Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9cb1c4c

Browse files
bdamelebdamele
committed
plugin refactoring - issue #22 
1 parent dba0a96 commit 9cb1c4c

6 files changed

Lines changed: 2609 additions & 2437 deletions

File tree

plugins/generic/custom.py

Lines changed: 134 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,134 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
5+
See the file 'doc/COPYING' for copying permission
6+
"""
7+
8+
import re
9+
10+
from lib.core.common import Backend
11+
from lib.core.common import dataToStdout
12+
from lib.core.common import getSQLSnippet
13+
from lib.core.common import isTechniqueAvailable
14+
from lib.core.convert import utf8decode
15+
from lib.core.data import conf
16+
from lib.core.data import kb
17+
from lib.core.data import logger
18+
from lib.core.data import queries
19+
from lib.core.enums import PAYLOAD
20+
from lib.core.settings import PARAMETER_SPLITTING_REGEX
21+
from lib.core.settings import SQL_STATEMENTS
22+
from lib.core.shell import autoCompletion
23+
from lib.request import inject
24+
25+
class Custom:
26+
"""
27+
This class defines custom enumeration functionalities for plugins.
28+
"""
29+
30+
def __init__(self):
31+
pass
32+
33+
def sqlQuery(self, query):
34+
output = None
35+
sqlType = None
36+
query = query.rstrip(';')
37+
kb.unescape = False
38+
39+
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
40+
for sqlStatement in sqlStatements:
41+
if query.lower().startswith(sqlStatement):
42+
sqlType = sqlTitle
43+
break
44+
45+
if 'OPENROWSET' not in query.upper() and (not sqlType or 'SELECT' in sqlType):
46+
infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
47+
logger.info(infoMsg)
48+
49+
output = inject.getValue(query, fromUser=True)
50+
kb.unescape = True
51+
52+
return output
53+
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
54+
warnMsg = "execution of custom SQL queries is only "
55+
warnMsg += "available when stacked queries are supported"
56+
logger.warn(warnMsg)
57+
58+
kb.unescape = True
59+
60+
return None
61+
else:
62+
if sqlType:
63+
debugMsg = "executing %s query: '%s'" % (sqlType if sqlType is not None else "SQL", query)
64+
else:
65+
debugMsg = "executing unknown SQL type query: '%s'" % query
66+
logger.debug(debugMsg)
67+
68+
inject.goStacked(query)
69+
70+
debugMsg = "done"
71+
logger.debug(debugMsg)
72+
73+
output = False
74+
75+
kb.unescape = True
76+
77+
return output
78+
79+
def sqlShell(self):
80+
infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
81+
infoMsg += "'x' or 'q' and press ENTER"
82+
logger.info(infoMsg)
83+
84+
autoCompletion(sqlShell=True)
85+
86+
while True:
87+
query = None
88+
89+
try:
90+
query = raw_input("sql-shell> ")
91+
query = utf8decode(query)
92+
except KeyboardInterrupt:
93+
print
94+
errMsg = "user aborted"
95+
logger.error(errMsg)
96+
except EOFError:
97+
print
98+
errMsg = "exit"
99+
logger.error(errMsg)
100+
break
101+
102+
if not query:
103+
continue
104+
105+
if query.lower() in ("x", "q", "exit", "quit"):
106+
break
107+
108+
output = self.sqlQuery(query)
109+
110+
if output and output != "Quit":
111+
conf.dumper.query(query, output)
112+
113+
elif not output:
114+
pass
115+
116+
elif output != "Quit":
117+
dataToStdout("No output\n")
118+
119+
def sqlFile(self):
120+
infoMsg = "executing SQL statements from given file(s)"
121+
logger.info(infoMsg)
122+
123+
for sfile in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
124+
sfile = sfile.strip()
125+
126+
if not sfile:
127+
continue
128+
129+
query = getSQLSnippet(Backend.getDbms(), sfile)
130+
131+
infoMsg = "executing SQL statement%s from file '%s'" % ("s" if ";" in query else "", sfile)
132+
logger.info(infoMsg)
133+
134+
conf.dumper.query(query, self.sqlQuery(query))

0 commit comments

Comments
 (0)