sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE

Browse Source
This commit is contained in:
Bernardo Damele 2012-04-19 14:05:45 +00:00
parent 2b1b4c0742
commit 072e08836f
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/dbms/mysql/filesystem.py
View File

@ -55,22 +55,28 @@ class Filesystem(GenericFilesystem):
length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(length): if not isNumPosStrValue(length):
errMsg = "unable to retrieve the content of the " warnMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile warnMsg += "file '%s'" % rFile
raise sqlmapNoneDataException, errMsg
length = int(length) if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
sustrLen = 1024 warnMsg += ", going to fall-back to simpler technique"
logger.warn(warnMsg)
if length > sustrLen: result = self.unionReadFile(rFile)
result = [] else:
raise sqlmapNoneDataException, warnMsg
for i in xrange(1, length, sustrLen):
chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, sustrLen, self.fileTblName), unpack=False, unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
result.append(chunk)
else: else:
result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) length = int(length)
sustrLen = 1024
if length > sustrLen:
result = []
for i in xrange(1, length, sustrLen):
chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, sustrLen, self.fileTblName), unpack=False, unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
result.append(chunk)
else:
result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)
return result return result