}
// Establish Admin ID to manage tasks
if (isset($_POST['myAdminID']) && strlen(trim($_POST['myAdminID'])) == 32) {
$_SESSION['myAdminID'] = trim($_POST['myAdminID']);
}
include "../inc/config.php";
include "../inc/SQLMAPClientAPI.class.php";
$salt = "!SQL!";
// Salt for form token hash generation
$token = sha1(mt_rand(1, 1000000) . $salt);
// Generate CSRF Token Hash
$_SESSION['token'] = $token;
// Set CSRF Token for Form Submit Verification
$taskConfig = array();
if (isset($_SESSION['myAdminID'])) {
$sqlmap = new SQLMAPClientAPI();
if (isset($_GET['task']) && trim($_GET['task']) != "") {
$actionTaskId = trim($_GET['task']);
if (isset($_GET['action'])) {
switch (trim($_GET['action'])) {
case "conf":
// Show Config for specified Task ID
$taskConfig = $sqlmap->listOptions($actionTaskId);
// We will actually store it for use in a second...
break;
case "stop":
// Stop a specified running Task ID
$sqlmap->stopScan($actionTaskId);
break;
case "kill":
// Forcefully Kill a specified running Task ID
OK we now have all of our configuration options set in variables
Next we need to spin up a new scan task id, then we can send configuration
Then we run scan
Monitor Scan Status until finished
Scan logs and display in textarea for user viewing
Make info available for downloading on completion
Destroy everything on end of session
##########################################################################
*/
// For DEBUGGING:
// View sqlmap requests in proxy:
// $options_to_enable['proxy'] = 'http://127.0.0.1:8080';
// This will allow all DB Error messages in reponses to display in our log view
// $options_to_enable['parseErrors'] = 'true';
$sqlmap = new SQLMAPClientAPI();
$sqlmap->task_id = $sqlmap->generateNewTaskID();
$scanID = trim($sqlmap->task_id);
// Check to make sure the API communication is working, otherwise bail
if (isset($scanID) && trim($scanID) != "") {
if (isset($_POST['level']) && (int) $_POST['level'] > 0 && (int) $_POST['level'] < 6) {
$sqlmap->setOptionValue($scanID, 'level', (int) $_POST['level'], true);
}
if (isset($_POST['risk']) && (int) $_POST['risk'] > 0 && (int) $_POST['risk'] < 4) {
$sqlmap->setOptionValue($scanID, 'risk', (int) $_POST['risk'], true);
}
foreach ($options_to_enable as $key => $value) {
$sqlmap->setOptionValue($scanID, $key, $value);
}
$sqlmap->startScan($scanID);
// Launch Scan
<?php
// SQLMAP Scan Task Killer
@set_time_limit(0);
@session_start();
$sess = session_id();
if (!$sess) {
header("Location: /sqlmap/index.php");
}
include_once "header.php";
if (isset($_GET['id'])) {
$id = $_GET['id'];
include "./inc/SQLMAPClientAPI.class.php";
$sqlmap = new SQLMAPClientAPI();
if (!$sqlmap->stopScan($id)) {
if (!$sqlmap->killScan($id)) {
// Problem Stopping/Killing Scan Task, bad id maybe?
?>
<div class="epic_fail" align="center">
<p style="font-size:26px">Epic Failure Stopping Scan!</p><br />
<p style="font-size:20px">
Unknown problem encountered trying to kill ScanID#<?php
echo htmlentities($id, ENT_QUOTES, 'UTF-8');
?>
!<br />
Please follow up with the admin for further assistance....
<br /><br />
</p>
<p style="font-size:16px">
Redirecting back to form so you can try again....<br />
