From b3f3405775a5bc21500c24ddecfaf088811c9fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:54:07 +0200 Subject: [PATCH] Minor patch for Oracle's readFile --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/oracle/filesystem.py | 29 ++++++++++++++--------------- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index c0b17f306..9b3ab0dde 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -7f3a69024646d9b91b278cff6523d498f03853383bb72db78abca6dcbe925608 lib/core/settings.py +71b300a11450d5ee75ba2197a1b81e8321cc277c43c48a509ee1fa8bbae78144 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -406,7 +406,7 @@ e2289734859246e6c1a150d12914a711901d10140659beded7aa14f22d11bca3 plugins/dbms/m 1e6a7c6cc77772a4051d88604774ba5cc9e06b1180f7dba9809d0739bc65cf37 plugins/dbms/mysql/takeover.py af1b89286e8d918e1d749db7cce87a1eae2b038c120fb799cc8ee766eb6b03e1 plugins/dbms/oracle/connector.py 5965da4e8020291beb6f35a5e11a6477edb749bdeba668225aea57af9754a4b3 plugins/dbms/oracle/enumeration.py -94132121cd085e314e9fe63d2ac174e0e26acd4ed17cdce46f93ab36c71967d9 plugins/dbms/oracle/filesystem.py +b8812b1e1a7c68283de3dd264bbeef1fed91eaada720fcfe088f3a62fd9fc614 plugins/dbms/oracle/filesystem.py 0b2dd004b9c9c41dbdd6e93f536f31a2a0b62c2815eb8099299cd692b0dd08a1 plugins/dbms/oracle/fingerprint.py fd0bfc194540bd83843e4b45f431ad7e9c8fd4a01959f15f2a5e30dcfa6acf60 plugins/dbms/oracle/__init__.py a5ec593a2e57d658e3448dd108781a3761484c41c0f67f6a3db59d9def57d71a plugins/dbms/oracle/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 723a34d41..97e59e500 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.25" +VERSION = "1.10.6.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 197b9bddc..258a79147 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -31,25 +31,24 @@ class Filesystem(GenericFilesystem): payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) - for remoteFile in remoteFile.split(','): - if not kb.bruteMode: - infoMsg = "fetching file: '%s'" % remoteFile - logger.info(infoMsg) + if not kb.bruteMode: + infoMsg = "fetching file: '%s'" % remoteFile + logger.info(infoMsg) - kb.fileReadMode = True - fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) - kb.fileReadMode = False + kb.fileReadMode = True + fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) + kb.fileReadMode = False - if not isNoneValue(fileContent): - fileContent = decodeDbmsHexValue(fileContent, True) + if not isNoneValue(fileContent): + fileContent = decodeDbmsHexValue(fileContent, True) - if fileContent.strip(): - localFilePath = dataToOutFile(remoteFile, fileContent) - localFilePaths.append(localFilePath) + if fileContent.strip(): + localFilePath = dataToOutFile(remoteFile, fileContent) + localFilePaths.append(localFilePath) - elif not kb.bruteMode: - errMsg = "no data retrieved" - logger.error(errMsg) + elif not kb.bruteMode: + errMsg = "no data retrieved" + logger.error(errMsg) return localFilePaths