Adding support for #3870

stamparm · stamparm · commit 3f1a8e81b4cb · 2019-08-13T15:22:02.000+02:00
diff --git a/lib/core/defaults.py b/lib/core/defaults.py
@@ -20,6 +20,7 @@
     "level": 1,
     "risk": 1,
     "dumpFormat": "CSV",
+    "tablePrefix": "sqlmap",
     "technique": "BEUSTQ",
     "torType": "SOCKS5",
 }
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.8.11"
+VERSION = "1.3.8.12"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -807,9 +807,6 @@
     OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }
 
-# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
-TAKEOVER_TABLE_PREFIX = "sqlmap"
-
 # Suffixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -666,6 +666,9 @@ def cmdLineParser(argv=None):
         general.add_argument("--skip-waf", dest="skipWaf", action="store_true",
             help="Skip heuristic detection of WAF/IPS protection")
 
+        general.add_argument("--table-prefix", dest="tablePrefix",
+            help="Prefix used for temporary tables (default: \"%s\")" % defaults.tablePrefix)
+
         general.add_argument("--test-filter", dest="testFilter",
             help="Select tests by payloads and/or titles (e.g. ROW)")
 
diff --git a/lib/request/direct.py b/lib/request/direct.py
@@ -25,7 +25,6 @@
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
 from lib.core.enums import TIMEOUT_STATE
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.utils.timeout import timeout
 
@@ -54,7 +53,7 @@ def direct(query, content=True):
 
     if not select and "EXEC " not in query.upper():
         timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
-    elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
+    elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
         output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
         if state == TIMEOUT_STATE.NORMAL:
             hashDBWrite(query, output, True)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
@@ -33,7 +33,6 @@
 from lib.core.enums import EXPECTED
 from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapUndefinedMethod
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.core.settings import UNICODE_ENCODING
 from lib.request import inject
 
@@ -43,7 +42,7 @@ class Filesystem(object):
     """
 
     def __init__(self):
-        self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
+        self.fileTblName = "%sfile" % conf.tablePrefix
         self.tblField = "data"
 
     def _checkFileLength(self, localFile, remoteFile, fileRead=False):
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
@@ -25,7 +25,6 @@
 from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapUndefinedMethod
 from lib.core.exception import SqlmapUnsupportedDBMSException
-from lib.core.settings import TAKEOVER_TABLE_PREFIX
 from lib.takeover.abstraction import Abstraction
 from lib.takeover.icmpsh import ICMPsh
 from lib.takeover.metasploit import Metasploit
@@ -37,7 +36,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry):
     """
 
     def __init__(self):
-        self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
+        self.cmdTblName = ("%soutput" % conf.tablePrefix)
         self.tblField = "data"
 
         Abstraction.__init__(self)
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -776,6 +776,10 @@ scope =
 # Valid: True or False
 skipWaf = False
 
+# Prefix used for temporary tables.
+# Default: sqlmap
+tablePrefix = sqlmap
+
 # Select tests by payloads and/or titles (e.g. ROW)
 testFilter =
 

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@`
`20`	`20`	`"level": 1,`
`21`	`21`	`"risk": 1,`
`22`	`22`	`"dumpFormat": "CSV",`
	`23`	`+ "tablePrefix": "sqlmap",`
`23`	`24`	`"technique": "BEUSTQ",`
`24`	`25`	`"torType": "SOCKS5",`
`25`	`26`	`}`