@@ -60,8 +60,8 @@ def vulnTest():
6060 """
6161
6262 TESTS = (
63- (u"-u <url > --flush-session --sql-query=\" SELECT '\u0161 u\u0107 uraj'\" --technique=U" , (u": '\u0161 u\u0107 uraj'" ,)),
64- (u"-u <url> --flush-session --sql-query=\" SELECT '\u0161 u\u0107 uraj'\" --technique=B --no-escape" , (u": '\u0161 u\u0107 uraj'" ,)),
63+ (u"-c <config > --flush-session --sql-query=\" SELECT '\u0161 u\u0107 uraj'\" --technique=U" , (u": '\u0161 u\u0107 uraj'" ,)),
64+ (u"-u <url> --flush-session --sql-query=\" SELECT '\u0161 u\u0107 uraj'\" --technique=B --no-escape --string=luther " , (u": '\u0161 u\u0107 uraj'" ,)),
6565 ("--list-tampers" , ("between" , "MySQL" , "xforwardedfor" )),
6666 ("-r <request> --flush-session -v 5" , ("CloudFlare" , "possible DBMS: 'SQLite'" , "User-agent: foobar" )),
6767 ("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors" , ("banner: '3." , "ORDER BY term out of range" , "~xp_cmdshell" , "Connection: keep-alive" )),
@@ -76,7 +76,7 @@ def vulnTest():
7676 ("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner" , ("NULL connection is supported with HEAD method" , "banner: '3." )),
7777 ("-u <url> --flush-session --parse-errors --test-filter=\" subquery\" --eval=\" import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\" localhost\" " , ("might be injectable" , ": syntax error" , "back-end DBMS: SQLite" , "WHERE or HAVING clause (subquery" )),
7878 ("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \" id>3\" " , ("banner: '3." , "INTEGER" , "TEXT" , "id" , "name" , "surname" , "2 entries" , "6E616D6569736E756C6C" )),
79- ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --answer =\" crack=n\" -v 3" , ("performed 6 queries" , "nameisnull" , "~using default dictionary" )),
79+ ("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --answers =\" crack=n\" -v 3" , ("performed 6 queries" , "nameisnull" , "~using default dictionary" )),
8080 ("-u <url> --flush-session --all" , ("5 entries" , "Type: boolean-based blind" , "Type: time-based blind" , "Type: UNION query" , "luther" , "blisset" , "fluffy" , "179ad45c6ce2cb97cf1029e212046e81" , "NULL" , "nameisnull" , "testpass" )),
8181 ("-u <url> -z \" tec=B\" --hex --fresh-queries --threads=4 --sql-query=\" SELECT * FROM users\" " , ("SELECT * FROM users [5]" , "nameisnull" )),
8282 ("-u '<url>&echo=foobar*' --flush-session" , ("might be vulnerable to cross-site scripting" ,)),
@@ -105,6 +105,9 @@ def _thread():
105105 except :
106106 time .sleep (1 )
107107
108+ handle , config = tempfile .mkstemp (suffix = ".conf" )
109+ os .close (handle )
110+
108111 handle , database = tempfile .mkstemp (suffix = ".sqlite" )
109112 os .close (handle )
110113
@@ -126,11 +129,14 @@ def _thread():
126129 url = "http://%s:%d/?id=1" % (address , port )
127130 direct = "sqlite3://%s" % database
128131
132+ content = open (os .path .abspath (os .path .join (os .path .dirname (__file__ ), ".." , ".." , "sqlmap.conf" ))).read ().replace ("url =" , "url = %s" % url )
133+ open (config , "w+" ).write (content )
134+
129135 for options , checks in TESTS :
130136 status = '%d/%d (%d%%) ' % (count , len (TESTS ), round (100.0 * count / len (TESTS )))
131137 dataToStdout ("\r [%s] [INFO] complete: %s" % (time .strftime ("%X" ), status ))
132138
133- cmd = "%s %s %s --batch" % (sys .executable , os .path .abspath (os .path .join (os .path .dirname (__file__ ), ".." , ".." , "sqlmap.py" )), options .replace ("<url>" , url ).replace ("<direct>" , direct ).replace ("<request>" , request ).replace ("<log>" , log ))
139+ cmd = "%s %s %s --batch" % (sys .executable , os .path .abspath (os .path .join (os .path .dirname (__file__ ), ".." , ".." , "sqlmap.py" )), options .replace ("<url>" , url ).replace ("<direct>" , direct ).replace ("<request>" , request ).replace ("<log>" , log ). replace ( "<config>" , config ) )
134140 output = shellExec (cmd )
135141
136142 if not all ((check in output if not check .startswith ('~' ) else check [1 :] not in output ) for check in checks ):
0 commit comments