From a5a648f4fea15a03b4eecd226426a287f441e708 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Sun, 6 Feb 2011 15:23:27 +0000
Subject: [PATCH] Correctly handle --read-file and --write-file if neither
 stacked queries nor union query SQL injection has been detected. Support to
 read files on MySQL via error-based SQL injection technique will come as soon
 as we fix the MySQL/trim/error-based bug

---
 plugins/generic/filesystem.py | 36 ++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index 189443e5e..d1bd719e2 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -48,7 +48,13 @@ class Filesystem:
 
             return hexStr
 
-        return binascii.unhexlify(hexStr)
+        try:
+            cleanStr = binascii.unhexlify(hexStr)
+        except TypeError, e:
+            logger.critical("unable to unhex the string ('%s')" % e)
+            return None
+
+        return cleanStr
 
     def __binDataToScr(self, binaryData, chunkName):
         """
@@ -264,12 +270,25 @@ class Filesystem:
                 logger.debug(debugMsg)
 
             fileContent = self.stackedReadFile(rFile)
-        else:
-            debugMsg  = "going to read the file with UNION query SQL "
+        elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
+            debugMsg = "going to read the file with UNION query SQL "
             debugMsg += "injection technique"
             logger.debug(debugMsg)
 
             fileContent = self.unionReadFile(rFile)
+        elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and Backend.isDbms(DBMS.MYSQL):
+            errMsg = "file retrieval via error-based SQL injection will "
+            errMsg += "be implemented soon"
+            logger.error(errMsg)
+
+            return None
+        else:
+            errMsg = "none of the SQL injection techniques detected can "
+            errMsg += "be used to read files from the file system on "
+            errMsg += "%s" % Backend.getDbms()
+            logger.error(errMsg)
+
+            return None
 
         if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL:
             self.cleanup(onlyFileTbl=True)
@@ -305,9 +324,16 @@ class Filesystem:
 
             self.stackedWriteFile(wFile, dFile, fileType, confirm)
             self.cleanup(onlyFileTbl=True)
-        else:
-            debugMsg  = "going to upload the %s file with " % fileType
+        elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
+            debugMsg = "going to upload the %s file with " % fileType
             debugMsg += "UNION query SQL injection technique"
             logger.debug(debugMsg)
 
             self.unionWriteFile(wFile, dFile, fileType, confirm)
+        else:
+            errMsg = "none of the SQL injection techniques detected can "
+            errMsg += "be used to write files on the file system on "
+            errMsg += "%s" % Backend.getDbms()
+            logger.error(errMsg)
+
+            return None