Merge branch 'master' of github.com:sqlmapproject/sqlmap

This commit is contained in:
Miroslav Stampar 2012-12-19 15:23:57 +01:00
commit 37346fe8a3
5 changed files with 34 additions and 17 deletions

View File

@ -147,7 +147,7 @@ def action():
# File system options # File system options
if conf.rFile: if conf.rFile:
conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile)) conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile))
if conf.wFile: if conf.wFile:
conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType) conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType)

View File

@ -736,11 +736,11 @@ def dataToDumpFile(dumpFile, data):
dumpFile.write(data) dumpFile.write(data)
dumpFile.flush() dumpFile.flush()
def dataToOutFile(data): def dataToOutFile(filename, data):
if not data: if not data:
return "No data retrieved" return "No data retrieved"
retVal = "%s%s%s" % (conf.filePath, os.sep, filePathToString(conf.rFile)) retVal = "%s%s%s" % (conf.filePath, os.sep, filePathToString(filename))
with codecs.open(retVal, "wb") as f: with codecs.open(retVal, "wb") as f:
f.write(data) f.write(data)

View File

@ -19,6 +19,7 @@ from lib.core.common import isListLike
from lib.core.common import normalizeUnicode from lib.core.common import normalizeUnicode
from lib.core.common import openFile from lib.core.common import openFile
from lib.core.common import prioritySortColumns from lib.core.common import prioritySortColumns
from lib.core.common import randomInt
from lib.core.common import safeCSValue from lib.core.common import safeCSValue
from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf from lib.core.data import conf
@ -34,6 +35,7 @@ from lib.core.settings import HTML_DUMP_CSS_STYLE
from lib.core.settings import METADB_SUFFIX from lib.core.settings import METADB_SUFFIX
from lib.core.settings import TRIM_STDOUT_DUMP_SIZE from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from thirdparty.magic import magic
class Dump(object): class Dump(object):
""" """
@ -476,6 +478,14 @@ class Dump(object):
blank = " " * (maxlength - len(value)) blank = " " * (maxlength - len(value))
self._write("| %s%s" % (value, blank), newline=False, console=console) self._write("| %s%s" % (value, blank), newline=False, console=console)
# TODO: this is related to issue #8, but it is not yet working
#mimetype = magic.from_buffer(value, mime=True)
#if mimetype.startswith("application") or mimetype.startswith("image"):
# singleFP = open("%s%s%s" % (dumpDbPath, os.sep, "%s-%d.bin" % (column, randomInt(8))), "wb")
# singleFP.write(value.encode("utf8"))
# singleFP.close()
if conf.dumpFormat == DUMP_FORMAT.CSV: if conf.dumpFormat == DUMP_FORMAT.CSV:
if field == fields: if field == fields:
dataToDumpFile(dumpFP, "%s" % safeCSValue(value)) dataToDumpFile(dumpFP, "%s" % safeCSValue(value))
@ -551,7 +561,7 @@ class Dump(object):
def query(self, query, queryRes): def query(self, query, queryRes):
self.string(query, queryRes) self.string(query, queryRes)
def rFile(self, filePath, fileData): def rFile(self, fileData):
self.lister("files saved to", fileData, sort=False) self.lister("files saved to", fileData, sort=False)
def registerValue(self, registerData): def registerValue(self, registerData):

View File

@ -228,15 +228,18 @@ def runCase(switches=None, parse=None):
ifile = open(conf.dumper.getOutputFile(), "rb") ifile = open(conf.dumper.getOutputFile(), "rb")
content = ifile.read() content = ifile.read()
ifile.close() ifile.close()
for item in parse: for item in parse:
if item.startswith("r'") and item.endswith("'"): if item.startswith("r'") and item.endswith("'"):
if not re.search(item[2:-1], content, re.DOTALL): if not re.search(item[2:-1], content, re.DOTALL):
retVal = False retVal = False
failedItem = item failedItem = item
break break
elif content.find(item) < 0: elif content.find(item) < 0:
retVal = False retVal = False
failedItem = item failedItem = item
break break
cleanCase() cleanCase()

View File

@ -157,7 +157,7 @@ class Filesystem:
if not output or output in ("y", "Y"): if not output or output in ("y", "Y"):
return self._checkFileLength(localFile, remoteFile, True) return self._checkFileLength(localFile, remoteFile, True)
return True return None
def nonStackedReadFile(self, remoteFile): def nonStackedReadFile(self, remoteFile):
errMsg = "'nonStackedReadFile' method must be defined " errMsg = "'nonStackedReadFile' method must be defined "
@ -180,12 +180,12 @@ class Filesystem:
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def readFile(self, remoteFiles): def readFile(self, remoteFiles):
fileContent = None localFilePaths = []
remoteFilePaths = []
self.checkDbmsOs() self.checkDbmsOs()
for remoteFile in remoteFiles.split(","): for remoteFile in remoteFiles.split(","):
fileContent = None
kb.fileReadMode = True kb.fileReadMode = True
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
@ -207,14 +207,12 @@ class Filesystem:
errMsg += "system of the back-end %s server" % Backend.getDbms() errMsg += "system of the back-end %s server" % Backend.getDbms()
logger.error(errMsg) logger.error(errMsg)
return None fileContent = None
kb.fileReadMode = False kb.fileReadMode = False
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL): if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True) self.cleanup(onlyFileTbl=True)
return
elif isListLike(fileContent): elif isListLike(fileContent):
newFileContent = "" newFileContent = ""
@ -230,17 +228,23 @@ class Filesystem:
fileContent = newFileContent fileContent = newFileContent
fileContent = decodeHexValue(fileContent) if fileContent is not None:
remoteFilePath = dataToOutFile(fileContent) fileContent = decodeHexValue(fileContent)
localFilePath = dataToOutFile(remoteFile, fileContent)
if not Backend.isDbms(DBMS.PGSQL): if not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True) self.cleanup(onlyFileTbl=True)
self.askCheckReadFile(remoteFilePath, remoteFile) sameFile = self.askCheckReadFile(localFilePath, remoteFile)
remoteFilePaths.append(remoteFilePath) if sameFile is True:
localFilePath += " (same file)"
elif sameFile is False:
localFilePath += " (size differs from remote file)"
return remoteFilePaths localFilePaths.append(localFilePath)
return localFilePaths
def writeFile(self, localFile, remoteFile, fileType=None): def writeFile(self, localFile, remoteFile, fileType=None):
self.checkDbmsOs() self.checkDbmsOs()