mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-08 22:03:11 +03:00
Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
commit
37346fe8a3
|
@ -147,7 +147,7 @@ def action():
|
||||||
|
|
||||||
# File system options
|
# File system options
|
||||||
if conf.rFile:
|
if conf.rFile:
|
||||||
conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
|
conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile))
|
||||||
|
|
||||||
if conf.wFile:
|
if conf.wFile:
|
||||||
conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType)
|
conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType)
|
||||||
|
|
|
@ -736,11 +736,11 @@ def dataToDumpFile(dumpFile, data):
|
||||||
dumpFile.write(data)
|
dumpFile.write(data)
|
||||||
dumpFile.flush()
|
dumpFile.flush()
|
||||||
|
|
||||||
def dataToOutFile(data):
|
def dataToOutFile(filename, data):
|
||||||
if not data:
|
if not data:
|
||||||
return "No data retrieved"
|
return "No data retrieved"
|
||||||
|
|
||||||
retVal = "%s%s%s" % (conf.filePath, os.sep, filePathToString(conf.rFile))
|
retVal = "%s%s%s" % (conf.filePath, os.sep, filePathToString(filename))
|
||||||
|
|
||||||
with codecs.open(retVal, "wb") as f:
|
with codecs.open(retVal, "wb") as f:
|
||||||
f.write(data)
|
f.write(data)
|
||||||
|
|
|
@ -19,6 +19,7 @@ from lib.core.common import isListLike
|
||||||
from lib.core.common import normalizeUnicode
|
from lib.core.common import normalizeUnicode
|
||||||
from lib.core.common import openFile
|
from lib.core.common import openFile
|
||||||
from lib.core.common import prioritySortColumns
|
from lib.core.common import prioritySortColumns
|
||||||
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import safeCSValue
|
from lib.core.common import safeCSValue
|
||||||
from lib.core.common import unsafeSQLIdentificatorNaming
|
from lib.core.common import unsafeSQLIdentificatorNaming
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -34,6 +35,7 @@ from lib.core.settings import HTML_DUMP_CSS_STYLE
|
||||||
from lib.core.settings import METADB_SUFFIX
|
from lib.core.settings import METADB_SUFFIX
|
||||||
from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
|
from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
|
||||||
from lib.core.settings import UNICODE_ENCODING
|
from lib.core.settings import UNICODE_ENCODING
|
||||||
|
from thirdparty.magic import magic
|
||||||
|
|
||||||
class Dump(object):
|
class Dump(object):
|
||||||
"""
|
"""
|
||||||
|
@ -476,6 +478,14 @@ class Dump(object):
|
||||||
blank = " " * (maxlength - len(value))
|
blank = " " * (maxlength - len(value))
|
||||||
self._write("| %s%s" % (value, blank), newline=False, console=console)
|
self._write("| %s%s" % (value, blank), newline=False, console=console)
|
||||||
|
|
||||||
|
# TODO: this is related to issue #8, but it is not yet working
|
||||||
|
#mimetype = magic.from_buffer(value, mime=True)
|
||||||
|
|
||||||
|
#if mimetype.startswith("application") or mimetype.startswith("image"):
|
||||||
|
# singleFP = open("%s%s%s" % (dumpDbPath, os.sep, "%s-%d.bin" % (column, randomInt(8))), "wb")
|
||||||
|
# singleFP.write(value.encode("utf8"))
|
||||||
|
# singleFP.close()
|
||||||
|
|
||||||
if conf.dumpFormat == DUMP_FORMAT.CSV:
|
if conf.dumpFormat == DUMP_FORMAT.CSV:
|
||||||
if field == fields:
|
if field == fields:
|
||||||
dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
|
dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
|
||||||
|
@ -551,7 +561,7 @@ class Dump(object):
|
||||||
def query(self, query, queryRes):
|
def query(self, query, queryRes):
|
||||||
self.string(query, queryRes)
|
self.string(query, queryRes)
|
||||||
|
|
||||||
def rFile(self, filePath, fileData):
|
def rFile(self, fileData):
|
||||||
self.lister("files saved to", fileData, sort=False)
|
self.lister("files saved to", fileData, sort=False)
|
||||||
|
|
||||||
def registerValue(self, registerData):
|
def registerValue(self, registerData):
|
||||||
|
|
|
