MORPH
SIGN IN SIGN UP
sqlmapproject / sqlmap UNCLAIMED

Automatic SQL injection and database takeover tool

36950 0 0 Python
Normal View History Raw
Last preparations for DREI
2019-05-08 12:47:52 +02:00
#!/usr/bin/env python
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
"""
Bumping copyright year
2024-01-03 23:11:52 +01:00
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
See the file 'LICENSE' for copying permission
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
"""
Minor patch
2019-11-17 00:21:55 +01:00
import re
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
import time
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
from lib.core.agent import agent
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
from lib.core.common import Backend
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
from lib.core.common import calculateDeltaSeconds
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
from lib.core.common import extractExpectedValue
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
from lib.core.common import getCurrentThreadData
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
minor refactoring
2012-06-14 13:38:53 +00:00
from lib.core.common import isListLike
Fixes #3622
2019-05-06 00:54:21 +02:00
from lib.core.convert import getUnicode
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
from lib.core.data import conf
from lib.core.data import kb
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
from lib.core.data import logger
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.dicts import SQL_STATEMENTS
Minor refactoring
2012-12-07 11:54:34 +01:00
from lib.core.enums import CUSTOM_LOGGING
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
from lib.core.enums import DBMS
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
from lib.core.enums import EXPECTED
Bug fix (reconnecting in case of timeouted direct connection)
2016-10-17 22:55:07 +02:00
from lib.core.enums import TIMEOUT_STATE
refactoring
2011-01-30 11:36:03 +00:00
from lib.core.settings import UNICODE_ENCODING
Minor refactoring
2019-09-11 14:05:25 +02:00
from lib.utils.safe2bin import safecharencode
more update
2010-04-06 15:12:52 +00:00
from lib.utils.timeout import timeout
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
def direct(query, content=True):
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
2011-01-20 21:59:47 +00:00
select = True
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
query = agent.payloadDirect(query)
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
2012-05-22 09:33:22 +00:00
query = agent.adjustLateValues(query)
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
threadData = getCurrentThreadData()
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Minor fix
2014-04-03 09:00:14 +02:00
if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith("SELECT ") and " FROM " not in query.upper():
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
query = "%s FROM DUAL" % query
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
2011-01-20 21:59:47 +00:00
if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":
select = False
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
break
Minor patch
2019-11-17 00:21:55 +01:00
if select:
Minor patches
2020-11-30 23:33:08 +01:00
if re.search(r"(?i)\ASELECT ", query) is None:
Minor patch
2019-11-17 00:21:55 +01:00
query = "SELECT %s" % query
Minor patches
2020-11-30 23:33:08 +01:00
Minor patch
2019-11-17 00:21:55 +01:00
if conf.binaryFields:
Minor update
2019-11-17 00:52:04 +01:00
for field in conf.binaryFields:
Minor patch
2019-11-17 00:21:55 +01:00
field = field.strip()
if re.search(r"\b%s\b" % re.escape(field), query):
query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query)
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
2011-01-20 21:59:47 +00:00
Minor refactoring
2012-12-07 11:54:34 +01:00
logger.log(CUSTOM_LOGGING.PAYLOAD, query)
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
output = hashDBRetrieve(query, True, True)
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
start = time.time()
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Minor patches
2020-11-30 23:33:08 +01:00
if not select and re.search(r"(?i)\bEXEC ", query) is None:
Bug fix (reconnecting in case of timeouted direct connection)
2016-10-17 22:55:07 +02:00
timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
Adding support for #3870
2019-08-13 15:22:02 +02:00
elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
Bug fix (reconnecting in case of timeouted direct connection)
2016-10-17 22:55:07 +02:00
output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
if state == TIMEOUT_STATE.NORMAL:
hashDBWrite(query, output, True)
elif state == TIMEOUT_STATE.TIMEOUT:
conf.dbmsConnector.close()
conf.dbmsConnector.connect()
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
elif output:
infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
logger.info(infoMsg)
Some refactoring
2016-12-19 23:47:39 +01:00
minor update regarding -d and time based injections
2012-01-13 12:45:02 +00:00
threadData.lastQueryDuration = calculateDeltaSeconds(start)
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
minor beautification
2012-01-13 21:03:50 +00:00
if not output:
return output
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
elif content:
minor refactoring
2012-06-14 13:38:53 +00:00
if output and isListLike(output):
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
if len(output[0]) == 1:
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
output = [_[0] for _ in output]
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
minor fix
2012-02-27 12:55:28 +00:00
retVal = getUnicode(output, noneToNull=True)
return safecharencode(retVal) if kb.safeCharEncode else retVal
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
else:
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
return extractExpectedValue(output, EXPECTED.BOOL)
Reference in New Issue Copy Permalink