Added preventive check for stacked queries support when executing DDL,

bdamele · bdamele · commit 7e8ac16245ad · 2008-12-19T20:48:33.000Z
DML &amp; co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -2,6 +2,10 @@ sqlmap (0.6.4-1) stable; urgency=low
 
   * Major improvement to the comparison algorithm to make it work also if
     the page content changes at each refresh; (work in progress)
+  * Major enhancement to support SQL data definition statements, SQL data
+    manipulation statements, etc from user in SQL query and SQL shell if
+    stacked queries are supported by the web application technology in
+    use;
   * Minor enhancement to support an option (--is-dba) to show if the
     current user is a database management system administrator;
   * Added support internally to forge CASE statements, used only by
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -522,7 +522,7 @@ def __setHTTPTimeout():
 
             conf.timeout = 3.0
     else:
-        conf.timeout = 10.0
+        conf.timeout = 30.0
 
     socket.setdefaulttimeout(conf.timeout)
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -109,7 +109,7 @@ def cmdLineParser():
 
         request.add_option("--timeout", dest="timeout", type="float",
                            help="Seconds to wait before timeout connection "
-                                "(default 10)")
+                                "(default 30)")
 
 
         # Injection options
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -45,6 +45,7 @@
 from lib.parse.banner import bannerParser
 from lib.request import inject
 from lib.request.connect import Connect as Request
+from lib.techniques.outband.stacked import stackedTest
 
 
 class Enumeration:
@@ -1053,24 +1054,36 @@ def sqlQuery(self, query):
 
                     break
 
-        if sqlType:
+        if selectQuery == True:
             infoMsg = "fetching %s query output: '%s'" % (sqlType, query)
+            logger.info(infoMsg)
+
+            output = inject.getValue(query, fromUser=True)
         else:
-            infoMsg = "fetching SQL query output: '%s'" % query
+            if kb.stackedTest == None:
+                stackedTest()
 
-        logger.info(infoMsg)
+            if kb.stackedTest == False:
+                warnMsg  = "the web application does not support "
+                warnMsg += "stacked queries"
+                logger.warn(warnMsg)
 
-        if selectQuery == False:
-            # TODO: test if stacked queries are supported by the web
-            # application before injecting
-            inject.goStacked(query)
-        else:
-            output = inject.getValue(query, fromUser=True)
+                return None
+            else:
+                if sqlType:
+                    infoMsg = "executing %s query: '%s'" % (sqlType, query)
+                else:
+                    infoMsg = "executing unknown SQL type query: '%s'" % query
+                logger.info(infoMsg)
 
-        if output == "Quit":
-            return None
-        else:
-            return output
+                inject.goStacked(query)
+
+                infoMsg = "done"
+                logger.info(infoMsg)
+
+                output = False
+
+        return output
 
 
     def sqlShell(self):
@@ -1105,5 +1118,9 @@ def sqlShell(self):
 
             if output and output != "Quit":
                 dumper.string(query, output)
+
+            elif output == False:
+                pass
+
             elif output != "Quit":
                 print "No output"
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -79,8 +79,8 @@ delay = 0
 
 # Seconds to wait before timeout connection.
 # Valid: float
-# Default: 10
-timeout = 10
+# Default: 30
+timeout = 30
 
 
 [Injection]
