mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
re-enabled --read-file for MySQL with all techniques
This commit is contained in:
parent
98ca1702ae
commit
e16bab7117
|
@ -270,20 +270,12 @@ class Filesystem:
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
fileContent = self.stackedReadFile(rFile)
|
fileContent = self.stackedReadFile(rFile)
|
||||||
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
|
elif Backend.isDbms(DBMS.MYSQL):
|
||||||
debugMsg = "going to read the file with UNION query SQL "
|
debugMsg = "going to read the file with UNION query SQL "
|
||||||
debugMsg += "injection technique"
|
debugMsg += "injection technique"
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
fileContent = self.unionReadFile(rFile)
|
fileContent = self.unionReadFile(rFile)
|
||||||
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and Backend.isDbms(DBMS.MYSQL):
|
|
||||||
# TODO: edit this as soon as the MySQL/trim/error-based bug
|
|
||||||
# is fixed
|
|
||||||
errMsg = "file retrieval via error-based SQL injection will "
|
|
||||||
errMsg += "be implemented soon"
|
|
||||||
logger.error(errMsg)
|
|
||||||
|
|
||||||
return None
|
|
||||||
else:
|
else:
|
||||||
errMsg = "none of the SQL injection techniques detected can "
|
errMsg = "none of the SQL injection techniques detected can "
|
||||||
errMsg += "be used to read files from the underlying file "
|
errMsg += "be used to read files from the underlying file "
|
||||||
|
|
Loading…
Reference in New Issue
Block a user