def recv_info(self, info):
if not info.has_url_params and not info.has_post_params:
return
# Result info
results = []
# Get user args
user_args = shlex.split(Config.plugin_args["args"])
with tempdir() as output_dir:
# Basic command line
args = [
"-u",
info.url,
"--batch",
"--output-dir",
output_dir
]
# Add the user args
args.extend(user_args)
#
# GET Parameters injection
#
if info.has_url_params:
args.extend([
"-p",
",".join([x for x in info.url_params if x not in WEB_SERVERS_VARS]),
])
r = self.make_injection(info.url, args)
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
#
# POST Parameters injection
#
if info.has_post_params:
args.extend([
"--data",
"&".join(["%s=%s" % (k, v) for k, v in info.post_params.iteritems() if k not in WEB_SERVERS_VARS])
])
r = self.make_injection(info.url, args)
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
if results:
Logger.log("Found %s SQL injection vulnerabilities." % len(results))
else:
Logger.log("No SQL injection vulnerabilities found.")
return results
def run(self, info):
if not info.has_url_params and not info.has_post_params:
return
# Result info
results = []
# Get user args
user_args = shlex.split(Config.plugin_args["args"])
with tempdir() as output_dir:
# Basic command line
args = [
"-u",
info.url,
"--batch",
"--output-dir",
output_dir
]
# Add the user args
args.extend(user_args)
#
# GET Parameters injection
#
if info.has_url_params:
args.extend([
"-p",
",".join([x for x in info.url_params if x not in WEB_SERVERS_VARS]),
])
r = self.make_injection(info.url, args)
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
#
# POST Parameters injection
#
if info.has_post_params:
args.extend([
"--data",
"&".join(["%s=%s" % (k, v) for k, v in info.post_params.iteritems() if k not in WEB_SERVERS_VARS])
])
r = self.make_injection(info.url, args)
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
if results:
Logger.log("Found %s SQL injection vulnerabilities." % len(results))
else:
Logger.log("No SQL injection vulnerabilities found.")
return results
def recv_info(self, info):
Logger.log(info)
if not isinstance(info, Url):
return
if not info.has_url_params and not info.has_post_params:
Logger.log("URL '%s' has not parameters" % info.url)
return
# Get sqlmap script executable
sqlmap_script = self.get_sqlmap()
results = []
with tempdir() as output_dir:
# Basic command line
args = [
"-u",
info.url,
"-b",
"--batch",
"--output-dir",
output_dir,
"-u",
info.url,
]
#
# GET Parameters injection
#
if info.has_url_params:
args = [
"-p",
",".join(info.url_params),
]
r = self.make_injection(info.url, sqlmap_script, args)
# Parse and return the results.
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
#
# POST Parameters injection
#
if info.has_post_params:
args = [
"--data",
"&".join([ "%s=%s" % (k, v) for k, v in info.post_params.iteritems()])
]
r = self.make_injection(info.url, sqlmap_script, args)
# Parse and return the results.
if r:
results.extend(self.parse_sqlmap_results(info, output_dir))
if results:
Logger.log("Found %s SQL injection vulns." % len(results))
else:
Logger.log("No SQL injection vulns found.")
return results
