mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
This commit is contained in:
parent
d7cd55fb28
commit
ab412da27f
|
@ -80,7 +80,7 @@ class ICMPsh:
|
|||
if web:
|
||||
self.webFileUpload(self.__icmpslave, self.__icmpslaveRemote, self.webDirectory)
|
||||
else:
|
||||
self.writeFile(self.__icmpslave, self.__icmpslaveRemote, "binary", False)
|
||||
self.writeFile(self.__icmpslave, self.__icmpslaveRemote, "binary")
|
||||
|
||||
def icmpPwn(self):
|
||||
self.__prepareIngredients()
|
||||
|
|
|
@ -554,7 +554,7 @@ class Metasploit:
|
|||
if web:
|
||||
self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote, self.webDirectory)
|
||||
else:
|
||||
self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary", False)
|
||||
self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary")
|
||||
|
||||
def pwn(self, goUdf=False):
|
||||
if goUdf:
|
||||
|
|
|
@ -65,7 +65,7 @@ class Registry:
|
|||
logger.debug("creating batch file '%s'" % self.__batPathRemote)
|
||||
|
||||
self.__createLocalBatchFile()
|
||||
self.writeFile(self.__batPathLocal, self.__batPathRemote, "text", False)
|
||||
self.writeFile(self.__batPathLocal, self.__batPathRemote, "text")
|
||||
|
||||
os.unlink(self.__batPathLocal)
|
||||
|
||||
|
|
|
@ -156,7 +156,7 @@ class UDF:
|
|||
|
||||
if len(self.udfToCreate) > 0:
|
||||
self.udfSetRemotePath()
|
||||
self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", False)
|
||||
self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary")
|
||||
|
||||
for udf, inpRet in udfDict.items():
|
||||
if udf in self.udfToCreate and udf not in self.createdUdf:
|
||||
|
|
|
@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg = "on Microsoft Access it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "on Microsoft Access it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg = "on Firebird it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "on Firebird it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg = "on SAP MaxDB reading of files is not supported"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "on SAP MaxDB writing of files is not supported"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -164,7 +164,7 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
return result
|
||||
|
||||
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def unionWriteFile(self, wFile, dFile, fileType):
|
||||
errMsg = "Microsoft SQL Server does not support file upload with "
|
||||
errMsg += "UNION query SQL injection technique"
|
||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||
|
@ -332,7 +332,7 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
self.execCmd(complComm)
|
||||
|
||||
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def stackedWriteFile(self, wFile, dFile, fileType):
|
||||
# NOTE: this is needed here because we use xp_cmdshell extended
|
||||
# procedure to write a file on the back-end Microsoft SQL Server
|
||||
# file system
|
||||
|
|
|
@ -59,7 +59,7 @@ class Filesystem(GenericFilesystem):
|
|||
warnMsg += "file '%s'" % rFile
|
||||
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
|
||||
warnMsg += ", going to fall-back to simpler technique"
|
||||
warnMsg += ", going to fall-back to simpler UNION technique"
|
||||
logger.warn(warnMsg)
|
||||
result = self.unionReadFile(rFile)
|
||||
else:
|
||||
|
@ -80,7 +80,7 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
return result
|
||||
|
||||
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def unionWriteFile(self, wFile, dFile, fileType):
|
||||
logger.debug("encoding file to its hexadecimal string value")
|
||||
|
||||
fcEncodedList = self.fileEncode(wFile, "hex", True)
|
||||
|
@ -100,14 +100,13 @@ class Filesystem(GenericFilesystem):
|
|||
sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
|
||||
unionUse(sqlQuery, unpack=False)
|
||||
|
||||
if confirm:
|
||||
self.askCheckWrittenFile(wFile, dFile, fileType)
|
||||
|
||||
warnMsg = "expect junk characters inside the "
|
||||
warnMsg += "file as a leftover from UNION query"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def stackedWriteFile(self, wFile, dFile, fileType):
|
||||
debugMsg = "creating a support table to write the hexadecimal "
|
||||
debugMsg += "encoded file to"
|
||||
logger.debug(debugMsg)
|
||||
|
@ -134,5 +133,4 @@ class Filesystem(GenericFilesystem):
|
|||
# Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
|
||||
inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True)
|
||||
|
||||
if confirm:
|
||||
self.askCheckWrittenFile(wFile, dFile, fileType)
|
||||
|
|
|
@ -17,7 +17,7 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg += "Oracle"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "File system write access not yet implemented for "
|
||||
errMsg += "Oracle"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -33,12 +33,12 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
return self.udfEvalCmd(cmd=rFile, udfName="sys_fileread")
|
||||
|
||||
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def unionWriteFile(self, wFile, dFile, fileType):
|
||||
errMsg = "PostgreSQL does not support file upload with UNION "
|
||||
errMsg += "query SQL injection technique"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def stackedWriteFile(self, wFile, dFile, fileType):
|
||||
wFileSize = os.path.getsize(wFile)
|
||||
|
||||
if wFileSize > 8192:
|
||||
|
@ -115,7 +115,6 @@ class Filesystem(GenericFilesystem):
|
|||
# (pg_largeobject 'data' field)
|
||||
inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True)
|
||||
|
||||
if confirm:
|
||||
self.askCheckWrittenFile(wFile, dFile, fileType)
|
||||
|
||||
inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
|
||||
|
|
|
@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg = "on SQLite it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "on SQLite it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
|
|||
errMsg = "on Sybase it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
errMsg = "on Sybase it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -176,12 +176,12 @@ class Filesystem:
|
|||
errMsg += "into the specific DBMS plugin"
|
||||
raise sqlmapUndefinedMethod, errMsg
|
||||
|
||||
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def unionWriteFile(self, wFile, dFile, fileType):
|
||||
errMsg = "'unionWriteFile' method must be defined "
|
||||
errMsg += "into the specific DBMS plugin"
|
||||
raise sqlmapUndefinedMethod, errMsg
|
||||
|
||||
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
|
||||
def stackedWriteFile(self, wFile, dFile, fileType):
|
||||
errMsg = "'stackedWriteFile' method must be defined "
|
||||
errMsg += "into the specific DBMS plugin"
|
||||
raise sqlmapUndefinedMethod, errMsg
|
||||
|
@ -235,7 +235,7 @@ class Filesystem:
|
|||
|
||||
return rFilePath
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
def writeFile(self, wFile, dFile, fileType=None):
|
||||
self.checkDbmsOs()
|
||||
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
|
@ -244,14 +244,14 @@ class Filesystem:
|
|||
debugMsg += "stacked query SQL injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
self.stackedWriteFile(wFile, dFile, fileType, confirm)
|
||||
self.stackedWriteFile(wFile, dFile, fileType)
|
||||
self.cleanup(onlyFileTbl=True)
|
||||
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
|
||||
debugMsg = "going to upload the %s file with " % fileType
|
||||
debugMsg += "UNION query SQL injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
self.unionWriteFile(wFile, dFile, fileType, confirm)
|
||||
self.unionWriteFile(wFile, dFile, fileType)
|
||||
else:
|
||||
errMsg = "none of the SQL injection techniques detected can "
|
||||
errMsg += "be used to write files to the underlying file "
|
||||
|
|
Loading…
Reference in New Issue
Block a user