Some more fixes and adjustments before 0.6.1 release.

bdamele · bdamele · commit 016118ce7ac0 · 2008-10-17T15:26:43.000Z
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -2,7 +2,7 @@ sqlmap (0.6.1-1) stable; urgency=low
 
   * Major bug fix to blind SQL injection bisection algorithm to handle an
     exception;
-  * Written a Metasploit 3 auxiliary module to run sqlmap;
+  * Added a Metasploit 3 auxiliary module to run sqlmap;
   * Implemented possibility to test for and inject also on LIKE
     statements;
   * Implemented --start and --stop options to set the first and the last
diff --git a/extra/msfauxmod/README b/extra/msfauxmod/README
@@ -32,43 +32,42 @@ msf auxiliary(wmap_sqlmap) > show options
 
 Module options:
 
-   Name         Current Setting                                      Required  Description
-   ----         ---------------                                      --------  -----------
-   BATCH        true                                                 yes       Never ask for user input, use the default behaviour
-   DATA                                                              no        The data string to be sent through POST
-   METHOD       GET                                                  yes       HTTP Method
-   OPTS         --dbs --current-user                                 no        The sqlmap options to use
-   PATH         /sqlmap/mysql/get_int.php                            yes       The path/file to test for SQL injection
-   Proxies                                                           no        Use a proxy chain
-   QUERY        id=1                                                 no        HTTP GET query
-   RHOSTS       192.168.1.121                                        yes       The target address range or CIDR identifier
-   RPORT        80                                                   yes       The target port
-   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py  yes       The sqlmap >= 0.6.1 full path
-   SSL          false                                                no        Use SSL
-   THREADS      1                                                    yes       The number of concurrent threads
-   VHOST                                                             no        HTTP server virtual host
+   Name         Current Setting                                                 Required  Description                                          
+   ----         ---------------                                                 --------  -----------                                          
+   BATCH        true                                                            yes       Never ask for user input, use the default behaviour  
+   BODY                                                                         no        The data string to be sent through POST              
+   METHOD       GET                                                             yes       HTTP Method                                          
+   OPTS         --dbs --current-user                                            no        The sqlmap options to use                            
+   PATH         /sqlmap/mysql/get_int.php                                       yes       The path/file to test for SQL injection              
+   Proxies                                                                      no        Use a proxy chain                                    
+   QUERY        id=1                                                            no        HTTP GET query                                       
+   RHOSTS       192.168.1.121                                                   yes       The target address range or CIDR identifier          
+   RPORT        80                                                              yes       The target port                                      
+   SQLMAP_PATH  /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py             yes       The sqlmap >= 0.6.1 full path                        
+   SSL          false                                                           no        Use SSL                                              
+   THREADS      1                                                               yes       The number of concurrent threads                     
+   VHOST                                                                        no        HTTP server virtual host                             
 
 msf auxiliary(wmap_sqlmap) > run
-[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121/sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
+[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch
 SQLMAP: 
 SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
 SQLMAP: and Daniele Bellucci <daniele.bellucci@gmail.com>
 SQLMAP: 
-SQLMAP: [*] starting at: 01:31:41
+SQLMAP: [*] starting at: 16:23:19
 SQLMAP: 
-SQLMAP: [01:31:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
+SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
 SQLMAP: back-end DBMS:  MySQL >= 5.0.0
 SQLMAP: 
 SQLMAP: current user:    'testuser@localhost'
 SQLMAP: 
-SQLMAP: available databases [4]:
+SQLMAP: available databases [3]:
 SQLMAP: [*] information_schema
 SQLMAP: [*] mysql
-SQLMAP: [*] privatedb
 SQLMAP: [*] test
 SQLMAP: 
 SQLMAP: 
-SQLMAP: [*] shutting down at: 01:31:44
+SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
diff --git a/extra/msfauxmod/wmap_sqlmap.rb b/extra/msfauxmod/wmap_sqlmap.rb
@@ -39,7 +39,7 @@ def initialize(info = {})
 				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
 				OptString.new('PATH', [ true,  "The path/file to test for SQL injection", 'index.php' ]),
 				OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]),
-				OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]),
+				OptString.new('BODY', [ false, "The data string to be sent through POST", '' ]),
 				OptString.new('OPTS', [ false,  "The sqlmap options to use", ' ' ]),
 				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), 
 				OptBool.new('BATCH', [ true,  "Never ask for user input, use the default behaviour", 'true' ])
@@ -56,7 +56,7 @@ def run_host(ip)
 			return
 		end
 
-		data = datastore['DATA']
+		data = datastore['BODY']
 		method = datastore['METHOD'].upcase
 
 		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -98,9 +98,12 @@ def getPage(**kwargs):
 
         requestMsg += " HTTP/1.1"
 
+        if cookie:
+            cookie = urlencode(cookie).replace("%%", "%")
+
         try:
             # Perform HTTP request
-            headers        = forgeHeaders(urlencode(cookie).replace("%%", "%"), ua)
+            headers        = forgeHeaders(cookie, ua)
             req            = urllib2.Request(url, post, headers)
             conn           = urllib2.urlopen(req)
 
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -2,15 +2,7 @@
 
 # Target URL.
 # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
-url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
-#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
+url = 
 
 # Rather than providing a target url, let Google return target
 # hosts as result of your Google dork expression. For a list of Google
