sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-02 10:37:32 +00:00
parent 96341f8f78
commit dce9a762f1
4 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/data.py
View File

@ -21,6 +21,9 @@ from lib.core.settings import FIREBIRD_ALIASES
# sqlmap paths # sqlmap paths
paths = advancedDict() paths = advancedDict()
# object to store original command line options
cmdLineOptions = advancedDict()
# object to share within function and classes command # object to share within function and classes command
# line options and settings # line options and settings
conf = advancedDict() conf = advancedDict()

31
lib/core/session.py
View File

@ -40,6 +40,19 @@ def unSafeFormatString(value):
retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]") retVal = retVal.replace("__LEFT_SQUARE_BRACKET__", "[").replace("__RIGHT_SQUARE_BRACKET__", "]")
return retVal return retVal
def setTextOnly():
"""
Save text only option to session file.
"""
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Text only") )
)
if condition:
dataToSessionFile("[%s][None][None][Text only][True]\n" % conf.url)
def setString(): def setString():
""" """
Save string to match in session file. Save string to match in session file.
@ -263,7 +276,23 @@ def setRemoteTempPath():
dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath))) dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath)))
def resumeConfKb(expression, url, value): def resumeConfKb(expression, url, value):
if expression == "String" and url == conf.url: if expression == "Text only" and url == conf.url:
value = unSafeFormatString(value[:-1])
logMsg = "resuming text only option '%s' from session file" % value
logger.info(logMsg)
if value and not conf.textOnly:
message = "you did not turned on --text-only switch this time "
message += "which could potentially lead to different "
message += "and/or unstable results. "
message += "Do you want to turn it on? [Y/n] "
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
conf.textOnly = value
elif expression == "String" and url == conf.url:
string = unSafeFormatString(value[:-1]) string = unSafeFormatString(value[:-1])
logMsg = "resuming string match '%s' from session file" % string logMsg = "resuming string match '%s' from session file" % string

20
lib/core/target.py
View File

@ -16,6 +16,7 @@ import time
from lib.core.common import dataToSessionFile from lib.core.common import dataToSessionFile
from lib.core.common import paramToDict from lib.core.common import paramToDict
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.data import cmdLineOptions
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -29,6 +30,7 @@ from lib.core.exception import sqlmapSyntaxException
from lib.core.option import __setDBMS from lib.core.option import __setDBMS
from lib.core.option import __setKnowledgeBaseAttributes from lib.core.option import __setKnowledgeBaseAttributes
from lib.core.session import resumeConfKb from lib.core.session import resumeConfKb
from lib.core.session import setTextOnly
from lib.core.xmldump import dumper as xmldumper from lib.core.xmldump import dumper as xmldumper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -263,6 +265,22 @@ def __createTargetDirs():
__createFilesDir() __createFilesDir()
__configureDumper() __configureDumper()
def __saveSwitches():
"""
Store critical switches to the session file.
"""
if conf.textOnly:
setTextOnly()
def __restoreCmdLineOptions():
"""
Restore command line options that could be possibly
changed during the testing of previous target.
"""
conf.regexp = cmdLineOptions.regexp
conf.string = cmdLineOptions.string
conf.textOnly = cmdLineOptions.textOnly
def initTargetEnv(): def initTargetEnv():
""" """
Initialize target environment. Initialize target environment.
@ -277,9 +295,11 @@ def initTargetEnv():
conf.sessionFile = None conf.sessionFile = None
__setKnowledgeBaseAttributes(False) __setKnowledgeBaseAttributes(False)
__restoreCmdLineOptions()
__setDBMS() __setDBMS()
def setupTargetEnv(): def setupTargetEnv():
__createTargetDirs() __createTargetDirs()
__setRequestParams() __setRequestParams()
__setOutputResume() __setOutputResume()
__saveSwitches()

5
sqlmap.py
View File

@ -29,6 +29,7 @@ from lib.core.common import dataToStdout
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import setPaths from lib.core.common import setPaths
from lib.core.common import weAreFrozen from lib.core.common import weAreFrozen
from lib.core.data import cmdLineOptions
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -64,7 +65,9 @@ def main():
setPaths() setPaths()
banner() banner()
cmdLineOptions = cmdLineParser()
# Store original command line options for possible later restoration
cmdLineOptions.update(cmdLineParser().__dict__)
dataToStdout("[*] starting at: %s\n\n" % time.strftime("%X"), forceOutput=True) dataToStdout("[*] starting at: %s\n\n" % time.strftime("%X"), forceOutput=True)