lib/msf/core/exploit/sqli.rb

module Msf
  #
  # This mixin provides helpers to perform SQL injection
  # - provides a level of abstraction for common queries, for example, querying the table names
  # - implements blind and time-based SQL injection in a reusable manner
  # - Highly extendable (user can run any code to perform the requests, encode payloads and parse results)
  #
  module Exploit::SQLi
    def initialize(info = {})
      super
      register_advanced_options(
        [
          OptFloat.new('SqliDelay', [ false, 'The delay to sleep on time-based blind SQL injections', 1.0 ])
        ]
      )
    end

    #
    # Creates an SQL injection object, this is the method module writers should use
    # @param dbms [Class] The SQL injection class you intend to use
    # @param opts [Hash] The options to use with this SQL injection
    # @param query_proc [Proc] The proc that takes an SQL payload as a parameter, and queries the server
    # @return [Object] an instance of dbms
    #
    def create_sqli(dbms:, opts: {}, &query_proc)
      raise ArgumentError, 'Invalid dbms class' unless dbms.is_a?(Class) && dbms.ancestors.include?(Msf::Exploit::SQLi::Common)

      dbms.new(datastore, framework, user_output, opts, &query_proc)
    end
  end
end
inject the datastore into the SQLi library, and register advanced options 2020-06-22 17:36:38 +02:00			`module Msf`
Fix documentation, remove unused instance variable in SQLite TimeBasedBlind class (sleepdelay) 2020-08-27 19:08:27 +02:00			`#`
			`# This mixin provides helpers to perform SQL injection`
			`# - provides a level of abstraction for common queries, for example, querying the table names`
			`# - implements blind and time-based SQL injection in a reusable manner`
			`# - Highly extendable (user can run any code to perform the requests, encode payloads and parse results)`
			`#`
Fix formatting 2020-06-22 17:41:20 +02:00			`module Exploit::SQLi`
			`def initialize(info = {})`
			`super`
			`register_advanced_options(`
			`[`
add default value for options of SQLi constructors, and fix eyesofnetwork module 2020-06-24 00:38:13 +02:00			`OptFloat.new('SqliDelay', [ false, 'The delay to sleep on time-based blind SQL injections', 1.0 ])`
Fix formatting 2020-06-22 17:41:20 +02:00			`]`
			`)`
			`end`
Replace puts with print_status and similar 2020-06-23 21:25:59 +02:00
Fix documentation, remove unused instance variable in SQLite TimeBasedBlind class (sleepdelay) 2020-08-27 19:08:27 +02:00			`#`
			`# Creates an SQL injection object, this is the method module writers should use`
			`# @param dbms [Class] The SQL injection class you intend to use`
			`# @param opts [Hash] The options to use with this SQL injection`
			`# @param query_proc [Proc] The proc that takes an SQL payload as a parameter, and queries the server`
			`# @return [Object] an instance of dbms`
			`#`
make some attributes writable, and specify its the SQLi library in any verbose message 2020-06-27 18:28:12 +02:00			`def create_sqli(dbms:, opts: {}, &query_proc)`
Rename the factory method for SQLi classes, and add a check on the class to instanciate 2020-06-27 14:51:54 +02:00			`raise ArgumentError, 'Invalid dbms class' unless dbms.is_a?(Class) && dbms.ancestors.include?(Msf::Exploit::SQLi::Common)`
make some attributes writable, and specify its the SQLi library in any verbose message 2020-06-27 18:28:12 +02:00
refactor mixin as factory for sqli classes 2020-06-26 15:06:30 -05:00			`dbms.new(datastore, framework, user_output, opts, &query_proc)`
Replace puts with print_status and similar 2020-06-23 21:25:59 +02:00			`end`
inject the datastore into the SQLi library, and register advanced options 2020-06-22 17:36:38 +02:00			`end`
			`end`