1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
from lib.controller.handler import setHandler
9
from lib.core.common import Backend
10
from lib.core.common import Format
11
from lib.core.data import conf
12
from lib.core.data import kb
13
from lib.core.data import logger
14
from lib.core.data import paths
15
from lib.core.enums import CONTENT_TYPE
16
from lib.core.exception import SqlmapNoneDataException
17
from lib.core.exception import SqlmapUnsupportedDBMSException
18
from lib.core.settings import SUPPORTED_DBMS
19
from lib.utils.brute import columnExists
20
from lib.utils.brute import fileExists
21
from lib.utils.brute import tableExists
22

23
def action():
24
    """
25
    This function exploit the SQL injection on the affected
26
    URL parameter and extract requested data from the
27
    back-end database management system or operating system
28
    if possible
29
    """
30

31
    # First of all we have to identify the back-end database management
32
    # system to be able to go ahead with the injection
33
    setHandler()
34

35
    if not Backend.getDbms() or not conf.dbmsHandler:
36
        htmlParsed = Format.getErrorParsedDBMSes()
37

38
        errMsg = "sqlmap was not able to fingerprint the "
39
        errMsg += "back-end database management system"
40

41
        if htmlParsed:
42
            errMsg += ", but from the HTML error page it was "
43
            errMsg += "possible to determinate that the "
44
            errMsg += "back-end DBMS is %s" % htmlParsed
45

46
        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:
47
            errMsg += ". Do not specify the back-end DBMS manually, "
48
            errMsg += "sqlmap will fingerprint the DBMS for you"
49
        elif kb.nullConnection:
50
            errMsg += ". You can try to rerun without using optimization "
51
            errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection")
52

53
        raise SqlmapUnsupportedDBMSException(errMsg)
54

55
    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
56

57
    kb.fingerprinted = True
58

59
    # Enumeration options
60
    if conf.getBanner:
61
        conf.dumper.banner(conf.dbmsHandler.getBanner())
62

63
    if conf.getCurrentUser:
64
        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())
65

66
    if conf.getCurrentDb:
67
        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())
68

69
    if conf.getHostname:
70
        conf.dumper.hostname(conf.dbmsHandler.getHostname())
71

72
    if conf.isDba:
73
        conf.dumper.dba(conf.dbmsHandler.isDba())
74

75
    if conf.getUsers:
76
        conf.dumper.users(conf.dbmsHandler.getUsers())
77

78
    if conf.getStatements:
79
        conf.dumper.statements(conf.dbmsHandler.getStatements())
80

81
    if conf.getPasswordHashes:
82
        try:
83
            conf.dumper.userSettings("database management system users password hashes", conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
84
        except SqlmapNoneDataException as ex:
85
            logger.critical(ex)
86
        except:
87
            raise
88

89
    if conf.getPrivileges:
90
        try:
91
            conf.dumper.userSettings("database management system users privileges", conf.dbmsHandler.getPrivileges(), "privilege", CONTENT_TYPE.PRIVILEGES)
92
        except SqlmapNoneDataException as ex:
93
            logger.critical(ex)
94
        except:
95
            raise
96

97
    if conf.getRoles:
98
        try:
99
            conf.dumper.userSettings("database management system users roles", conf.dbmsHandler.getRoles(), "role", CONTENT_TYPE.ROLES)
100
        except SqlmapNoneDataException as ex:
101
            logger.critical(ex)
102
        except:
103
            raise
104

105
    if conf.getDbs:
106
        try:
107
            conf.dumper.dbs(conf.dbmsHandler.getDbs())
108
        except SqlmapNoneDataException as ex:
109
            logger.critical(ex)
110
        except:
111
            raise
112

113
    if conf.getTables:
114
        try:
115
            conf.dumper.dbTables(conf.dbmsHandler.getTables())
116
        except SqlmapNoneDataException as ex:
117
            logger.critical(ex)
118
        except:
119
            raise
120

121
    if conf.commonTables:
122
        try:
123
            conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
124
        except SqlmapNoneDataException as ex:
125
            logger.critical(ex)
126
        except:
127
            raise
128

129
    if conf.getSchema:
130
        try:
131
            conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)
132
        except SqlmapNoneDataException as ex:
133
            logger.critical(ex)
134
        except:
135
            raise
136

137
    if conf.getColumns:
138
        try:
139
            conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)
140
        except SqlmapNoneDataException as ex:
141
            logger.critical(ex)
142
        except:
143
            raise
144

145
    if conf.getCount:
146
        try:
147
            conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())
148
        except SqlmapNoneDataException as ex:
149
            logger.critical(ex)
150
        except:
151
            raise
152

153
    if conf.commonColumns:
154
        try:
155
            conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
156
        except SqlmapNoneDataException as ex:
157
            logger.critical(ex)
158
        except:
159
            raise
160

161
    if conf.dumpTable:
162
        try:
163
            conf.dbmsHandler.dumpTable()
164
        except SqlmapNoneDataException as ex:
165
            logger.critical(ex)
166
        except:
167
            raise
168

169
    if conf.dumpAll:
170
        try:
171
            conf.dbmsHandler.dumpAll()
172
        except SqlmapNoneDataException as ex:
173
            logger.critical(ex)
174
        except:
175
            raise
176

177
    if conf.search:
178
        try:
179
            conf.dbmsHandler.search()
180
        except SqlmapNoneDataException as ex:
181
            logger.critical(ex)
182
        except:
183
            raise
184

185
    if conf.sqlQuery:
186
        for query in conf.sqlQuery.strip(';').split(';'):
187
            query = query.strip()
188
            if query:
189
                conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))
190

191
    if conf.sqlShell:
192
        conf.dbmsHandler.sqlShell()
193

194
    if conf.sqlFile:
195
        conf.dbmsHandler.sqlFile()
196

197
    # User-defined function options
198
    if conf.udfInject:
199
        conf.dbmsHandler.udfInjectCustom()
200

201
    # File system options
202
    if conf.fileRead:
203
        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))
204

205
    if conf.fileWrite:
206
        conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)
207

208
    if conf.commonFiles:
209
        try:
210
            conf.dumper.rFile(fileExists(paths.COMMON_FILES))
211
        except SqlmapNoneDataException as ex:
212
            logger.critical(ex)
213
        except:
214
            raise
215

216
    # Operating system options
217
    if conf.osCmd:
218
        conf.dbmsHandler.osCmd()
219

220
    if conf.osShell:
221
        conf.dbmsHandler.osShell()
222

223
    if conf.osPwn:
224
        conf.dbmsHandler.osPwn()
225

226
    if conf.osSmb:
227
        conf.dbmsHandler.osSmb()
228

229
    if conf.osBof:
230
        conf.dbmsHandler.osBof()
231

232
    # Windows registry options
233
    if conf.regRead:
234
        conf.dumper.registerValue(conf.dbmsHandler.regRead())
235

236
    if conf.regAdd:
237
        conf.dbmsHandler.regAdd()
238

239
    if conf.regDel:
240
        conf.dbmsHandler.regDel()
241

242
    # Miscellaneous options
243
    if conf.cleanup:
244
        conf.dbmsHandler.cleanup()
245

246
    if conf.direct:
247
        conf.dbmsConnector.close()
248

249