mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
f316e722c1
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'. Minor enhancements. Minor bug fixes.
230 lines
8.4 KiB
Python
230 lines
8.4 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""
|
|
$Id$
|
|
|
|
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
|
|
|
|
Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
|
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
|
|
|
|
sqlmap is free software; you can redistribute it and/or modify it under
|
|
the terms of the GNU General Public License as published by the Free
|
|
Software Foundation version 2 of the License.
|
|
|
|
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
details.
|
|
|
|
You should have received a copy of the GNU General Public License along
|
|
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
|
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
"""
|
|
|
|
from xml.sax import parse
|
|
from xml.sax.handler import ContentHandler
|
|
|
|
from lib.core.common import checkFile
|
|
from lib.core.common import sanitizeStr
|
|
from lib.core.data import logger
|
|
from lib.core.data import queries
|
|
from lib.core.data import paths
|
|
from lib.core.datatype import advancedDict
|
|
|
|
class queriesHandler(ContentHandler):
|
|
"""
|
|
This class defines methods to parse the default DBMS queries
|
|
from an XML file
|
|
"""
|
|
|
|
def __init__(self):
|
|
self.__dbms = ''
|
|
self.__queries = advancedDict()
|
|
|
|
def startElement(self, name, attrs):
|
|
if name == "dbms":
|
|
data = sanitizeStr(attrs.get("value"))
|
|
self.__dbms = data
|
|
|
|
elif name == "cast":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.cast = data
|
|
|
|
elif name == "length":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.length = data
|
|
|
|
elif name == "isnull":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.isnull = data
|
|
|
|
elif name == "delimiter":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.delimiter = data
|
|
|
|
elif name == "limit":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.limit = data
|
|
|
|
elif name == "limitregexp":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.limitregexp = data
|
|
|
|
elif name == "limitgroupstart":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.limitgroupstart = data
|
|
|
|
elif name == "limitgroupstop":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.limitgroupstop = data
|
|
|
|
elif name == "limitstring":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.limitstring = data
|
|
|
|
elif name == "order":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.order = data
|
|
|
|
elif name == "count":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.count = data
|
|
|
|
elif name == "comment":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.comment = data
|
|
|
|
elif name == "timedelay":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.timedelay = data
|
|
|
|
data = sanitizeStr(attrs.get("query2"))
|
|
self.__queries.timedelay2 = data
|
|
|
|
elif name == "substring":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.substring = data
|
|
|
|
elif name == "case":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.case = data
|
|
|
|
elif name == "inference":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.inference = data
|
|
|
|
elif name == "banner":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.banner = data
|
|
|
|
elif name == "current_user":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.currentUser = data
|
|
|
|
elif name == "current_db":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.currentDb = data
|
|
|
|
elif name == "is_dba":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.isDba = data
|
|
|
|
elif name == "check_udf":
|
|
data = sanitizeStr(attrs.get("query"))
|
|
self.__queries.checkUdf = data
|
|
|
|
elif name == "inband":
|
|
self.__inband = sanitizeStr(attrs.get("query"))
|
|
self.__inband2 = sanitizeStr(attrs.get("query2"))
|
|
self.__condition = sanitizeStr(attrs.get("condition"))
|
|
self.__condition2 = sanitizeStr(attrs.get("condition2"))
|
|
|
|
elif name == "blind":
|
|
self.__blind = sanitizeStr(attrs.get("query"))
|
|
self.__blind2 = sanitizeStr(attrs.get("query2"))
|
|
self.__count = sanitizeStr(attrs.get("count"))
|
|
self.__count2 = sanitizeStr(attrs.get("count2"))
|
|
self.__condition = sanitizeStr(attrs.get("condition"))
|
|
self.__condition2 = sanitizeStr(attrs.get("condition2"))
|
|
|
|
def endElement(self, name):
|
|
if name == "dbms":
|
|
queries[self.__dbms] = self.__queries
|
|
self.__queries = advancedDict()
|
|
|
|
elif name == "users":
|
|
self.__users = {}
|
|
self.__users["inband"] = { "query": self.__inband, "query2": self.__inband2 }
|
|
self.__users["blind"] = { "query": self.__blind, "query2": self.__blind2,
|
|
"count": self.__count, "count2": self.__count2 }
|
|
|
|
self.__queries.users = self.__users
|
|
|
|
elif name == "passwords":
|
|
self.__passwords = {}
|
|
self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition }
|
|
self.__passwords["blind"] = { "query": self.__blind, "query2": self.__blind2,
|
|
"count": self.__count, "count2": self.__count2 }
|
|
|
|
self.__queries.passwords = self.__passwords
|
|
|
|
elif name == "privileges":
|
|
self.__privileges = {}
|
|
self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
|
|
self.__privileges["blind"] = { "query": self.__blind, "query2": self.__blind2,
|
|
"count": self.__count, "count2": self.__count2 }
|
|
|
|
self.__queries.privileges = self.__privileges
|
|
|
|
elif name == "dbs":
|
|
self.__dbs = {}
|
|
self.__dbs["inband"] = { "query": self.__inband, "query2": self.__inband2 }
|
|
self.__dbs["blind"] = { "query": self.__blind, "query2": self.__blind2,
|
|
"count": self.__count, "count2": self.__count2 }
|
|
|
|
self.__queries.dbs = self.__dbs
|
|
|
|
elif name == "tables":
|
|
self.__tables = {}
|
|
self.__tables["inband"] = { "query": self.__inband, "condition": self.__condition }
|
|
self.__tables["blind"] = { "query": self.__blind, "count": self.__count }
|
|
|
|
self.__queries.tables = self.__tables
|
|
|
|
elif name == "columns":
|
|
self.__columns = {}
|
|
self.__columns["inband"] = { "query": self.__inband, "condition": self.__condition }
|
|
self.__columns["blind"] = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__condition }
|
|
|
|
self.__queries.columns = self.__columns
|
|
|
|
elif name == "dump_column":
|
|
self.__dumpColumn = {}
|
|
self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
|
|
self.__dumpColumn["blind"] = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__condition, "condition2": self.__condition2 }
|
|
|
|
self.__queries.dumpColumn = self.__dumpColumn
|
|
|
|
elif name == "dump_table":
|
|
self.__dumpTable = {}
|
|
self.__dumpTable["inband"] = { "query": self.__inband }
|
|
self.__dumpTable["blind"] = { "query": self.__blind, "count": self.__count }
|
|
|
|
self.__queries.dumpTable = self.__dumpTable
|
|
|
|
def queriesParser():
|
|
"""
|
|
This function calls a class to parse the default DBMS queries
|
|
from an XML file
|
|
"""
|
|
|
|
debugMsg = "parsing XML queries file"
|
|
logger.debug(debugMsg)
|
|
|
|
xmlfile = paths.QUERIES_XML
|
|
|
|
checkFile(xmlfile)
|
|
handler = queriesHandler()
|
|
parse(xmlfile, handler)
|