diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 1f5fc8602..21cd0af22 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -343,7 +343,7 @@ def checkSqlInjection(place, parameter, value): msg += "only basic UNION tests if there is not " msg += "at least one other (potential) " msg += "technique found. Do you want to reduce " - msg +="the number of requests? [Y/n] " + msg += "the number of requests? [Y/n] " kb.futileUnion = readInput(msg, default='Y', boolean=True) if kb.futileUnion and int(_) > 10: diff --git a/lib/core/settings.py b/lib/core/settings.py index 6ccc6c6d9..ff7f3b1c5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.6.5" +VERSION = "1.3.6.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/access/enumeration.py b/plugins/dbms/access/enumeration.py index fed692ae8..540aec0f5 100644 --- a/plugins/dbms/access/enumeration.py +++ b/plugins/dbms/access/enumeration.py @@ -23,7 +23,7 @@ class Enumeration(GenericEnumeration): warnMsg = "on Microsoft Access it is not possible to get name of the current database" logger.warn(warnMsg) - def isDba(self, *args, **kwargs): + def isDba(self, user=None): warnMsg = "on Microsoft Access it is not possible to test if current user is DBA" logger.warn(warnMsg) diff --git a/plugins/dbms/access/filesystem.py b/plugins/dbms/access/filesystem.py index 0d5009684..05b6a01e0 100644 --- a/plugins/dbms/access/filesystem.py +++ b/plugins/dbms/access/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on Microsoft Access it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on Microsoft Access it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/firebird/filesystem.py b/plugins/dbms/firebird/filesystem.py index 21cec6896..888da8433 100644 --- a/plugins/dbms/firebird/filesystem.py +++ b/plugins/dbms/firebird/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on Firebird it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on Firebird it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/h2/filesystem.py b/plugins/dbms/h2/filesystem.py index 800d206c8..2bfb05ea0 100644 --- a/plugins/dbms/h2/filesystem.py +++ b/plugins/dbms/h2/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on H2 it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on H2 it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index c0bb39b0c..a5dd2990c 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on HSQLDB it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on HSQLDB it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/maxdb/filesystem.py b/plugins/dbms/maxdb/filesystem.py index 34da2b769..00c09480d 100644 --- a/plugins/dbms/maxdb/filesystem.py +++ b/plugins/dbms/maxdb/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on SAP MaxDB reading of files is not supported" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on SAP MaxDB writing of files is not supported" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index df77b553e..609ce2d98 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -81,8 +81,8 @@ class Filesystem(GenericFilesystem): return chunkName - def stackedReadFile(self, rFile): - infoMsg = "fetching file: '%s'" % rFile + def stackedReadFile(self, remoteFile): + infoMsg = "fetching file: '%s'" % remoteFile logger.info(infoMsg) result = [] @@ -93,8 +93,8 @@ class Filesystem(GenericFilesystem): inject.goStacked("DROP TABLE %s" % hexTbl) inject.goStacked("CREATE TABLE %s(id INT IDENTITY(1, 1) PRIMARY KEY, %s %s)" % (hexTbl, self.tblField, "VARCHAR(4096)")) - logger.debug("loading the content of file '%s' into support table" % rFile) - inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, rFile, randomStr(10), randomStr(10)), silent=True) + logger.debug("loading the content of file '%s' into support table" % remoteFile) + inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, remoteFile, randomStr(10), randomStr(10)), silent=True) # Reference: https://web.archive.org/web/20120211184457/http://support.microsoft.com/kb/104829 binToHexQuery = """DECLARE @charset VARCHAR(16) @@ -147,7 +147,7 @@ class Filesystem(GenericFilesystem): if not isNumPosStrValue(count): errMsg = "unable to retrieve the content of the " - errMsg += "file '%s'" % rFile + errMsg += "file '%s'" % remoteFile raise SqlmapNoneDataException(errMsg) indexRange = getLimitRange(count) @@ -160,41 +160,41 @@ class Filesystem(GenericFilesystem): return result - def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): errMsg = "Microsoft SQL Server does not support file upload with " errMsg += "UNION query SQL injection technique" raise SqlmapUnsupportedFeatureException(errMsg) - def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType): + def _stackedWriteFilePS(self, tmpPath, localFileContent, remoteFile, fileType): infoMsg = "using PowerShell to write the %s file content " % fileType - infoMsg += "to file '%s'" % dFile + infoMsg += "to file '%s'" % remoteFile logger.info(infoMsg) - encodedFileContent = encodeBase64(wFileContent, binary=False) + encodedFileContent = encodeBase64(localFileContent, binary=False) encodedBase64File = "tmpf%s.txt" % randomStr(lowercase=True) encodedBase64FilePath = "%s\\%s" % (tmpPath, encodedBase64File) randPSScript = "tmpps%s.ps1" % randomStr(lowercase=True) randPSScriptPath = "%s\\%s" % (tmpPath, randPSScript) - wFileSize = len(encodedFileContent) + localFileSize = len(encodedFileContent) chunkMaxSize = 1024 logger.debug("uploading the base64-encoded file to %s, please wait.." % encodedBase64FilePath) - for i in xrange(0, wFileSize, chunkMaxSize): + for i in xrange(0, localFileSize, chunkMaxSize): wEncodedChunk = encodedFileContent[i:i + chunkMaxSize] self.xpCmdshellWriteFile(wEncodedChunk, tmpPath, encodedBase64File) psString = "$Base64 = Get-Content -Path \"%s\"; " % encodedBase64FilePath psString += "$Base64 = $Base64 -replace \"`t|`n|`r\",\"\"; $Content = " psString += "[System.Convert]::FromBase64String($Base64); Set-Content " - psString += "-Path \"%s\" -Value $Content -Encoding Byte" % dFile + psString += "-Path \"%s\" -Value $Content -Encoding Byte" % remoteFile logger.debug("uploading the PowerShell base64-decoding script to %s" % randPSScriptPath) self.xpCmdshellWriteFile(psString, tmpPath, randPSScript) - logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % dFile) + logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % remoteFile) commands = ( "powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath, @@ -204,27 +204,27 @@ class Filesystem(GenericFilesystem): self.execCmd(" & ".join(command for command in commands)) - def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType): + def _stackedWriteFileDebugExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType): infoMsg = "using debug.exe to write the %s " % fileType - infoMsg += "file content to file '%s', please wait.." % dFile + infoMsg += "file content to file '%s', please wait.." % remoteFile logger.info(infoMsg) - dFileName = ntpath.basename(dFile) - sFile = "%s\\%s" % (tmpPath, dFileName) - wFileSize = os.path.getsize(wFile) + remoteFileName = ntpath.basename(remoteFile) + sFile = "%s\\%s" % (tmpPath, remoteFileName) + localFileSize = os.path.getsize(localFile) debugSize = 0xFF00 - if wFileSize < debugSize: - chunkName = self._updateDestChunk(wFileContent, tmpPath) + if localFileSize < debugSize: + chunkName = self._updateDestChunk(localFileContent, tmpPath) debugMsg = "renaming chunk file %s\\%s to %s " % (tmpPath, chunkName, fileType) - debugMsg += "file %s\\%s and moving it to %s" % (tmpPath, dFileName, dFile) + debugMsg += "file %s\\%s and moving it to %s" % (tmpPath, remoteFileName, remoteFile) logger.debug(debugMsg) commands = ( "cd \"%s\"" % tmpPath, - "ren %s %s" % (chunkName, dFileName), - "move /Y %s %s" % (dFileName, dFile) + "ren %s %s" % (chunkName, remoteFileName), + "move /Y %s %s" % (remoteFileName, remoteFile) ) self.execCmd(" & ".join(command for command in commands)) @@ -235,18 +235,18 @@ class Filesystem(GenericFilesystem): debugMsg += "on the server, please wait.." logger.debug(debugMsg) - for i in xrange(0, wFileSize, debugSize): - wFileChunk = wFileContent[i:i + debugSize] - chunkName = self._updateDestChunk(wFileChunk, tmpPath) + for i in xrange(0, localFileSize, debugSize): + localFileChunk = localFileContent[i:i + debugSize] + chunkName = self._updateDestChunk(localFileChunk, tmpPath) if i == 0: debugMsg = "renaming chunk " - copyCmd = "ren %s %s" % (chunkName, dFileName) + copyCmd = "ren %s %s" % (chunkName, remoteFileName) else: debugMsg = "appending chunk " - copyCmd = "copy /B /Y %s+%s %s" % (dFileName, chunkName, dFileName) + copyCmd = "copy /B /Y %s+%s %s" % (remoteFileName, chunkName, remoteFileName) - debugMsg += "%s\\%s to %s file %s\\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName) + debugMsg += "%s\\%s to %s file %s\\%s" % (tmpPath, chunkName, fileType, tmpPath, remoteFileName) logger.debug(debugMsg) commands = ( @@ -257,18 +257,18 @@ class Filesystem(GenericFilesystem): self.execCmd(" & ".join(command for command in commands)) - logger.debug("moving %s file %s to %s" % (fileType, sFile, dFile)) + logger.debug("moving %s file %s to %s" % (fileType, sFile, remoteFile)) commands = ( "cd \"%s\"" % tmpPath, - "move /Y %s %s" % (dFileName, dFile) + "move /Y %s %s" % (remoteFileName, remoteFile) ) self.execCmd(" & ".join(command for command in