From 00b7411a872378ea1d5d3a85c53173fa0c4f39e1 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 10 Jul 2012 01:39:03 +0100
Subject: [PATCH] more adjustments for issue #33, of particular importance the
 fact that the user's provided statement from a file is never unescaped,
 should be ok

---
 plugins/generic/enumeration.py | 36 +++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index ab9998416..c12a4c902 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -2397,32 +2397,31 @@ class Enumeration:
                     sqlType = sqlTitle
                     break
 
-        if not sqlType or 'SELECT' in sqlType:
+        if 'OPENROWSET' not in query.upper() and (not sqlType or 'SELECT' in sqlType):
             infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
             logger.info(infoMsg)
 
             output = inject.getValue(query, fromUser=True)
 
             return output
-        else:
-            if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
                 warnMsg = "execution of custom SQL queries is only "
                 warnMsg += "available when stacked queries are supported"
                 logger.warn(warnMsg)
                 return None
+        else:
+            if sqlType:
+                infoMsg = "executing %s query: '%s'" % (sqlType if sqlType is not None else "SQL", query)
             else:
-                if sqlType:
-                    infoMsg = "executing %s query: '%s'" % (sqlType if sqlType is not None else "SQL", query)
-                else:
-                    infoMsg = "executing unknown SQL type query: '%s'" % query
-                logger.info(infoMsg)
+                infoMsg = "executing unknown SQL type query: '%s'" % query
+            logger.info(infoMsg)
 
-                inject.goStacked(query)
+            inject.goStacked(query)
 
-                infoMsg = "done"
-                logger.info(infoMsg)
+            infoMsg = "done"
+            logger.info(infoMsg)
 
-                output = False
+            output = False
 
         return output
 
@@ -2467,19 +2466,24 @@ class Enumeration:
                 dataToStdout("No output\n")
 
     def sqlFile(self):
+        conf.unescape = False
+
         infoMsg = "executing SQL statements from given file(s)"
         logger.info(infoMsg)
 
+        print "re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):", re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile)
+
         for sfile in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):
-            found = False
             sfile = sfile.strip()
 
             if not sfile:
                 continue
 
-            queries = getSQLSnippet(Backend.getDbms(), sfile)
+            query = getSQLSnippet(Backend.getDbms(), sfile)
 
-            infoMsg = "executing SQL statements from file '%s'" % sfile
+            infoMsg = "executing SQL statement%s from file '%s'" % ("s" if ";" in query else "", sfile)
             logger.info(infoMsg)
 
-            self.sqlQuery(queries)
+            conf.dumper.query(query, self.sqlQuery(query))
+
+        conf.unescape = True