added skeleton code for issue #34, still not usable

bdamele · bdamele · commit 7b4ecd9df0b5 · 2012-07-02T00:22:34.000+01:00
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -558,6 +558,28 @@ def __findPageForms():
 
     findPageForms(page, conf.url, True, True)
 
+def __setDBMSAuthentication():
+    """
+    Check and set the DBMS authentication credentials to run statements as
+    another user, not the session user
+    """
+
+    if not conf.dCred:
+        return
+
+    debugMsg = "setting the DBMS authentication credentials"
+    logger.debug(debugMsg)
+
+    dCredRegExp = re.search("^(.+?):(.*?)$", conf.dCred)
+
+    if not dCredRegExp:
+        errMsg = "DBMS authentication credentials value must be in format "
+        errMsg += "username:password"
+        raise sqlmapSyntaxException, errMsg
+
+    conf.dbmsUsername = dCredRegExp.group(1)
+    conf.dbmsPassword = dCredRegExp.group(2)
+
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
         return
@@ -1992,7 +2014,7 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
     __setOS()
     __setWriteFile()
     __setMetasploit()
-
+    __setDBMSAuthentication()
     loadPayloads()
     __setPrefixSuffix()
     update()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -167,6 +167,7 @@
                                "checkTor":          "boolean",
                                "crawlDepth":        "integer",
                                "csvDel":            "string",
+                               "dCred":             "string",
                                "eta":               "boolean",
                                "flushSession":      "boolean",
                                "forms":             "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -516,10 +516,13 @@ def cmdLineParser():
                                   help="Delimiting character used in CSV output "
                                   "(default \"%s\")" % defaults.csvDel)
 
+        general.add_option("--dbms-cred", dest="dCred",
+                            help="DBMS authentication credentials (user:password)")
+
         general.add_option("--eta", dest="eta",
                             action="store_true",
                             help="Display for each output the "
-                                      "estimated time of arrival")
+                                 "estimated time of arrival")
 
         general.add_option("--flush-session", dest="flushSession",
                             action="store_true",
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -479,7 +479,7 @@ def goStacked(expression, silent=False):
         return direct(expression)
 
     comment = queries[Backend.getIdentifiedDbms()].comment.query
-    query = agent.prefixQuery("; %s" % expression)
+    query = agent.prefixQuery(";%s" % expression)
     query = agent.suffixQuery("%s;%s" % (query, comment))
     payload = agent.payload(newValue=query)
     Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -567,6 +567,14 @@ crawlDepth = 0
 # Default: ,
 csvDel = ,
 
+# DBMS authentication credentials (user:password). Useful if you want to
+# run SQL statements as another user, the back-end database management
+# system is PostgreSQL or Microsoft SQL Server and the parameter is
+# vulnerable by stacked queries SQL injection or you are connecting directly
+# to the DBMS (-d switch).
+# Syntax: username:password
+dCred = 
+
 # Retrieve each query output length and calculate the estimated time of
 # arrival in real time.
 # Valid: True or False
