added support for comma separated list of files for --file-read - fixes issue #223

2025-06-30 18:03:08 +03:00 · 2012-12-18 17:55:21 +00:00 · 2012-12-18 17:55:21 +00:00 · 326ed33f31
commit 326ed33f31
parent 8d9aa2c384
2 changed files with 44 additions and 40 deletions
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@ -552,7 +552,7 @@ class Dump(object):
        self.string(query, queryRes)
    def rFile(self, filePath, fileData):
-        self.string("%s file saved to" % filePath, fileData, sort=False)
+        self.lister("files saved to", fileData, sort=False)
    def registerValue(self, registerData):
        self.string("Registry key value data", registerData, sort=False)
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -179,64 +179,68 @@ class Filesystem:
        errMsg += "into the specific DBMS plugin"
        raise SqlmapUndefinedMethod, errMsg
-    def readFile(self, remoteFile):
+    def readFile(self, remoteFiles):
        fileContent = None
        remoteFilePaths = []
        self.checkDbmsOs()
-        kb.fileReadMode = True
+        for remoteFile in remoteFiles.split(","):
            kb.fileReadMode = True
-        if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+            if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-            if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-                debugMsg = "going to read the file with stacked query SQL "
+                    debugMsg = "going to read the file with stacked query SQL "
-                debugMsg += "injection technique"
+                    debugMsg += "injection technique"
                    logger.debug(debugMsg)
                fileContent = self.stackedReadFile(remoteFile)
            elif Backend.isDbms(DBMS.MYSQL):
                debugMsg = "going to read the file with a non-stacked query "
                debugMsg += "SQL injection technique"
                logger.debug(debugMsg)
-            fileContent = self.stackedReadFile(remoteFile)
+                fileContent = self.nonStackedReadFile(remoteFile)
-        elif Backend.isDbms(DBMS.MYSQL):
+            else:
-            debugMsg = "going to read the file with a non-stacked query "
+                errMsg = "none of the SQL injection techniques detected can "
-            debugMsg += "SQL injection technique"
+                errMsg += "be used to read files from the underlying file "
-            logger.debug(debugMsg)
+                errMsg += "system of the back-end %s server" % Backend.getDbms()
                logger.error(errMsg)
-            fileContent = self.nonStackedReadFile(remoteFile)
+                return None
        else:
            errMsg = "none of the SQL injection techniques detected can "
            errMsg += "be used to read files from the underlying file "
            errMsg += "system of the back-end %s server" % Backend.getDbms()
            logger.error(errMsg)
-            return None
+            kb.fileReadMode = False
-        kb.fileReadMode = False
+            if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
                self.cleanup(onlyFileTbl=True)
-        if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
+                return
-            self.cleanup(onlyFileTbl=True)
+            elif isListLike(fileContent):
                newFileContent = ""
-            return
+                for chunk in fileContent:
-        elif isListLike(fileContent):
+                    if isListLike(chunk):
-            newFileContent = ""
+                        if len(chunk) > 0:
                            chunk = chunk[0]
                        else:
                            chunk = ""
-            for chunk in fileContent:
+                    if chunk:
-                if isListLike(chunk):
+                        newFileContent += chunk
                    if len(chunk) > 0:
                        chunk = chunk[0]
                    else:
                        chunk = ""
-                if chunk:
+                fileContent = newFileContent
                    newFileContent += chunk
-            fileContent = newFileContent
+            fileContent = decodeHexValue(fileContent)
            remoteFilePath = dataToOutFile(fileContent)
-        fileContent = decodeHexValue(fileContent)
+            if not Backend.isDbms(DBMS.PGSQL):
-        remoteFilePath = dataToOutFile(fileContent)
+                self.cleanup(onlyFileTbl=True)
-        if not Backend.isDbms(DBMS.PGSQL):
+            self.askCheckReadFile(remoteFilePath, remoteFile)
            self.cleanup(onlyFileTbl=True)
-        self.askCheckReadFile(remoteFilePath, remoteFile)
+            remoteFilePaths.append(remoteFilePath)
-        return remoteFilePath
+        return remoteFilePaths
    def writeFile(self, localFile, remoteFile, fileType=None):
        self.checkDbmsOs()