def resume(expression, payload):
"""
This function can be called to resume part or entire output of a
SQL injection query output.
"""
try:
if "sqlmapfile" in expression or "sqlmapoutput" in expression:
return None
condition = (
kb.resumedQueries
and conf.url in kb.resumedQueries.keys()
and expression in kb.resumedQueries[conf.url].keys()
)
if not condition:
return None
resumedValue = kb.resumedQueries[conf.url][expression]
if not resumedValue:
return None
resumedValue = restoreDumpMarkedChars(resumedValue, True)
if resumedValue[-1] == "]":
resumedValue = resumedValue[:-1]
infoMsg = "read from file '%s': " % conf.sessionFile
logValue = re.findall("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), resumedValue, re.S)
if logValue:
logValue = ", ".join([value.replace(DUMP_DEL_MARKER, ", ") for value in logValue])
else:
logValue = resumedValue
if "\n" in logValue:
infoMsg += "%s..." % logValue.split("\n")[0]
else:
infoMsg += logValue
logger.info(infoMsg)
return resumedValue
# If we called this function without providing a payload it means that
# we have called it from lib/request/inject __goInband() function
# in UNION query (inband) SQL injection so we return to the calling
# function so that the query output will be retrieved taking advantage
# of the inband SQL injection vulnerability.
if not payload:
return None
if not kb.dbms:
return None
substringQuery = queries[kb.dbms].substring.query
select = re.search("\ASELECT ", expression, re.I)
_, length, regExpr = queryOutputLength(expression, payload)
if not length:
return None
if len(resumedValue) == int(length):
infoMsg = "read from file '%s': " % conf.sessionFile
infoMsg += "%s" % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile(
"[%s][%s][%s][%s][%s]\n"
% (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue))
)
return resumedValue
elif len(resumedValue) < int(length):
infoMsg = "resumed from file '%s': " % conf.sessionFile
infoMsg += "%s..." % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile(
"[%s][%s][%s][%s][%s"
% (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue))
)
if select:
newExpr = expression.replace(
regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1
)
else:
newExpr = safeStringFormat(substringQuery, (expression, len(resumedValue) + 1, int(length)))
missingCharsLength = int(length) - len(resumedValue)
infoMsg = "retrieving pending %d query " % missingCharsLength
infoMsg += "output characters"
logger.info(infoMsg)
start = time.time()
count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg)
if len(finalValue) != (int(length) - len(resumedValue)):
warnMsg = "the total length of the query is not "
warnMsg += "right, sqlmap is going to retrieve the "
warnMsg += "query value from the beginning now"
logger.warn(warnMsg)
return None
return "%s%s" % (resumedValue, finalValue)
return None
except ValueError:
errMsg = "invalid resume value for expression: '%s'" % expression
logger.error(errMsg)
return None
def resume(expression, payload):
"""
This function can be called to resume part or entire output of a
SQL injection query output.
"""
try:
if "sqlmapfile" in expression or "sqlmapoutput" in expression or conf.freshQueries:
return None
condition = (kb.resumedQueries
and conf.url in kb.resumedQueries.keys()
and expression in kb.resumedQueries[conf.url].keys())
if not condition:
return None
resumedValue = kb.resumedQueries[conf.url][expression]
if not resumedValue:
return None
resumedValue = restoreDumpMarkedChars(resumedValue, True)
if resumedValue[-1] == "]":
resumedValue = resumedValue[:-1]
infoMsg = "read from file '%s': " % conf.sessionFile
logValue = re.findall(
"%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER),
resumedValue, re.S)
if logValue:
if kb.technique == PAYLOAD.TECHNIQUE.UNION:
logValue = ", ".join([
value.replace(DUMP_DEL_MARKER, ", ")
for value in logValue
])
else:
return None
else:
logValue = resumedValue
if "\n" in logValue:
infoMsg += "%s..." % logValue.split("\n")[0]
else:
infoMsg += logValue
dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))
return resumedValue
# If we called this function without providing a payload it means
# that we have called it from lib/request/inject __goInband() or
# from __goError() function so we return to the calling function
# so that the query output will be retrieved taking advantage
# of either error-based or inband SQL injection vulnerability.
if not payload:
return None
if not Backend.getIdentifiedDbms():
return None
substringQuery = queries[Backend.getIdentifiedDbms()].substring.query
select = re.search("\ASELECT ", expression, re.I)
_, length, regExpr = queryOutputLength(expression, payload)
if not length:
return None
if len(resumedValue) == int(length):
infoMsg = "read from file '%s': " % conf.sessionFile
infoMsg += "%s" % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile("[%s][%s][%s][%s][%s]\n" %
(conf.url, kb.injection.place,
conf.parameters[kb.injection.place], expression,
replaceNewlineTabs(resumedValue)))
return resumedValue
elif len(resumedValue) < int(length):
infoMsg = "resumed from file '%s': " % conf.sessionFile
infoMsg += "%s..." % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile("[%s][%s][%s][%s][%s" %
(conf.url, kb.injection.place,
conf.parameters[kb.injection.place], expression,
replaceNewlineTabs(resumedValue)))
if select:
newExpr = expression.replace(
regExpr,
safeStringFormat(
substringQuery,
(regExpr, len(resumedValue) + 1, int(length))), 1)
else:
newExpr = safeStringFormat(
substringQuery,
(expression, len(resumedValue) + 1, int(length)))
missingCharsLength = int(length) - len(resumedValue)
infoMsg = "retrieving pending %d query " % missingCharsLength
infoMsg += "output characters"
logger.info(infoMsg)
start = time.time()
count, finalValue = bisection(payload,
newExpr,
length=missingCharsLength)
debugMsg = "performed %d queries in %d seconds" % (
count, calculateDeltaSeconds(start))
logger.debug(debugMsg)
if len(finalValue) != (int(length) - len(resumedValue)):
warnMsg = "the total length of the query is not "
warnMsg += "right, sqlmap is going to retrieve the "
warnMsg += "query value from the beginning now"
logger.warn(warnMsg)
return None
return "%s%s" % (resumedValue, finalValue)
return None
except ValueError:
errMsg = "invalid resume value for expression: '%s'" % expression
logger.error(errMsg)
return None
def __formatString(self, inpStr):
return restoreDumpMarkedChars(getUnicode(inpStr))
def __formatString(self, inpStr):
return restoreDumpMarkedChars(getUnicode(inpStr))