sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-26 11:53:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.

Browse Source 
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
This commit is contained in:
Bernardo Damele 2011-02-06 15:23:27 +00:00
parent c44978862e
commit a5a648f4fe
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
plugins/generic/filesystem.py
View File

@ -48,7 +48,13 @@ class Filesystem:
return hexStr return hexStr
return binascii.unhexlify(hexStr) try:
cleanStr = binascii.unhexlify(hexStr)
except TypeError, e:
logger.critical("unable to unhex the string ('%s')" % e)
return None
return cleanStr
def __binDataToScr(self, binaryData, chunkName): def __binDataToScr(self, binaryData, chunkName):
""" """
@ -264,12 +270,25 @@ class Filesystem:
logger.debug(debugMsg) logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile) fileContent = self.stackedReadFile(rFile)
else: elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with UNION query SQL " debugMsg = "going to read the file with UNION query SQL "
debugMsg += "injection technique" debugMsg += "injection technique"
logger.debug(debugMsg) logger.debug(debugMsg)
fileContent = self.unionReadFile(rFile) fileContent = self.unionReadFile(rFile)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and Backend.isDbms(DBMS.MYSQL):
errMsg = "file retrieval via error-based SQL injection will "
errMsg += "be implemented soon"
logger.error(errMsg)
return None
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the file system on "
errMsg += "%s" % Backend.getDbms()
logger.error(errMsg)
return None
if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL: if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL:
self.cleanup(onlyFileTbl=True) self.cleanup(onlyFileTbl=True)
@ -305,9 +324,16 @@ class Filesystem:
self.stackedWriteFile(wFile, dFile, fileType, confirm) self.stackedWriteFile(wFile, dFile, fileType, confirm)
self.cleanup(onlyFileTbl=True) self.cleanup(onlyFileTbl=True)
else: elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to upload the %s file with " % fileType debugMsg = "going to upload the %s file with " % fileType
debugMsg += "UNION query SQL injection technique" debugMsg += "UNION query SQL injection technique"
logger.debug(debugMsg) logger.debug(debugMsg)
self.unionWriteFile(wFile, dFile, fileType, confirm) self.unionWriteFile(wFile, dFile, fileType, confirm)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to write files on the file system on "
errMsg += "%s" % Backend.getDbms()
logger.error(errMsg)
return None