important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode

2024-11-22 01:26:42 +03:00 · 2011-01-02 10:37:32 +00:00 · 2011-01-02 10:37:32 +00:00 · dce9a762f1
commit dce9a762f1
parent 96341f8f78
4 changed files with 57 additions and 2 deletions
--- a/lib/core/data.py
+++ b/lib/core/data.py
@ -21,6 +21,9 @@ from lib.core.settings import FIREBIRD_ALIASES
 # sqlmap paths
 paths = advancedDict()

+# object to store original command line options
+cmdLineOptions = advancedDict()
+
 # object to share within function and classes command
 # line options and settings
 conf = advancedDict()
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -40,6 +40,19 @@ def unSafeFormatString(value):
        retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]")
    return retVal

+def setTextOnly():
+    """
+    Save text only option to session file.
+    """
+
+    condition = (
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("Text only") )
+                )
+
+    if condition:
+        dataToSessionFile("[%s][None][None][Text only][True]\n" % conf.url)
+
 def setString():
    """
    Save string to match in session file.
@ -263,7 +276,23 @@ def setRemoteTempPath():
        dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath)))

 def resumeConfKb(expression, url, value):
-    if expression == "String" and url == conf.url:
+    if expression == "Text only" and url == conf.url:
+        value = unSafeFormatString(value[:-1])
+
+        logMsg = "resuming text only option '%s' from session file" % value
+        logger.info(logMsg)
+
+        if value and not conf.textOnly:
+            message = "you did not turned on --text-only switch this time "
+            message += "which could potentially lead to different "
+            message += "and/or unstable results. "
+            message += "Do you want to turn it on? [Y/n] "
+            test = readInput(message, default="Y")
+
+            if not test or test[0] in ("y", "Y"):
+                conf.textOnly = value
+
+    elif expression == "String" and url == conf.url:
        string = unSafeFormatString(value[:-1])

        logMsg = "resuming string match '%s' from session file" % string
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -16,6 +16,7 @@ import time
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import readInput
+from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -29,6 +30,7 @@ from lib.core.exception import sqlmapSyntaxException
 from lib.core.option import __setDBMS
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
+from lib.core.session import setTextOnly
 from lib.core.xmldump import dumper as xmldumper
 from lib.request.connect import Connect as Request

@ -263,6 +265,22 @@ def __createTargetDirs():
    __createFilesDir()
    __configureDumper()

+def __saveSwitches():
+    """
+    Store critical switches to the session file.
+    """
+    if conf.textOnly:
+        setTextOnly()
+
+def __restoreCmdLineOptions():
+    """
+    Restore command line options that could be possibly 
+    changed during the testing of previous target.
+    """
+    conf.regexp = cmdLineOptions.regexp
+    conf.string = cmdLineOptions.string
+    conf.textOnly = cmdLineOptions.textOnly
+
 def initTargetEnv():
    """
    Initialize target environment.
@ -277,9 +295,11 @@ def initTargetEnv():
        conf.sessionFile   = None

        __setKnowledgeBaseAttributes(False)
+        __restoreCmdLineOptions()
        __setDBMS()

 def setupTargetEnv():
    __createTargetDirs()
    __setRequestParams()
    __setOutputResume()
+    __saveSwitches()
--- a/sqlmap.py
+++ b/sqlmap.py
@ -29,6 +29,7 @@ from lib.core.common import dataToStdout
 from lib.core.common import getUnicode
 from lib.core.common import setPaths
 from lib.core.common import weAreFrozen
+from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -64,7 +65,9 @@ def main():
    setPaths()

    banner()
-    cmdLineOptions = cmdLineParser()
+
+    # Store original command line options for possible later restoration
+    cmdLineOptions.update(cmdLineParser().__dict__)

    dataToStdout("[*] starting at: %s\n\n" % time.strftime("%X"), forceOutput=True)