@ -228,15 +228,18 @@ def runCase(switches=None, parse=None):
|
||||||
ifile = open(conf.dumper.getOutputFile(), "rb")
|
ifile = open(conf.dumper.getOutputFile(), "rb")
|
||||||
content = ifile.read()
|
content = ifile.read()
|
||||||
ifile.close()
|
ifile.close()
|
||||||
|
|
||||||
for item in parse:
|
for item in parse:
|
||||||
if item.startswith("r'") and item.endswith("'"):
|
if item.startswith("r'") and item.endswith("'"):
|
||||||
if not re.search(item[2:-1], content, re.DOTALL):
|
if not re.search(item[2:-1], content, re.DOTALL):
|
||||||
retVal = False
|
retVal = False
|
||||||
failedItem = item
|
failedItem = item
|
||||||
|
|
||||||
break
|
break
|
||||||
elif content.find(item) < 0:
|
elif content.find(item) < 0:
|
||||||
retVal = False
|
retVal = False
|
||||||
failedItem = item
|
failedItem = item
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
cleanCase()
|
cleanCase()
|
||||||
|
|
|
@ -157,7 +157,7 @@ class Filesystem:
|
||||||
if not output or output in ("y", "Y"):
|
if not output or output in ("y", "Y"):
|
||||||
return self._checkFileLength(localFile, remoteFile, True)
|
return self._checkFileLength(localFile, remoteFile, True)
|
||||||
|
|
||||||
return True
|
return None
|
||||||
|
|
||||||
def nonStackedReadFile(self, remoteFile):
|
def nonStackedReadFile(self, remoteFile):
|
||||||
errMsg = "'nonStackedReadFile' method must be defined "
|
errMsg = "'nonStackedReadFile' method must be defined "
|
||||||
|
@ -180,12 +180,12 @@ class Filesystem:
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod, errMsg
|
||||||
|
|
||||||
def readFile(self, remoteFiles):
|
def readFile(self, remoteFiles):
|
||||||
fileContent = None
|
localFilePaths = []
|
||||||
remoteFilePaths = []
|
|
||||||
|
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
||||||
for remoteFile in remoteFiles.split(","):
|
for remoteFile in remoteFiles.split(","):
|
||||||
|
fileContent = None
|
||||||
kb.fileReadMode = True
|
kb.fileReadMode = True
|
||||||
|
|
||||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||||
|
@ -207,14 +207,12 @@ class Filesystem:
|
||||||
errMsg += "system of the back-end %s server" % Backend.getDbms()
|
errMsg += "system of the back-end %s server" % Backend.getDbms()
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
|
|
||||||
return None
|
fileContent = None
|
||||||
|
|
||||||
kb.fileReadMode = False
|
kb.fileReadMode = False
|
||||||
|
|
||||||
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
|
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
|
||||||
self.cleanup(onlyFileTbl=True)
|
self.cleanup(onlyFileTbl=True)
|
||||||
|
|
||||||
return
|
|
||||||
elif isListLike(fileContent):
|
elif isListLike(fileContent):
|
||||||
newFileContent = ""
|
newFileContent = ""
|
||||||
|
|
||||||
|
@ -230,17 +228,23 @@ class Filesystem:
|
||||||
|
|
||||||
fileContent = newFileContent
|
fileContent = newFileContent
|
||||||
|
|
||||||
fileContent = decodeHexValue(fileContent)
|
if fileContent is not None:
|
||||||
remoteFilePath = dataToOutFile(fileContent)
|
fileContent = decodeHexValue(fileContent)
|
||||||
|
localFilePath = dataToOutFile(remoteFile, fileContent)
|
||||||
|
|
||||||
if not Backend.isDbms(DBMS.PGSQL):
|
if not Backend.isDbms(DBMS.PGSQL):
|
||||||
self.cleanup(onlyFileTbl=True)
|
self.cleanup(onlyFileTbl=True)
|
||||||
|
|
||||||
self.askCheckReadFile(remoteFilePath, remoteFile)
|
sameFile = self.askCheckReadFile(localFilePath, remoteFile)
|
||||||
|
|
||||||
remoteFilePaths.append(remoteFilePath)
|
if sameFile is True:
|
||||||
|
localFilePath += " (same file)"
|
||||||
|
elif sameFile is False:
|
||||||
|
localFilePath += " (size differs from remote file)"
|
||||||
|
|
||||||
return remoteFilePaths
|
localFilePaths.append(localFilePath)
|
||||||
|
|
||||||
|
return localFilePaths
|
||||||
|
|
||||||
def writeFile(self, localFile, remoteFile, fileType=None):
|
def writeFile(self, localFile, remoteFile, fileType=None):
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user