diff --git a/lib/controller/action.py b/lib/controller/action.py index a05e8f7f4..a4de8dffd 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -140,11 +140,11 @@ def action(): conf.dbmsHandler.udfInjectCustom() # File system options - if conf.rFile: - conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile)) + if conf.fileRead: + conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead)) - if conf.wFile: - conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType) + if conf.fileWrite: + conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType) # Operating system options if conf.osCmd: diff --git a/lib/core/option.py b/lib/core/option.py index 502a79101..9e70fb8da 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -608,22 +608,22 @@ def _setMetasploit(): raise SqlmapFilePathException(errMsg) def _setWriteFile(): - if not conf.wFile: + if not conf.fileWrite: return debugMsg = "setting the write file functionality" logger.debug(debugMsg) - if not os.path.exists(conf.wFile): - errMsg = "the provided local file '%s' does not exist" % conf.wFile + if not os.path.exists(conf.fileWrite): + errMsg = "the provided local file '%s' does not exist" % conf.fileWrite raise SqlmapFilePathException(errMsg) - if not conf.dFile: + if not conf.fileDest: errMsg = "you did not provide the back-end DBMS absolute path " - errMsg += "where you want to write the local file '%s'" % conf.wFile + errMsg += "where you want to write the local file '%s'" % conf.fileWrite raise SqlmapMissingMandatoryOptionException(errMsg) - conf.wFileType = getFileType(conf.wFile) + conf.fileWriteType = getFileType(conf.fileWrite) def _setOS(): """ @@ -1509,14 +1509,14 @@ def _cleanupOptions(): if conf.url: conf.url = conf.url.strip() - if conf.rFile: - conf.rFile = ntToPosixSlashes(normalizePath(conf.rFile)) + if conf.fileRead: + conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead)) - if conf.wFile: - conf.wFile = ntToPosixSlashes(normalizePath(conf.wFile)) + if conf.fileWrite: + conf.fileWrite = ntToPosixSlashes(normalizePath(conf.fileWrite)) - if conf.dFile: - conf.dFile = ntToPosixSlashes(normalizePath(conf.dFile)) + if conf.fileDest: + conf.fileDest = ntToPosixSlashes(normalizePath(conf.fileDest)) if conf.sitemapUrl and not conf.sitemapUrl.lower().startswith("http"): conf.sitemapUrl = "http%s://%s" % ('s' if conf.forceSSL else '', conf.sitemapUrl) @@ -1699,7 +1699,7 @@ def _setConfAttributes(): conf.tests = [] conf.trafficFP = None conf.HARCollectorFactory = None - conf.wFileType = None + conf.fileWriteType = None def _setKnowledgeBaseAttributes(flushAll=True): """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 10c5b2c8e..6528e5cf3 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -165,9 +165,9 @@ optDict = { }, "File system": { - "rFile": "string", - "wFile": "string", - "dFile": "string", + "fileRead": "string", + "fileWrite": "string", + "fileDest": "string", }, "Takeover": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e3d9cb12..22ac27401 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.17" +VERSION = "1.2.8.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -367,7 +367,7 @@ URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z" SENSITIVE_DATA_REGEX = r"(\s|=)(?P[^\s=]*%s[^\s]*)\s" # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the inside) -SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") +SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred") # Maximum number of threads (avoiding connection issues and/or DoS) MAX_NUMBER_OF_THREADS = 10 diff --git a/lib/core/target.py b/lib/core/target.py index 43e153e1e..4691cec83 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -571,7 +571,7 @@ def _createFilesDir(): Create the file directory. """ - if not conf.rFile: + if not conf.fileRead: return conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b255b9da1..24dfa7d6b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -471,13 +471,13 @@ def cmdLineParser(argv=None): # File system options filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system") - filesystem.add_option("--file-read", dest="rFile", + filesystem.add_option("--file-read", dest="fileRead", help="Read a file from the back-end DBMS file system") - filesystem.add_option("--file-write", dest="wFile", + filesystem.add_option("--file-write", dest="fileWrite", help="Write a local file on the back-end DBMS file system") - filesystem.add_option("--file-dest", dest="dFile", + filesystem.add_option("--file-dest", dest="fileDest", help="Back-end DBMS absolute filepath to write to") # Takeover options diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index ed0ad2c41..7e2d46dd2 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -108,7 +108,7 @@ class UDF: return output def udfCheckNeeded(self): - if (not conf.rFile or (conf.rFile and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs: + if (not conf.fileRead or (conf.fileRead and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs: self.sysUdfs.pop("sys_fileread") if not conf.osPwn: diff --git a/sqlmap.conf b/sqlmap.conf index 962651c57..b81fa51f4 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -579,15 +579,15 @@ shLib = # Read a specific file from the back-end DBMS underlying file system. # Examples: /etc/passwd or C:\boot.ini -rFile = +fileRead = # Write a local file to a specific path on the back-end DBMS underlying # file system. # Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt -wFile = +fileWrite = # Back-end DBMS absolute filepath to write the file to. -dFile = +fileDest = # These options can be used to access the back-end database management diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b6e6815a6..322cb7797 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py -0f581182871148b0456a691ae85b04c0 lib/controller/action.py +3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py bc3800ec099df253968b3a7fc1ffce44 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py @@ -40,18 +40,18 @@ ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -05f72baa2db4073bb0273d7fc1df13eb lib/core/optiondict.py -8e759d4c8711a5980d4bdc2d044a4fd4 lib/core/option.py +7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py +6826030069e1cd88eb87603a50b2d251 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -780178e74a59e86cfd73135528686abd lib/core/settings.py +85751568ce17296e01728f4e8041e13b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py +815d1cf27f0f8738d81531e73149867d lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -babf5c48bc6a3797fc459706af4465cd lib/parse/cmdline.py +7b2a20d7f149cc2522275e5df23bdc54 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -86,7 +86,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py 46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py -48575dde7bb867b7937769f569a98309 lib/takeover/udf.py +6a49f359b922df0247eb236126596336 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py