sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE

Browse Source
This commit is contained in:
Bernardo Damele 2012-04-19 14:05:45 +00:00
parent 2b1b4c0742
commit 072e08836f
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/dbms/mysql/filesystem.py
View File

@ -55,22 +55,28 @@ class Filesystem(GenericFilesystem):
length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(length):
errMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile
raise sqlmapNoneDataException, errMsg
warnMsg = "unable to retrieve the content of the "
warnMsg += "file '%s'" % rFile
length = int(length)
sustrLen = 1024
if length > sustrLen:
result = []
for i in xrange(1, length, sustrLen):
chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, sustrLen, self.fileTblName), unpack=False, unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
result.append(chunk)
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
warnMsg += ", going to fall-back to simpler technique"
logger.warn(warnMsg)
result = self.unionReadFile(rFile)
else:
raise sqlmapNoneDataException, warnMsg
else:
result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
length = int(length)
sustrLen = 1024
if length > sustrLen:
result = []
for i in xrange(1, length, sustrLen):
chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, sustrLen, self.fileTblName), unpack=False, unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
result.append(chunk)
else:
result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
return result