commands)) - def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): + def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType): infoMsg = "using a custom visual basic script to write the " - infoMsg += "%s file content to file '%s', please wait.." % (fileType, dFile) + infoMsg += "%s file content to file '%s', please wait.." % (fileType, remoteFile) logger.info(infoMsg) randVbs = "tmps%s.vbs" % randomStr(lowercase=True) @@ -327,10 +327,10 @@ class Filesystem(GenericFilesystem): Else mimedecode = InStr(Base64Chars, strIn) - 1 End If - End Function""" % (randFilePath, dFile) + End Function""" % (randFilePath, remoteFile) vbs = vbs.replace(" ", "") - encodedFileContent = encodeBase64(wFileContent, binary=False) + encodedFileContent = encodeBase64(localFileContent, binary=False) logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath) @@ -349,9 +349,9 @@ class Filesystem(GenericFilesystem): self.execCmd(" & ".join(command for command in commands)) - def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType): + def _stackedWriteFileCertutilExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType): infoMsg = "using certutil.exe to write the %s " % fileType - infoMsg += "file content to file '%s', please wait.." % dFile + infoMsg += "file content to file '%s', please wait.." % remoteFile logger.info(infoMsg) chunkMaxSize = 500 @@ -359,7 +359,7 @@ class Filesystem(GenericFilesystem): randFile = "tmpf%s.txt" % randomStr(lowercase=True) randFilePath = "%s\\%s" % (tmpPath, randFile) - encodedFileContent = encodeBase64(wFileContent, binary=False) + encodedFileContent = encodeBase64(localFileContent, binary=False) splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)]) @@ -367,17 +367,17 @@ class Filesystem(GenericFilesystem): self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile) - logger.debug("decoding the file to %s.." % dFile) + logger.debug("decoding the file to %s.." % remoteFile) commands = ( "cd \"%s\"" % tmpPath, - "certutil -f -decode %s %s" % (randFile, dFile), + "certutil -f -decode %s %s" % (randFile, remoteFile), "del /F /Q %s" % randFile ) self.execCmd(" & ".join(command for command in commands)) - def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): # NOTE: this is needed here because we use xp_cmdshell extended # procedure to write a file on the back-end Microsoft SQL Server # file system @@ -386,35 +386,35 @@ class Filesystem(GenericFilesystem): self.getRemoteTempPath() tmpPath = posixToNtSlashes(conf.tmpPath) - dFile = posixToNtSlashes(dFile) - with open(wFile, "rb") as f: - wFileContent = f.read() + remoteFile = posixToNtSlashes(remoteFile) + with open(localFile, "rb") as f: + localFileContent = f.read() - self._stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType) - written = self.askCheckWrittenFile(wFile, dFile, forceCheck) + self._stackedWriteFilePS(tmpPath, localFileContent, remoteFile, fileType) + written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck) if written is False: message = "do you want to try to upload the file with " message += "the custom Visual Basic script technique? [Y/n] " if readInput(message, default='Y', boolean=True): - self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType) - written = self.askCheckWrittenFile(wFile, dFile, forceCheck) + self._stackedWriteFileVbs(tmpPath, localFileContent, remoteFile, fileType) + written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck) if written is False: message = "do you want to try to upload the file with " message += "the built-in debug.exe technique? [Y/n] " if readInput(message, default='Y', boolean=True): - self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType) - written = self.askCheckWrittenFile(wFile, dFile, forceCheck) + self._stackedWriteFileDebugExe(tmpPath, localFile, localFileContent, remoteFile, fileType) + written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck) if written is False: message = "do you want to try to upload the file with " message += "the built-in certutil.exe technique? [Y/n] " if readInput(message, default='Y', boolean=True): - self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType) - written = self.askCheckWrittenFile(wFile, dFile, forceCheck) + self._stackedWriteFileCertutilExe(tmpPath, localFile, localFileContent, remoteFile, fileType) + written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck) return written diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index c79f2ccc2..9fffa4b28 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -38,8 +38,8 @@ class Filesystem(GenericFilesystem): return result - def stackedReadFile(self, rFile): - infoMsg = "fetching file: '%s'" % rFile + def stackedReadFile(self, remoteFile): + infoMsg = "fetching file: '%s'" % remoteFile logger.info(infoMsg) self.createSupportTbl(self.fileTblName, self.tblField, "longtext") @@ -47,13 +47,13 @@ class Filesystem(GenericFilesystem): tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True)) - debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile + debugMsg = "saving hexadecimal encoded content of file '%s' " % remoteFile debugMsg += "into temporary file '%s'" % tmpFile logger.debug(debugMsg) - inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (rFile, tmpFile)) + inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (remoteFile, tmpFile)) debugMsg = "loading the content of hexadecimal encoded file " - debugMsg += "'%s' into support table" % rFile + debugMsg += "'%s' into support table" % remoteFile logger.debug(debugMsg) inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField)) @@ -61,12 +61,12 @@ class Filesystem(GenericFilesystem): if not isNumPosStrValue(length): warnMsg = "unable to retrieve the content of the " - warnMsg += "file '%s'" % rFile + warnMsg += "file '%s'" % remoteFile if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): warnMsg += ", going to fall-back to simpler UNION technique" logger.warn(warnMsg) - result = self.nonStackedReadFile(rFile) + result = self.nonStackedReadFile(remoteFile) else: raise SqlmapNoneDataException(warnMsg) else: @@ -85,10 +85,10 @@ class Filesystem(GenericFilesystem): return result @stackedmethod - def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): logger.debug("encoding file to its hexadecimal string value") - fcEncodedList = self.fileEncode(wFile, "hex", True) + fcEncodedList = self.fileEncode(localFile, "hex", True) fcEncodedStr = fcEncodedList[0] fcEncodedStrLen = len(fcEncodedStr) @@ -99,12 +99,12 @@ class Filesystem(GenericFilesystem): warnMsg += "writing process" logger.warn(warnMsg) - debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) + debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile) logger.debug(debugMsg) pushValue(kb.forceWhere) kb.forceWhere = PAYLOAD.WHERE.NEGATIVE - sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) + sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, remoteFile) unionUse(sqlQuery, unpack=False) kb.forceWhere = popValue() @@ -112,12 +112,12 @@ class Filesystem(GenericFilesystem): warnMsg += "file as a leftover from UNION query" singleTimeWarnMessage(warnMsg) - return self.askCheckWrittenFile(wFile, dFile, forceCheck) + return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) - def linesTerminatedWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): logger.debug("encoding file to its hexadecimal string value") - fcEncodedList = self.fileEncode(wFile, "hex", True) + fcEncodedList = self.fileEncode(localFile, "hex", True) fcEncodedStr = fcEncodedList[0][2:] fcEncodedStrLen = len(fcEncodedStr) @@ -128,10 +128,10 @@ class Filesystem(GenericFilesystem): warnMsg += "writing process" logger.warn(warnMsg) - debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) + debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile) logger.debug(debugMsg) - query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=dFile, HEXSTRING=fcEncodedStr) + query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr) query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) @@ -140,9 +140,9 @@ class Filesystem(GenericFilesystem): warnMsg += "file as a leftover from original query" singleTimeWarnMessage(warnMsg) - return self.askCheckWrittenFile(wFile, dFile, forceCheck) + return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) - def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): debugMsg = "creating a support table to write the hexadecimal " debugMsg += "encoded file to" logger.debug(debugMsg) @@ -150,7 +150,7 @@ class Filesystem(GenericFilesystem): self.createSupportTbl(self.fileTblName, self.tblField, "longblob") logger.debug("encoding file to its hexadecimal string value") - fcEncodedList = self.fileEncode(wFile, "hex", False) + fcEncodedList = self.fileEncode(localFile, "hex", False) debugMsg = "forging SQL statements to write the hexadecimal " debugMsg += "encoded file to the support table" @@ -165,10 +165,10 @@ class Filesystem(GenericFilesystem): for sqlQuery in sqlQueries: inject.goStacked(sqlQuery) - debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) + debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile) logger.debug(debugMsg) # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html - inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True) + inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, remoteFile), silent=True) - return self.askCheckWrittenFile(wFile, dFile, forceCheck) + return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 00520c91e..85f59261d 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -9,12 +9,12 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "File system read access not yet implemented for " errMsg += "Oracle" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "File system write access not yet implemented for " errMsg += "Oracle" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index 0a3b60086..6253a5fa6 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -22,22 +22,22 @@ class Filesystem(GenericFilesystem): GenericFilesystem.