fixes #187

2025-12-09 14:11:29 +00:00 · 2013-01-23 01:27:01 +00:00
parent f3ff239e62
commit d8a0e7eacb
6 changed files with 60 additions and 20 deletions
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -326,7 +326,7 @@ class Filesystem(GenericFilesystem):

        self.execCmd(complComm)

-    def stackedWriteFile(self, wFile, dFile, fileType):
+    def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        # NOTE: this is needed here because we use xp_cmdshell extended
        # procedure to write a file on the back-end Microsoft SQL Server
        # file system
@@ -341,9 +341,9 @@ class Filesystem(GenericFilesystem):

        self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType)

-        sameFile = self.askCheckWrittenFile(wFile, dFile)
+        written = self.askCheckWrittenFile(wFile, dFile)

-        if sameFile is False:
+        if written is False:
            message = "do you want to try to upload the file with "
            message += "another technique? [Y/n] "
            choice = readInput(message, default="Y")
@@ -351,4 +351,6 @@ class Filesystem(GenericFilesystem):
            if not choice or choice.lower() == "y":
                self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
                #self._stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType)
-                self.askCheckWrittenFile(wFile, dFile)
+                written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
+
+        return written
--- a/plugins/dbms/mysql/filesystem.py
+++ b/plugins/dbms/mysql/filesystem.py
@@ -104,7 +104,7 @@ class Filesystem(GenericFilesystem):
        warnMsg += "file as a leftover from UNION query"
        singleTimeWarnMessage(warnMsg)

-    def stackedWriteFile(self, wFile, dFile, fileType):
+    def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        debugMsg = "creating a support table to write the hexadecimal "
        debugMsg += "encoded file to"
        logger.debug(debugMsg)
@@ -131,4 +131,4 @@ class Filesystem(GenericFilesystem):
        # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
        inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True)

-        self.askCheckWrittenFile(wFile, dFile)
+        return self.askCheckWrittenFile(wFile, dFile, forceCheck)
--- a/plugins/dbms/postgresql/filesystem.py
+++ b/plugins/dbms/postgresql/filesystem.py
@@ -33,7 +33,7 @@ class Filesystem(GenericFilesystem):
        errMsg += "query SQL injection technique"
        raise SqlmapUnsupportedFeatureException(errMsg)

-    def stackedWriteFile(self, wFile, dFile, fileType):
+    def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        wFileSize = os.path.getsize(wFile)

        if wFileSize > 8192:
@@ -110,6 +110,8 @@ class Filesystem(GenericFilesystem):
        # (pg_largeobject 'data' field)
        inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True)

-        self.askCheckWrittenFile(wFile, dFile)
+        written = self.askCheckWrittenFile(wFile, dFile, forceCheck)

        inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
+
+        return written
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -135,13 +135,17 @@ class Filesystem:

        return retVal

-    def askCheckWrittenFile(self, localFile, remoteFile):
-        message = "do you want confirmation that the local file '%s' " % localFile
-        message += "has been successfully written on the back-end DBMS "
-        message += "file system (%s)? [Y/n] " % remoteFile
-        output = readInput(message, default="Y")
+    def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
+        output = None
+        if forceCheck is not True:
+            message = "do you want confirmation that the local file '%s' " % localFile
+            message += "has been successfully written on the back-end DBMS "
+            message += "file system (%s)? [Y/n] " % remoteFile
+            output = readInput(message, default="Y")

-        if not output or output in ("y", "Y"):
+        readInput("press ENTER to continue :)")
+
+        if forceCheck or (not output or output in ("y", "Y")):
            return self._checkFileLength(localFile, remoteFile)

        return True
@@ -249,7 +253,9 @@ class Filesystem:

        return localFilePaths

-    def writeFile(self, localFile, remoteFile, fileType=None):
+    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
+        written = False
+
        self.checkDbmsOs()

        if localFile.endswith('_'):
@@ -261,7 +267,7 @@ class Filesystem:
                debugMsg += "stacked query SQL injection technique"
                logger.debug(debugMsg)

-            self.stackedWriteFile(localFile, remoteFile, fileType)
+            written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)
            self.cleanup(onlyFileTbl=True)
        elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
            debugMsg = "going to upload the %s file with " % fileType
@@ -276,3 +282,5 @@ class Filesystem:
            logger.error(errMsg)

            return None
+
+        return written