adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/SQLi/Common.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1043 lines
33 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Class: Msf::Exploit::SQLi::Common
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::SQLi::Common";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (C)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../SQLi.html" title="Msf::Exploit::SQLi (module)">SQLi</a></span></span>
&raquo;
<span class="title">Common</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Class: Msf::Exploit::SQLi::Common
</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd>
<span class="inheritName">Object</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">Msf::Exploit::SQLi::Common</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
</dl>
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../../Module/UI.html" title="Msf::Module::UI (module)">Module::UI</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/sqli/common.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Base class for SQL injection objects across all DBMS types.</p>
</div>
</div>
<div class="tags">
</div><div id="subclasses">
<h2>Direct Known Subclasses</h2>
<p class="children"><span class='object_link'><a href="Mssqli/Common.html" title="Msf::Exploit::SQLi::Mssqli::Common (class)">Mssqli::Common</a></span>, <span class='object_link'><a href="MySQLi/Common.html" title="Msf::Exploit::SQLi::MySQLi::Common (class)">MySQLi::Common</a></span>, <span class='object_link'><a href="PostgreSQLi/Common.html" title="Msf::Exploit::SQLi::PostgreSQLi::Common (class)">PostgreSQLi::Common</a></span>, <span class='object_link'><a href="SQLitei/Common.html" title="Msf::Exploit::SQLi::SQLitei::Common (class)">SQLitei::Common</a></span></p>
</div>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#concat_separator-instance_method" title="#concat_separator (instance method)">#<strong>concat_separator</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute concat_separator.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#datastore-instance_method" title="#datastore (instance method)">#<strong>datastore</strong> &#x21d2; Object </a>
</span>
<span class="note title readonly">readonly</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute datastore.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#framework-instance_method" title="#framework (instance method)">#<strong>framework</strong> &#x21d2; Object </a>
</span>
<span class="note title readonly">readonly</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute framework.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#null_replacement-instance_method" title="#null_replacement (instance method)">#<strong>null_replacement</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute null_replacement.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#safe-instance_method" title="#safe (instance method)">#<strong>safe</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute safe.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#second_concat_separator-instance_method" title="#second_concat_separator (instance method)">#<strong>second_concat_separator</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute second_concat_separator.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#truncation_length-instance_method" title="#truncation_length (instance method)">#<strong>truncation_length</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute truncation_length.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Input.html" title="Rex::Ui::Subscriber::Input (module)">Rex::Ui::Subscriber::Input</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Rex/Ui/Subscriber/Input.html#user_input-instance_method" title="Rex::Ui::Subscriber::Input#user_input (method)">#user_input</a></span></p>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html" title="Rex::Ui::Subscriber::Output (module)">Rex::Ui::Subscriber::Output</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#user_output-instance_method" title="Rex::Ui::Subscriber::Output#user_output (method)">#user_output</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(datastore, framework, user_output, opts = {}, &amp;query_proc) &#x21d2; Common </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>Creates an instance of an SQL Injection object, users should use the create_dbms method of Msf::Exploit::SQLi instead.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#raw_run_sql-instance_method" title="#raw_run_sql (instance method)">#<strong>raw_run_sql</strong>(query) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Queries the block with the given SQL query, without necessarily returning a result (needed for example when uploading a file using a time-based SQL injection, as its not necessary to run multiple queries for that purpose), not to be overridden, it is guaranteed that the query will run only once.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#run_sql-instance_method" title="#run_sql (instance method)">#<strong>run_sql</strong>(query) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Queries the block with the given SQL query, and returns the result, this method is overridden in blind SQL injection classes, implementing the logic of leaking one bit at a time, and working exactly the same as this method.