Niboucha Redouane
28 lines
929 B
Ruby
28 lines
929 B
Ruby
#
|
|
# This mixin provides helpers to perform SQL injection
|
|
# - provides a level of abstraction for common queries, for example, querying the table names
|
|
# - implements blind and time-based SQL injection in a reusable manner
|
|
# - Highly extendable (user can run any code to perform the requests, encode payloads and parse results)
|
|
#
|
|
require 'msf/core/exploit/sqli/common'
|
|
require 'msf/core/exploit/sqli/mysqli'
|
|
|
|
module Msf
|
|
module Exploit::SQLi
|
|
def initialize(info = {})
|
|
super
|
|
register_advanced_options(
|
|
[
|
|
OptFloat.new('SqliDelay', [ false, 'The delay to sleep on time-based blind SQL injections', 1.0 ])
|
|
]
|
|
)
|
|
end
|
|
|
|
def create_sqli(dbms:, opts: {}, &query_proc)
|
|
raise ArgumentError, 'Invalid dbms class' unless dbms.is_a?(Class) && dbms.ancestors.include?(Msf::Exploit::SQLi::Common)
|
|
|
|
dbms.new(datastore, framework, user_output, opts, &query_proc)
|
|
end
|
|
end
|
|
end
|