PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

fixes #187

Browse Source
This commit is contained in:
Bernardo Damele
2013-01-23 01:27:01 +00:00
parent f3ff239e62
commit d8a0e7eacb
6 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/dbms/mssqlserver/filesystem.py
View File

@@ -326,7 +326,7 @@ class Filesystem(GenericFilesystem):
self.execCmd(complComm)
def stackedWriteFile(self, wFile, dFile, fileType):
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
# NOTE: this is needed here because we use xp_cmdshell extended
# procedure to write a file on the back-end Microsoft SQL Server
# file system
@@ -341,9 +341,9 @@ class Filesystem(GenericFilesystem):
self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType)
sameFile = self.askCheckWrittenFile(wFile, dFile)
written = self.askCheckWrittenFile(wFile, dFile)
if sameFile is False:
if written is False:
message = "do you want to try to upload the file with "
message += "another technique? [Y/n] "
choice = readInput(message, default="Y")
@@ -351,4 +351,6 @@ class Filesystem(GenericFilesystem):
if not choice or choice.lower() == "y":
self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
#self._stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType)
self.askCheckWrittenFile(wFile, dFile)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
return written

4
plugins/dbms/mysql/filesystem.py
View File

@@ -104,7 +104,7 @@ class Filesystem(GenericFilesystem):
warnMsg += "file as a leftover from UNION query"
singleTimeWarnMessage(warnMsg)
def stackedWriteFile(self, wFile, dFile, fileType):
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
debugMsg = "creating a support table to write the hexadecimal "
debugMsg += "encoded file to"
logger.debug(debugMsg)
@@ -131,4 +131,4 @@ class Filesystem(GenericFilesystem):
# Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True)
self.askCheckWrittenFile(wFile, dFile)
return self.askCheckWrittenFile(wFile, dFile, forceCheck)

6
plugins/dbms/postgresql/filesystem.py
View File

@@ -33,7 +33,7 @@ class Filesystem(GenericFilesystem):
errMsg += "query SQL injection technique"
raise SqlmapUnsupportedFeatureException(errMsg)
def stackedWriteFile(self, wFile, dFile, fileType):
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
wFileSize = os.path.getsize(wFile)
if wFileSize > 8192:
@@ -110,6 +110,8 @@ class Filesystem(GenericFilesystem):
# (pg_largeobject 'data' field)
inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True)
self.askCheckWrittenFile(wFile, dFile)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
return written