From 12007c84c1350b69bc9893cb409aeaf66e1e6134 Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Sun, 21 Apr 2024 17:41:16 +0200 Subject: [PATCH] Added sqlite (SQLi) --- fileserver.py | 15 ++++++++++++--- sqli.py | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/fileserver.py b/fileserver.py index f23b2c0..442998b 100755 --- a/fileserver.py +++ b/fileserver.py @@ -91,14 +91,23 @@ class FileServerRequestHandler(BaseHTTPRequestHandler): status_code = 200 if len(result) < 1 else result[0] data = b"" if len(result) < 2 else result[1] headers = { } if len(result) < 3 else result[2] - else: + elif isinstance(result, int): status_code = result data = b"" headers = {} + elif result is None: + status_code = 201 + data = b"" + headers = {} + else: + status_code = 200 + data = data if type(data) in [bytes, bytearray] else str(data).encode() + headers = {} if path in self.server.dumpRequests: headers["Access-Control-Allow-Origin"] = "*" - + + headers["Connection"] = "Close" headers["Content-Length"] = len(util.nvl(data, b"")) if len(headers) == 0: @@ -174,7 +183,7 @@ class HttpFileServer(HTTPServer): data = data.encode("UTF-8") headers = { - "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Origin": "*" } if mime_type: diff --git a/sqli.py b/sqli.py index da47a3f..bc6ad3e 100644 --- a/sqli.py +++ b/sqli.py @@ -33,6 +33,10 @@ class SQLi(ABC): return rows + @abstractmethod + def ascii(self): + pass + @abstractmethod def extract_int(self, column: str, table=None, condition=None, offset=None, verbose=False): @@ -201,7 +205,7 @@ class BlindSQLi(SQLi, ABC): cur_str = "" while True: found = False - cur_column = f"ascii(substr({column},{len(cur_str) + 1},1))" + cur_column = self.ascii() + f"(substr({column},{len(cur_str) + 1},1))" if charset: query = self.build_query(cur_column, table, condition, offset) for c in charset: @@ -249,6 +253,8 @@ class PostgreSQLi(SQLi, ABC): f"table_schema='{schema}' AND table_name='{table}'", verbose=verbose) + def ascii(self): + return "ascii" class MySQLi(SQLi, ABC): def get_database_version(self, verbose=False): @@ -268,3 +274,28 @@ class MySQLi(SQLi, ABC): return self.extract_multiple_strings("column_name", "information_schema.columns", f"table_schema='{schema}' AND table_name='{table}'", verbose=verbose) + + def ascii(self): + return "ascii" + + +class SQLitei(SQLi, ABC): + def get_database_version(self, verbose=False): + return self.extract_string("sqlite_version()", verbose=verbose) + + def get_current_user(self, verbose=False): + raise Exception("Not implemented!") + + def get_current_database(self, verbose=False): + raise Exception("Not implemented!") + + def get_table_names(self, verbose=False): + return self.extract_multiple_strings("name", "sqlite_schema", f"type='table'", + verbose=verbose) + + def get_column_names(self, table: str, schema: str, verbose=False): + # TODO: we could query the "sql" column and parse it using regex + raise Exception("Not implemented!") + + def ascii(self): + return "unicode"