sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

re-enabled --read-file for MySQL with all techniques

Browse Source
This commit is contained in:
Bernardo Damele 2011-02-08 17:03:57 +00:00
parent 98ca1702ae
commit e16bab7117
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/generic/filesystem.py
View File

@ -270,20 +270,12 @@ class Filesystem:
logger.debug(debugMsg) logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile) fileContent = self.stackedReadFile(rFile)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL): elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with UNION query SQL " debugMsg = "going to read the file with UNION query SQL "
debugMsg += "injection technique" debugMsg += "injection technique"
logger.debug(debugMsg) logger.debug(debugMsg)
fileContent = self.unionReadFile(rFile) fileContent = self.unionReadFile(rFile)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and Backend.isDbms(DBMS.MYSQL):
# TODO: edit this as soon as the MySQL/trim/error-based bug
# is fixed
errMsg = "file retrieval via error-based SQL injection will "
errMsg += "be implemented soon"
logger.error(errMsg)
return None
else: else:
errMsg = "none of the SQL injection techniques detected can " errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file " errMsg += "be used to read files from the underlying file "