGURE WITH OVERRIDE"
@ -67,7 +67,7 @@ class xp_cmdshell:
debugMsg += "stored procedure"
logger.debug(debugMsg)
cmd = getSPQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
cmd = getSQLSnippet(DBMS.MSSQL, "configure_xp_cmdshell", ENABLE=str(mode))
return cmd
@ -77,9 +77,9 @@ class xp_cmdshell:
logger.debug(debugMsg)
if mode == 1:
cmd = getSPQLSnippet(DBMS.MSSQL, "enable_xp_cmdshell_2000", ENABLE=str(mode))
cmd = getSQLSnippet(DBMS.MSSQL, "enable_xp_cmdshell_2000", ENABLE=str(mode))
else:
cmd = getSPQLSnippet(DBMS.MSSQL, "disable_xp_cmdshell_2000", ENABLE=str(mode))
cmd = getSQLSnippet(DBMS.MSSQL, "disable_xp_cmdshell_2000", ENABLE=str(mode))
return cmd

4
lib/techniques/dns/use.py
View File

@ -16,7 +16,7 @@ from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToStdout
from lib.core.common import decodeHexValue
from lib.core.common import extractRegexResult
from lib.core.common import getSPQLSnippet
from lib.core.common import getSQLSnippet
from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
from lib.core.common import randomInt
@ -67,7 +67,7 @@ def dnsUse(payload, expression):
nulledCastedField = agent.hexConvertField(nulledCastedField)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionRequest = getSPQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
expressionUnescaped = unescaper.unescape(expressionRequest)
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):

7
procs/README.txt
View File

@ -1,3 +1,4 @@
Files in this folder represent SPL/SQL snippets used by sqlmap on the target
system. They are licensed under the terms of the GNU Lesser General Public
License.
Files in this folder represent SQL snippets used by sqlmap on the target
system.
They are licensed under the terms of the GNU Lesser General Public License
where not specified otherwise.

0
procs/mssqlserver/activate_sp_oacreate.txt → procs/mssqlserver/activate_sp_oacreate.sql
View File

0
procs/mssqlserver/configure_openrowset.txt → procs/mssqlserver/configure_openrowset.sql
View File

0
procs/mssqlserver/configure_xp_cmdshell.txt → procs/mssqlserver/configure_xp_cmdshell.sql
View File

0
procs/mssqlserver/create_new_xp_cmdshell.txt → procs/mssqlserver/create_new_xp_cmdshell.sql
View File

0
procs/mssqlserver/disable_xp_cmdshell_2000.txt → procs/mssqlserver/disable_xp_cmdshell_2000.sql
View File

0
procs/mssqlserver/dns_request.txt → procs/mssqlserver/dns_request.sql
View File

0
procs/mssqlserver/enable_xp_cmdshell_2000.txt → procs/mssqlserver/enable_xp_cmdshell_2000.sql
View File

0
procs/mssqlserver/run_statement_as_user.txt → procs/mssqlserver/run_statement_as_user.sql
View File

0
procs/mysql/dns_request.txt → procs/mysql/dns_request.sql
View File

0
procs/oracle/dns_request.txt → procs/oracle/dns_request.sql
View File

0
procs/postgresql/dns_request.txt → procs/postgresql/dns_request.sql
View File