fixes #187

2025-12-09 14:11:29 +00:00 · 2013-01-23 01:27:01 +00:00
parent f3ff239e62
commit d8a0e7eacb
6 changed files with 60 additions and 20 deletions
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -15,6 +15,7 @@ from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
+from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapUnsupportedFeatureException
 from lib.core.shell import autoCompletion
 from lib.request import inject
@@ -195,7 +196,11 @@ class Abstraction(Web, UDF, Xp_cmdshell):
                logger.warn(warnMsg)

            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
-                self.udfInjectSys()
+                success = self.udfInjectSys()
+
+                if success is not True:
+                    msg = "unable to mount the operating system takeover"
+                    raise SqlmapFilePathException(msg)
            elif Backend.isDbms(DBMS.MSSQL):
                if mandatory:
                    self.xpCmdshellInit()
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -137,6 +137,8 @@ class UDF:
        raise SqlmapUnsupportedFeatureException(errMsg)

    def udfInjectCore(self, udfDict):
+        written = False
+
        for udf in udfDict.keys():
            if udf in self.createdUdf:
                continue
@@ -145,7 +147,22 @@ class UDF:

        if len(self.udfToCreate) > 0:
            self.udfSetRemotePath()
-            self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary")
+            written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True)
+
+            if written is not True:
+                errMsg = "there has been a problem uploading the shared library, "
+                errMsg += "it looks like the binary file has not been written "
+                errMsg += "on the database underlying file system"
+                logger.error(errMsg)
+
+                message = "do you want to proceed anyway? Beware that the "
+                message += "operating system takeover will fail [y/N] "
+                choice = readInput(message, default="N")
+
+                if choice and choice.lower() == "y":
+                    written = True
+                else:
+                    return False

        for udf, inpRet in udfDict.items():
            if udf in self.udfToCreate and udf not in self.createdUdf:
@@ -158,10 +175,12 @@ class UDF:

        self.udfCreateSupportTbl(supportTblType)

+        return written
+
    def udfInjectSys(self):
        self.udfSetLocalPaths()
        self.udfCheckNeeded()
-        self.udfInjectCore(self.sysUdfs)
+        return self.udfInjectCore(self.sysUdfs)

    def udfInjectCustom(self):
        if Backend.getIdentifiedDbms() not in (DBMS.MYSQL, DBMS.PGSQL):
@@ -297,7 +316,11 @@ class UDF:
                    self.udfs[udfName]["return"] = retType
                    break

-        self.udfInjectCore(self.udfs)
+        success = self.udfInjectCore(self.udfs)
+
+        if success is False:
+            self.cleanup(udfDict=self.udfs)
+            return False

        msg = "do you want to call your injected user-defined "
        msg += "functions now? [Y/n/q] "