def engine_start(self): if os.path.exists("sqlmap.py"): self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN) elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")): self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN) else: self.process = Popen(["sqlmap", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
def scan_start(taskid): """ Launch a scan """ global tasks global procs global pipes if taskid not in tasks: abort(500, "Invalid task ID") # Initialize sqlmap engine's options with user's provided options # within the JSON request for key, value in request.json.items(): tasks[taskid][key] = value # Overwrite output directory (oDir) value to a temporary directory tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-") # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) pipes[taskid] = os.pipe() # Provide sqlmap engine with the writable pipe for logging tasks[taskid]["fdLog"] = pipes[taskid][1] # Launch sqlmap engine procs[taskid] = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) return jsonize({"success": True})
def engine_start(self): self.process = Popen([ "python", "sqlmap.py", "--pickled-options", base64pickle(self.options) ], shell=False, close_fds=not IS_WIN)
def setDynamicMarkings(markings): """ Save information retrieved about dynamic markings to the session file. """ condition = ( (not kb.resumedQueries or (kb.resumedQueries.has_key(conf.url) and not kb.resumedQueries[conf.url].has_key("Dynamic markings")))) if condition: dataToSessionFile("[%s][%s][%s][Dynamic markings][%s]\n" % (conf.url, None, None, base64pickle(markings)))
def setInjection(inj): """ Save information retrieved about injection place and parameter in the session file. """ condition = ( not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and not kb.resumedQueries[conf.url].has_key("Injection data")) or ( kb.resumedQueries[conf.url].has_key("Injection data") and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data.keys(),\ inj.data.keys()) != inj.data.keys() ) ) if condition: dataToSessionFile( "[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString( conf.parameters[inj.place]), base64pickle(inj)))
def scan_start(taskid): """ Launch a scan """ global tasks global procs if taskid not in tasks: abort(500, "Invalid task ID") # Initialize sqlmap engine's options with user's provided options, if any for key, value in request.json.items(): tasks[taskid][key] = value # Overwrite output directory value to a temporary directory tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmapoutput-") # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) # Launch sqlmap engine procs[taskid].child = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE) return jsonize({"success": True})
def engine_start(self): self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
def direct(query, content=True): output = None select = True query = agent.payloadDirect(query) if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query: query = "%s FROM DUAL" % query for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): for sqlStatement in sqlStatements: if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement": select = False break if select and not query.upper().startswith("SELECT "): query = "SELECT " + query logger.log(9, query) if not select: output = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) elif conf.hostname in kb.resumedQueries and query in kb.resumedQueries[conf.hostname] and "sqlmapoutput" not in query and "sqlmapfile" not in query: try: output = base64unpickle(kb.resumedQueries[conf.hostname][query][:-1]) except: output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) infoMsg = "resumed from file '%s': " % conf.sessionFile infoMsg += "%s..." % getUnicode(output, UNICODE_ENCODING)[:20] logger.info(infoMsg) else: output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) if output is None or len(output) == 0: return None elif content: if conf.hostname not in kb.resumedQueries or ( conf.hostname in kb.resumedQueries and query not in kb.resumedQueries[conf.hostname] ): dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.hostname, kb.injection.place, conf.parameters[kb.injection.place], query, base64pickle(output))) if len(output) == 1: if len(output[0]) == 1: out = list(output)[0][0] if isinstance(out, str): out = utf8decode(out) return getUnicode(out, UNICODE_ENCODING) else: return list(output) else: return output else: for line in output: if line[0] in (1, -1): return True else: return False
from lib.core.convert import base64pickle print base64pickle({'url':'http://10.0.6.13/add.php','data':'name=123'})
def engine_start(self): self.process = Popen("python sqlmap.py --pickled-options %s" % base64pickle(self.options), shell=True, stdin=PIPE, close_fds=False)
from lib.core.convert import base64pickle print base64pickle({'url': 'http://10.0.6.13/add.php', 'data': 'name=123'})
def setDynamicMarkings(markings): """ Save information retrieved about dynamic markings to the session file. """ condition = ( ( not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and not kb.resumedQueries[conf.url].has_key("Dynamic markings") ) ) ) if condition: dataToSessionFile("[%s][%s][%s][Dynamic markings][%s]\n" % (conf.url, None, None, base64pickle(markings)))
def setInjection(inj): """ Save information retrieved about injection place and parameter in the session file. """ try: condition = ( not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and not kb.resumedQueries[conf.url].has_key("Injection data")) or ( kb.resumedQueries[conf.url].has_key("Injection data") and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data.keys(),\ inj.data.keys()) != inj.data.keys() ) ) except AttributeError: warnMsg = "there were some changes in data model " warnMsg += "preventing normal resume of previously stored " warnMsg += "injection data. please use the --flush-session " warnMsg += "to have it fixed" singleTimeWarnMessage(warnMsg) condition = False if condition: dataToSessionFile("[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), base64pickle(inj)))