sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.

2026-01-21 13:49:04 +00:00 · 2010-01-02 02:02:12 +00:00
parent d55175a340
commit ce022a3b6e
62 changed files with 567 additions and 1026 deletions
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import binascii
 import os

@@ -46,13 +44,11 @@ class Filesystem:
        self.fileTblName = "sqlmapfile"
        self.tblField    = "data"

-
    def __unbase64String(self, base64Str):
        unbase64Str = "%s\n" % base64Str.decode("base64")

        return unbase64Str

-
    def __unhexString(self, hexStr):
        if len(hexStr) % 2 != 0:
            errMsg  = "for some reasons sqlmap retrieved an odd-length "
@@ -64,7 +60,6 @@ class Filesystem:

        return binascii.unhexlify(hexStr)

-
    def __binDataToScr(self, binaryData, chunkName):
        """
        Called by Microsoft SQL Server plugin to write a binary file on the
@@ -101,7 +96,6 @@ class Filesystem:

        return fileLines

-
    def __checkWrittenFile(self, wFile, dFile, fileType):
        if kb.dbms == "MySQL":
            lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
@@ -110,10 +104,10 @@ class Filesystem:
            lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid

        elif kb.dbms == "Microsoft SQL Server":
-            self.createSupportTbl(self.fileTblName, self.tblField, "text")
+            self.createSupportTbl(self.fileTblName, self.tblField, "text")

            # Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx
-            inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.fileTblName, dFile, randomStr(10), randomStr(10)))
+            inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.fileTblName, dFile, randomStr(10), randomStr(10)))

            lengthQuery = "SELECT DATALENGTH(%s) FROM %s" % (self.tblField, self.fileTblName)

@@ -141,7 +135,6 @@ class Filesystem:
            warnMsg += "privileges in the destination path"
            logger.warn(warnMsg)

-
    def fileToSqlQueries(self, fcEncodedList):
        """
        Called by MySQL and PostgreSQL plugins to write a file on the
@@ -162,7 +155,6 @@ class Filesystem:

        return sqlQueries

-
    def fileEncode(self, fileName, encoding, single):
        """
        Called by MySQL and PostgreSQL plugins to write a file on the
@@ -170,10 +162,10 @@ class Filesystem:
        """

        fcEncodedList = []
-        fp            = open(fileName, "rb")
+        fp            = open(fileName, "rb")
        fcEncodedStr  = fp.read().encode(encoding).replace("\n", "")

-        if single == False:
+        if not single:
            fcLength = len(fcEncodedStr)

            if fcLength > 1024:
@@ -200,7 +192,6 @@ class Filesystem:

        return fcEncodedList

-
    def updateBinChunk(self, binaryData, tmpPath):
        """
        Called by Microsoft SQL Server plugin to write a binary file on the
@@ -250,17 +241,15 @@ class Filesystem:

        return chunkName

-
    def askCheckWrittenFile(self, wFile, dFile, fileType):
-        message  = "do you want confirmation that the file '%s' " % dFile
-        message += "has been successfully written on the back-end DBMS "
+        message  = "do you want confirmation that the file '%s' " % dFile
+        message += "has been successfully written on the back-end DBMS "
        message += "file system? [Y/n] "
        output   = readInput(message, default="Y")

        if not output or output in ("y", "Y"):
            self.__checkWrittenFile(wFile, dFile, fileType)

-
    def readFile(self, rFile):
        fileContent = None

@@ -268,7 +257,7 @@ class Filesystem:

        self.checkDbmsOs()

-        if kb.stackedTest == False:
+        if not kb.stackedTest:
            debugMsg  = "going to read the file with UNION query SQL "
            debugMsg += "injection technique"
            logger.debug(debugMsg)
@@ -308,13 +297,12 @@ class Filesystem:

        return rFilePath

-
    def writeFile(self, wFile, dFile, fileType=None, confirm=True):
        stackedTest()

        self.checkDbmsOs()

-        if kb.stackedTest == False:
+        if not kb.stackedTest:
            debugMsg  = "going to upload the %s file with " % fileType
            debugMsg += "UNION query SQL injection technique"
            logger.debug(debugMsg)