From eceb5eca7b399df3f115a8521b1a720809cb1397 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 May 2011 21:55:06 +0000 Subject: [PATCH] fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla) --- plugins/dbms/mssqlserver/filesystem.py | 2 +- plugins/generic/filesystem.py | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 5f866f0a5..ba6ee494e 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -98,7 +98,7 @@ class Filesystem(GenericFilesystem): if not result: result = [] - count = inject.getValue("SELECT COUNT(%s) FROM %s" % (self.tblField, hexTbl), resumeValue=False, charsetType=2) + count = inject.getValue("SELECT COUNT(*) FROM %s" % (hexTbl), resumeValue=False, charsetType=2) if not isNumPosStrValue(count): errMsg = "unable to retrieve the content of the " diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index f05f41ec2..c10941167 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -266,12 +266,6 @@ class Filesystem: self.checkDbmsOs() - if Backend.isOs(OS.WINDOWS) and not re.search(r'\A[A-Z]:', rFile, re.I) or\ - Backend.isOs(OS.LINUX) and not rFile.startswith('/'): - errMsg = "invalid file path used for the underlying operating " - errMsg += "system '%s' of the back-end '%s' server ('%s')" % (Backend.getOs(), Backend.getDbms(), rFile) - raise sqlmapFilePathException, errMsg - if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): debugMsg = "going to read the file with stacked query SQL "