def engine_start(self):
if os.path.exists("sqlmap.py"):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)
else:
self.process = Popen(["sqlmap", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
def engine_start(self):
if os.path.exists("sqlmap.py"):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)
else:
self.process = Popen(["sqlmap", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
def scan_start(taskid):
"""
Launch a scan
"""
global tasks
global procs
global pipes
if taskid not in tasks:
abort(500, "Invalid task ID")
# Initialize sqlmap engine's options with user's provided options
# within the JSON request
for key, value in request.json.items():
tasks[taskid][key] = value
# Overwrite output directory (oDir) value to a temporary directory
tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-")
# Launch sqlmap engine in a separate thread
logger.debug("starting a scan for task ID %s" % taskid)
pipes[taskid] = os.pipe()
# Provide sqlmap engine with the writable pipe for logging
tasks[taskid]["fdLog"] = pipes[taskid][1]
# Launch sqlmap engine
procs[taskid] = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)
return jsonize({"success": True})
def engine_start(self):
self.process = Popen([
"python", "sqlmap.py", "--pickled-options",
base64pickle(self.options)
],
shell=False,
close_fds=not IS_WIN)
def setDynamicMarkings(markings):
"""
Save information retrieved about dynamic markings to the
session file.
"""
condition = (
(not kb.resumedQueries
or (kb.resumedQueries.has_key(conf.url)
and not kb.resumedQueries[conf.url].has_key("Dynamic markings"))))
if condition:
dataToSessionFile("[%s][%s][%s][Dynamic markings][%s]\n" %
(conf.url, None, None, base64pickle(markings)))
def setInjection(inj):
"""
Save information retrieved about injection place and parameter in the
session file.
"""
condition = ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Injection data"))
or ( kb.resumedQueries[conf.url].has_key("Injection data")
and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data.keys(),\
inj.data.keys()) != inj.data.keys()
) )
if condition:
dataToSessionFile(
"[%s][%s][%s][Injection data][%s]\n" %
(conf.url, inj.place, safeFormatString(
conf.parameters[inj.place]), base64pickle(inj)))
def scan_start(taskid):
"""
Launch a scan
"""
global tasks
global procs
global pipes
if taskid not in tasks:
abort(500, "Invalid task ID")
# Initialize sqlmap engine's options with user's provided options
# within the JSON request
for key, value in request.json.items():
tasks[taskid][key] = value
# Overwrite output directory (oDir) value to a temporary directory
tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-")
# Launch sqlmap engine in a separate thread
logger.debug("starting a scan for task ID %s" % taskid)
pipes[taskid] = os.pipe()
# Provide sqlmap engine with the writable pipe for logging
tasks[taskid]["fdLog"] = pipes[taskid][1]
# Launch sqlmap engine
procs[taskid] = execute("python sqlmap.py --pickled-options %s" %
base64pickle(tasks[taskid]),
shell=True,
stdin=PIPE,
stdout=PIPE,
stderr=PIPE,
close_fds=False)
return jsonize({"success": True})
def scan_start(taskid):
"""
Launch a scan
"""
global tasks
global procs
if taskid not in tasks:
abort(500, "Invalid task ID")
# Initialize sqlmap engine's options with user's provided options, if any
for key, value in request.json.items():
tasks[taskid][key] = value
# Overwrite output directory value to a temporary directory
tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmapoutput-")
# Launch sqlmap engine in a separate thread
logger.debug("starting a scan for task ID %s" % taskid)
# Launch sqlmap engine
procs[taskid].child = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE)
return jsonize({"success": True})
def engine_start(self):
self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)],
shell=False, close_fds=not IS_WIN)
def direct(query, content=True):
output = None
select = True
query = agent.payloadDirect(query)
if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query:
query = "%s FROM DUAL" % query
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":
select = False
break
if select and not query.upper().startswith("SELECT "):
query = "SELECT " + query
logger.log(9, query)
if not select:
output = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
elif conf.hostname in kb.resumedQueries and query in kb.resumedQueries[conf.hostname] and "sqlmapoutput" not in query and "sqlmapfile" not in query:
try:
output = base64unpickle(kb.resumedQueries[conf.hostname][query][:-1])
except:
output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
infoMsg = "resumed from file '%s': " % conf.sessionFile
infoMsg += "%s..." % getUnicode(output, UNICODE_ENCODING)[:20]
logger.info(infoMsg)
else:
output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
if output is None or len(output) == 0:
return None
elif content:
if conf.hostname not in kb.resumedQueries or ( conf.hostname in kb.resumedQueries and query not in kb.resumedQueries[conf.hostname] ):
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.hostname, kb.injection.place, conf.parameters[kb.injection.place], query, base64pickle(output)))
if len(output) == 1:
if len(output[0]) == 1:
out = list(output)[0][0]
if isinstance(out, str):
out = utf8decode(out)
return getUnicode(out, UNICODE_ENCODING)
else:
return list(output)
else:
return output
else:
for line in output:
if line[0] in (1, -1):
return True
else:
return False
from lib.core.convert import base64pickle
print base64pickle({'url':'http://10.0.6.13/add.php','data':'name=123'})
def engine_start(self):
self.process = Popen("python sqlmap.py --pickled-options %s" % base64pickle(self.options),
shell=True, stdin=PIPE, close_fds=False)
from lib.core.convert import base64pickle
print base64pickle({'url': 'http://10.0.6.13/add.php', 'data': 'name=123'})
def setDynamicMarkings(markings):
"""
Save information retrieved about dynamic markings to the
session file.
"""
condition = (
( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Dynamic markings")
) )
)
if condition:
dataToSessionFile("[%s][%s][%s][Dynamic markings][%s]\n" % (conf.url, None, None, base64pickle(markings)))
def setInjection(inj):
"""
Save information retrieved about injection place and parameter in the
session file.
"""
try:
condition = ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Injection data"))
or ( kb.resumedQueries[conf.url].has_key("Injection data")
and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data.keys(),\
inj.data.keys()) != inj.data.keys()
) )
except AttributeError:
warnMsg = "there were some changes in data model "
warnMsg += "preventing normal resume of previously stored "
warnMsg += "injection data. please use the --flush-session "
warnMsg += "to have it fixed"
singleTimeWarnMessage(warnMsg)
condition = False
if condition:
dataToSessionFile("[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), base64pickle(inj)))
