mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 05:01:30 +00:00
Implements #2908
This commit is contained in:
Miroslav Stampar
@@ -18,6 +18,7 @@ from lib.core.compat import xrange
|
||||
from lib.core.convert import encodeBase64
|
||||
from lib.core.convert import encodeHex
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
@@ -82,8 +83,9 @@ class Filesystem(GenericFilesystem):
|
||||
return chunkName
|
||||
|
||||
def stackedReadFile(self, remoteFile):
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
if not kb.bruteMode:
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
result = []
|
||||
txtTbl = self.fileTblName
|
||||
|
||||
@@ -31,16 +31,18 @@ from plugins.generic.filesystem import Filesystem as GenericFilesystem
|
||||
|
||||
class Filesystem(GenericFilesystem):
|
||||
def nonStackedReadFile(self, rFile):
|
||||
infoMsg = "fetching file: '%s'" % rFile
|
||||
logger.info(infoMsg)
|
||||
if not kb.bruteMode:
|
||||
infoMsg = "fetching file: '%s'" % rFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
result = inject.getValue("HEX(LOAD_FILE('%s'))" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
|
||||
|
||||
return result
|
||||
|
||||
def stackedReadFile(self, remoteFile):
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
if not kb.bruteMode:
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
self.createSupportTbl(self.fileTblName, self.tblField, "longtext")
|
||||
self.getRemoteTempPath()
|
||||
@@ -64,8 +66,9 @@ class Filesystem(GenericFilesystem):
|
||||
warnMsg += "file '%s'" % remoteFile
|
||||
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
|
||||
warnMsg += ", going to fall-back to simpler UNION technique"
|
||||
logger.warn(warnMsg)
|
||||
if not kb.bruteMode:
|
||||
warnMsg += ", going to fall-back to simpler UNION technique"
|
||||
logger.warn(warnMsg)
|
||||
result = self.nonStackedReadFile(remoteFile)
|
||||
else:
|
||||
raise SqlmapNoneDataException(warnMsg)
|
||||
|
||||
@@ -32,8 +32,9 @@ class Filesystem(GenericFilesystem):
|
||||
Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)
|
||||
|
||||
for remoteFile in remoteFile.split(','):
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
if not kb.bruteMode:
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.fileReadMode = True
|
||||
fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
|
||||
@@ -42,10 +43,11 @@ class Filesystem(GenericFilesystem):
|
||||
if not isNoneValue(fileContent):
|
||||
fileContent = decodeDbmsHexValue(fileContent, True)
|
||||
|
||||
if fileContent:
|
||||
if fileContent.strip():
|
||||
localFilePath = dataToOutFile(remoteFile, fileContent)
|
||||
localFilePaths.append(localFilePath)
|
||||
else:
|
||||
|
||||
elif not kb.bruteMode:
|
||||
errMsg = "no data retrieved"
|
||||
logger.error(errMsg)
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ import os
|
||||
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.compat import xrange
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||
from lib.core.settings import LOBLKSIZE
|
||||
@@ -23,8 +24,9 @@ class Filesystem(GenericFilesystem):
|
||||
GenericFilesystem.__init__(self)
|
||||
|
||||
def stackedReadFile(self, remoteFile):
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
if not kb.bruteMode:
|
||||
infoMsg = "fetching file: '%s'" % remoteFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
self.initEnv()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user