From 326ed33f31275c3a341c5b10621a5949ccc753a3 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 18 Dec 2012 17:55:21 +0000
Subject: [PATCH] added support for comma separated list of files for
 --file-read - fixes issue #223

---
 lib/core/dump.py              |  2 +-
 plugins/generic/filesystem.py | 82 ++++++++++++++++++-----------------
 2 files changed, 44 insertions(+), 40 deletions(-)

diff --git a/lib/core/dump.py b/lib/core/dump.py
index 29a257898..b86168ab9 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -552,7 +552,7 @@ class Dump(object):
         self.string(query, queryRes)
 
     def rFile(self, filePath, fileData):
-        self.string("%s file saved to" % filePath, fileData, sort=False)
+        self.lister("files saved to", fileData, sort=False)
 
     def registerValue(self, registerData):
         self.string("Registry key value data", registerData, sort=False)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index c7a6809a1..d4fdb40dc 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -179,64 +179,68 @@ class Filesystem:
         errMsg += "into the specific DBMS plugin"
         raise SqlmapUndefinedMethod, errMsg
 
-    def readFile(self, remoteFile):
+    def readFile(self, remoteFiles):
         fileContent = None
+        remoteFilePaths = []
 
         self.checkDbmsOs()
 
-        kb.fileReadMode = True
+        for remoteFile in remoteFiles.split(","):
+            kb.fileReadMode = True
 
-        if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-            if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-                debugMsg = "going to read the file with stacked query SQL "
-                debugMsg += "injection technique"
+            if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+                    debugMsg = "going to read the file with stacked query SQL "
+                    debugMsg += "injection technique"
+                    logger.debug(debugMsg)
+
+                fileContent = self.stackedReadFile(remoteFile)
+            elif Backend.isDbms(DBMS.MYSQL):
+                debugMsg = "going to read the file with a non-stacked query "
+                debugMsg += "SQL injection technique"
                 logger.debug(debugMsg)
 
-            fileContent = self.stackedReadFile(remoteFile)
-        elif Backend.isDbms(DBMS.MYSQL):
-            debugMsg = "going to read the file with a non-stacked query "
-            debugMsg += "SQL injection technique"
-            logger.debug(debugMsg)
+                fileContent = self.nonStackedReadFile(remoteFile)
+            else:
+                errMsg = "none of the SQL injection techniques detected can "
+                errMsg += "be used to read files from the underlying file "
+                errMsg += "system of the back-end %s server" % Backend.getDbms()
+                logger.error(errMsg)
 
-            fileContent = self.nonStackedReadFile(remoteFile)
-        else:
-            errMsg = "none of the SQL injection techniques detected can "
-            errMsg += "be used to read files from the underlying file "
-            errMsg += "system of the back-end %s server" % Backend.getDbms()
-            logger.error(errMsg)
+                return None
 
-            return None
+            kb.fileReadMode = False
 
-        kb.fileReadMode = False
+            if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
+                self.cleanup(onlyFileTbl=True)
 
-        if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
-            self.cleanup(onlyFileTbl=True)
+                return
+            elif isListLike(fileContent):
+                newFileContent = ""
 
-            return
-        elif isListLike(fileContent):
-            newFileContent = ""
+                for chunk in fileContent:
+                    if isListLike(chunk):
+                        if len(chunk) > 0:
+                            chunk = chunk[0]
+                        else:
+                            chunk = ""
 
-            for chunk in fileContent:
-                if isListLike(chunk):
-                    if len(chunk) > 0:
-                        chunk = chunk[0]
-                    else:
-                        chunk = ""
+                    if chunk:
+                        newFileContent += chunk
 
-                if chunk:
-                    newFileContent += chunk
+                fileContent = newFileContent
 
-            fileContent = newFileContent
+            fileContent = decodeHexValue(fileContent)
+            remoteFilePath = dataToOutFile(fileContent)
 
-        fileContent = decodeHexValue(fileContent)
-        remoteFilePath = dataToOutFile(fileContent)
+            if not Backend.isDbms(DBMS.PGSQL):
+                self.cleanup(onlyFileTbl=True)
 
-        if not Backend.isDbms(DBMS.PGSQL):
-            self.cleanup(onlyFileTbl=True)
+            self.askCheckReadFile(remoteFilePath, remoteFile)
 
-        self.askCheckReadFile(remoteFilePath, remoteFile)
+            remoteFilePaths.append(remoteFilePath)
 
-        return remoteFilePath
+        return remoteFilePaths
 
     def writeFile(self, localFile, remoteFile, fileType=None):
         self.checkDbmsOs()