__init__(self) - def stackedReadFile(self, rFile): - infoMsg = "fetching file: '%s'" % rFile + def stackedReadFile(self, remoteFile): + infoMsg = "fetching file: '%s'" % remoteFile logger.info(infoMsg) self.initEnv() - return self.udfEvalCmd(cmd=rFile, udfName="sys_fileread") + return self.udfEvalCmd(cmd=remoteFile, udfName="sys_fileread") - def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "PostgreSQL does not support file upload with UNION " errMsg += "query SQL injection technique" raise SqlmapUnsupportedFeatureException(errMsg) - def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): - wFileSize = os.path.getsize(wFile) - content = open(wFile, "rb").read() + def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): + localFileSize = os.path.getsize(localFile) + content = open(localFile, "rb").read() self.oid = randomInt() self.page = 0 @@ -56,7 +56,7 @@ class Filesystem(GenericFilesystem): inject.goStacked("SELECT lo_create(%d)" % self.oid) inject.goStacked("DELETE FROM pg_largeobject WHERE loid=%d" % self.oid) - for offset in xrange(0, wFileSize, LOBLKSIZE): + for offset in xrange(0, localFileSize, LOBLKSIZE): fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False) sqlQueries = self.fileToSqlQueries(fcEncodedList) @@ -69,12 +69,12 @@ class Filesystem(GenericFilesystem): self.page += 1 debugMsg = "exporting the OID %s file content to " % fileType - debugMsg += "file '%s'" % dFile + debugMsg += "file '%s'" % remoteFile logger.debug(debugMsg) - inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True) + inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, remoteFile), silent=True) - written = self.askCheckWrittenFile(wFile, dFile, forceCheck) + written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck) inject.goStacked("SELECT lo_unlink(%d)" % self.oid) diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py index 60a6afbd5..0ee814629 100644 --- a/plugins/dbms/sqlite/enumeration.py +++ b/plugins/dbms/sqlite/enumeration.py @@ -18,7 +18,7 @@ class Enumeration(GenericEnumeration): warnMsg = "on SQLite it is not possible to get name of the current database" logger.warn(warnMsg) - def isDba(self, *args, **kwargs): + def isDba(self, user=None): warnMsg = "on SQLite the current user has all privileges" logger.warn(warnMsg) diff --git a/plugins/dbms/sqlite/filesystem.py b/plugins/dbms/sqlite/filesystem.py index c12bc48b9..89426f8fc 100644 --- a/plugins/dbms/sqlite/filesystem.py +++ b/plugins/dbms/sqlite/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on SQLite it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on SQLite it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py index 30b3f6b4a..a2f8757a4 100644 --- a/plugins/dbms/sybase/filesystem.py +++ b/plugins/dbms/sybase/filesystem.py @@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): - def readFile(self, rFile): + def readFile(self, remoteFile): errMsg = "on Sybase it is not possible to read files" raise SqlmapUnsupportedFeatureException(errMsg) - def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "on Sybase it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index eccf17cc5..008fd075c 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -203,12 +203,12 @@ class Filesystem(object): errMsg += "into the specific DBMS plugin" raise SqlmapUndefinedMethod(errMsg) - def readFile(self, remoteFiles): + def readFile(self, remoteFile): localFilePaths = [] self.checkDbmsOs() - for remoteFile in remoteFiles.split(','): + for remoteFile in remoteFile.split(','): fileContent = None kb.fileReadMode = True diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 26a21928c..2659765ed 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -165,7 +165,7 @@ class Miscellaneous(object): inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True) if Backend.isDbms(DBMS.MSSQL): - udfDict = {"master..new_xp_cmdshell": None} + udfDict = {"master..new_xp_cmdshell": {}} if udfDict is None: udfDict = self.sysUdfs