PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

re-enabled --read-file for MySQL with all techniques

Browse Source
This commit is contained in:
Bernardo Damele
2011-02-08 17:03:57 +00:00
parent 98ca1702ae
commit e16bab7117
1 changed files with 1 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/generic/filesystem.py
View File

@@ -270,20 +270,12 @@ class Filesystem:
logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with UNION query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.unionReadFile(rFile)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and Backend.isDbms(DBMS.MYSQL):
# TODO: edit this as soon as the MySQL/trim/error-based bug
# is fixed
errMsg = "file retrieval via error-based SQL injection will "
errMsg += "be implemented soon"
logger.error(errMsg)
return None
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file "