Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8fe37f3

Browse files
stamparmstamparm
committed
Update for #3486 
1 parent 9789d65 commit 8fe37f3

5 files changed

Lines changed: 22 additions & 8 deletions

File tree

lib/core/settings.py

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.2.21"
22+
VERSION = "1.3.2.22"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -773,6 +773,9 @@
773773
OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
774774
}
775775

776+
# Table prefix to use in "takeover" functionalities (i.e. auxiliary tables used by sqlmap at the vulnerable DBMS)
777+
TAKEOVER_TABLE_PREFIX = "sqlmap"
778+
776779
# Suffixes used in brute force search for web server document root
777780
BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all", "www/build")
778781

@@ -809,3 +812,11 @@
809812
font-size:12px;
810813
}
811814
</style>"""
815+
816+
# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)
817+
818+
for key, value in os.environ.items():
819+
if key.upper().startswith("%s_" % SQLMAP_ENVIRONMENT_PREFIX):
820+
_ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()
821+
if _ in globals():
822+
globals()[_] = value

lib/request/direct.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
from lib.core.enums import DBMS
2626
from lib.core.enums import EXPECTED
2727
from lib.core.enums import TIMEOUT_STATE
28+
from lib.core.settings import TAKEOVER_TABLE_PREFIX
2829
from lib.core.settings import UNICODE_ENCODING
2930
from lib.utils.timeout import timeout
3031

@@ -53,7 +54,7 @@ def direct(query, content=True):
5354

5455
if not select and "EXEC " not in query.upper():
5556
timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
56-
elif not (output and "sqlmapoutput" not in query and "sqlmapfile" not in query):
57+
elif not (output and ("%soutput" % TAKEOVER_TABLE_PREFIX) not in query and ("%sfile" % TAKEOVER_TABLE_PREFIX) not in query):
5758
output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
5859
if state == TIMEOUT_STATE.NORMAL:
5960
hashDBWrite(query, output, True)

plugins/generic/filesystem.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
from lib.core.enums import EXPECTED
2929
from lib.core.enums import PAYLOAD
3030
from lib.core.exception import SqlmapUndefinedMethod
31+
from lib.core.settings import TAKEOVER_TABLE_PREFIX
3132
from lib.core.settings import UNICODE_ENCODING
3233
from lib.request import inject
3334

@@ -37,7 +38,7 @@ class Filesystem:
3738
"""
3839

3940
def __init__(self):
40-
self.fileTblName = "sqlmapfile"
41+
self.fileTblName = "%sfile" % TAKEOVER_TABLE_PREFIX
4142
self.tblField = "data"
4243

4344
def _checkFileLength(self, localFile, remoteFile, fileRead=False):

plugins/generic/takeover.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
from lib.core.exception import SqlmapSystemException
2525
from lib.core.exception import SqlmapUndefinedMethod
2626
from lib.core.exception import SqlmapUnsupportedDBMSException
27+
from lib.core.settings import TAKEOVER_TABLE_PREFIX
2728
from lib.takeover.abstraction import Abstraction
2829
from lib.takeover.icmpsh import ICMPsh
2930
from lib.takeover.metasploit import Metasploit
@@ -37,7 +38,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
3738
"""
3839

3940
def __init__(self):
40-
self.cmdTblName = "sqlmapoutput"
41+
self.cmdTblName = ("%soutput" % TAKEOVER_TABLE_PREFIX)
4142
self.tblField = "data"
4243

4344
Abstraction.__init__(self)

txt/checksum.md5

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
5050
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
5151
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
5252
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
53-
7ba3ce7dc1e4c29923c3b72f0a5b5ae2 lib/core/settings.py
53+
8b2b5526b9a22e010342ff8f37e1cb15 lib/core/settings.py
5454
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
5555
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
5656
43772ea73e9e3d446f782af591cb4eda lib/core/target.py
@@ -73,7 +73,7 @@ e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py
7373
97b7577fdfe3d8537fe9ea3a070d0507 lib/request/basic.py
7474
fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py
7575
2fde12a95133b26699e26a5c56311c38 lib/request/connect.py
76-
7cba86090b02558f04c6692cef66e772 lib/request/direct.py
76+
43005bd6a78e9cf0f3ed2283a1cb122e lib/request/direct.py
7777
2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py
7878
ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py
7979
fb6be55d21a70765e35549af2484f762 lib/request/__init__.py
@@ -218,13 +218,13 @@ d749b7f7b4bcf1f646290dec739f1e6d plugins/generic/custom.py
218218
b5e9bc087d2cc3defcc9e468785a0462 plugins/generic/databases.py
219219
4cf8eb3719c980c54a92f838a999d090 plugins/generic/entries.py
220220
f3624debb8ae6fbcfb5f1b7f1d0743d1 plugins/generic/enumeration.py
221-
cda119b7b0d1afeb60f912009cdb0cf5 plugins/generic/filesystem.py
221+
07733664167a2d082d253c119630d27b plugins/generic/filesystem.py
222222
65e75cd3c2c7acffa6ac13b086e0f383 plugins/generic/fingerprint.py
223223
fb6be55d21a70765e35549af2484f762 plugins/generic/__init__.py
224224
de1928d6865547764ae9a896da4bf1d4 plugins/generic/misc.py
225225
c95bf3dec22cc638100efef99e2ccc3c plugins/generic/search.py
226226
1989f6cbed217f4222dc2dce72992d91 plugins/generic/syntax.py
227-
44c388ea08d4296e2bf2706e19cbe64a plugins/generic/takeover.py
227+
4b539275dcee14683557da4aaf58b36c plugins/generic/takeover.py
228228
f57914512ae22521b988b5094f1a0d6f plugins/generic/users.py
229229
fb6be55d21a70765e35549af2484f762 plugins/__init__.py
230230
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_

0 commit comments

Comments
 (0)