From d55175a3407a921ee11608f1f24919719cb4bc2f Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 2 Jan 2010 01:35:13 +0000 Subject: [PATCH] Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. --- lib/utils/resume.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/utils/resume.py b/lib/utils/resume.py index fbc77931b..a10003447 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ - - import re from lib.core.common import dataToSessionFile @@ -34,7 +32,6 @@ from lib.core.data import queries from lib.core.unescaper import unescaper from lib.techniques.blind.inference import bisection - def queryOutputLength(expression, payload): """ Returns the query output length. @@ -45,14 +42,17 @@ def queryOutputLength(expression, payload): select = re.search("\ASELECT\s+", expression, re.I) selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I) selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I) - selectExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I) + selectFromExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I) + selectExpr = re.search("\ASELECT\s+(.+)$", expression, re.I) miscExpr = re.search("\A(.+)", expression, re.I) - if selectTopExpr or selectDistinctExpr or selectExpr: + if selectTopExpr or selectDistinctExpr or selectFromExpr or selectExpr: if selectTopExpr: regExpr = selectTopExpr.groups()[0] elif selectDistinctExpr: regExpr = selectDistinctExpr.groups()[0] + elif selectFromExpr: + regExpr = selectFromExpr.groups()[0] elif selectExpr: regExpr = selectExpr.groups()[0] elif miscExpr: @@ -84,7 +84,6 @@ def queryOutputLength(expression, payload): return count, length, regExpr - def resume(expression, payload): """ This function can be called to resume part or entire output of a