initial work for issue #33

bdamele · bdamele · commit c4af7b9aa04b · 2012-07-10T00:27:08.000+01:00
diff --git a/lib/controller/action.py b/lib/controller/action.py
@@ -118,6 +118,9 @@ def action():
     if conf.sqlShell:
         conf.dbmsHandler.sqlShell()
 
+    if conf.sqlFile:
+        conf.dbmsHandler.sqlFile()
+
     # User-defined function options
     if conf.udfInject:
         conf.dbmsHandler.udfInjectCustom()
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -119,7 +119,8 @@
                                "firstChar":         "integer",
                                "lastChar":          "integer",
                                "query":             "string",
-                               "sqlShell":          "boolean"
+                               "sqlShell":          "boolean",
+                               "sqlFile":           "string"
                              },
 
             "Brute":         {
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -383,6 +383,9 @@ def cmdLineParser():
                                action="store_true",
                                help="Prompt for an interactive SQL shell")
 
+        enumeration.add_option("--sql-file", dest="sqlFile",
+                               help="Execute SQL statements from given file(s)")
+
         # User-defined function options
         brute = OptionGroup(parser, "Brute force", "These "
                           "options can be used to run brute force "
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -16,6 +16,7 @@
 from lib.core.common import dataToStdout
 from lib.core.common import filterPairValues
 from lib.core.common import getLimitRange
+from lib.core.common import getSQLSnippet
 from lib.core.common import getUnicode
 from lib.core.common import isInferenceAvailable
 from lib.core.common import isListLike
@@ -2463,3 +2464,16 @@ def sqlShell(self):
 
             elif output != "Quit":
                 dataToStdout("No output\n")
+
+    def sqlFile(self):
+        infoMsg = "executing SQL statements from given file(s)"
+        logger.info(infoMsg)
+
+        for sfile in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
+            found = False
+            sfile = sfile.strip()
+
+            if not sfile:
+                continue
+
+            self.sqlQuery(getSQLSnippet(Backend.getDbms(), sfile))
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -432,6 +432,9 @@ query =
 # Valid: True or False
 sqlShell = False
 
+# Execute SQL statements from given file(s).
+sqlFile = 
+
 
 # These options can be used to run brute force checks.
 [Brute force]