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI.html" title="Msf::Module::UI (module)">Module::UI</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI.html#init_ui-instance_method" title="Msf::Module::UI#init_ui (method)">#init_ui</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Message.html" title="Msf::Module::UI::Message (module)">Module::UI::Message</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Message.html#print_error-instance_method" title="Msf::Module::UI::Message#print_error (method)">#print_error</a></span>, <span class='object_link'><a href="../../Module/UI/Message.html#print_good-instance_method" title="Msf::Module::UI::Message#print_good (method)">#print_good</a></span>, <span class='object_link'><a href="../../Module/UI/Message.html#print_prefix-instance_method" title="Msf::Module::UI::Message#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="../../Module/UI/Message.html#print_status-instance_method" title="Msf::Module::UI::Message#print_status (method)">#print_status</a></span>, <span class='object_link'><a href="../../Module/UI/Message.html#print_warning-instance_method" title="Msf::Module::UI::Message#print_warning (method)">#print_warning</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Message/Verbose.html" title="Msf::Module::UI::Message::Verbose (module)">Module::UI::Message::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_error-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_error (method)">#vprint_error</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_good-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_good (method)">#vprint_good</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_status-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_status (method)">#vprint_status</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_warning-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_warning (method)">#vprint_warning</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Line.html" title="Msf::Module::UI::Line (module)">Module::UI::Line</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Line.html#print_line-instance_method" title="Msf::Module::UI::Line#print_line (method)">#print_line</a></span>, <span class='object_link'><a href="../../Module/UI/Line.html#print_line_prefix-instance_method" title="Msf::Module::UI::Line#print_line_prefix (method)">#print_line_prefix</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Line/Verbose.html" title="Msf::Module::UI::Line::Verbose (module)">Module::UI::Line::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Line/Verbose.html#vprint_line-instance_method" title="Msf::Module::UI::Line::Verbose#vprint_line (method)">#vprint_line</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Rex/Ui/Subscriber.html" title="Rex::Ui::Subscriber (module)">Rex::Ui::Subscriber</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Rex/Ui/Subscriber.html#copy_ui-instance_method" title="Rex::Ui::Subscriber#copy_ui (method)">#copy_ui</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber.html#init_ui-instance_method" title="Rex::Ui::Subscriber#init_ui (method)">#init_ui</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber.html#reset_ui-instance_method" title="Rex::Ui::Subscriber#reset_ui (method)">#reset_ui</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Input.html" title="Rex::Ui::Subscriber::Input (module)">Rex::Ui::Subscriber::Input</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Rex/Ui/Subscriber/Input.html#gets-instance_method" title="Rex::Ui::Subscriber::Input#gets (method)">#gets</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html" title="Rex::Ui::Subscriber::Output (module)">Rex::Ui::Subscriber::Output</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#flush-instance_method" title="Rex::Ui::Subscriber::Output#flush (method)">#flush</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print-instance_method" title="Rex::Ui::Subscriber::Output#print (method)">#print</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_blank_line-instance_method" title="Rex::Ui::Subscriber::Output#print_blank_line (method)">#print_blank_line</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_error-instance_method" title="Rex::Ui::Subscriber::Output#print_error (method)">#print_error</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_good-instance_method" title="Rex::Ui::Subscriber::Output#print_good (method)">#print_good</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_line-instance_method" title="Rex::Ui::Subscriber::Output#print_line (method)">#print_line</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_status-instance_method" title="Rex::Ui::Subscriber::Output#print_status (method)">#print_status</a></span>, <span class='object_link'><a href="../../../Rex/Ui/Subscriber/Output.html#print_warning-instance_method" title="Rex::Ui::Subscriber::Output#print_warning (method)">#print_warning</a></span></p>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(datastore, framework, user_output, opts = {}, &amp;query_proc) &#x21d2; <tt><span class='object_link'><a href="" title="Msf::Exploit::SQLi::Common (class)">Common</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Creates an instance of an SQL Injection object, users should use the create_dbms method of Msf::Exploit::SQLi instead</p>
<pre class="code ruby"><code class="ruby">@param datastore [DataStore]
@param framework [Framework]
@param user_output [Rex::Ui::Text::Output::Stdio]
@param opts [Hash] a dictionary containing the parameters needed
@option opts [Integer] truncation_length : [Optional] The number of characters returned, if the query result is truncated
@option opts [String] concat_separator : [Optional] The separator to use when concatenating rows (default &#39;,&#39;)
@option opts [String] second_concat_separator : [Optional] The separator to use when concatenating columns (default &#39;;&#39;)
@option opts [Boolean] safe : don&#39;t use group_concat, safer for large tables if group_concat truncates the result, but more queries will be performed
@option opts [String] null_replacement : a string that will replace NULL values
@option opts [Boolean] hex_encode_strings : encode strings as hex numbers, no quotes in the payload
@option opts [Object] an encoder name, or a hash specifying a custom encoder, see Encoders in DBMS-specific classes
@param query_proc [Proc] a block that will receive the payload, and should send the request to the target,
- if it&#39;s a regular SQL injection, it should return the part of the response that is the query result (one row)
- if it&#39;s a boolean-based blind SQL injection, it should return `true`, `false`, or a value that evaluates to one of them
`true` if the query returned a result, false otherwise
- if it&#39;s a time-based blind SQL injection, the return value does not matter, the time the block takes to run is used to leak information.
</code></pre>
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 26</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span> <span class='id identifier rubyid_user_output'>user_output</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='comma'>,</span> <span class='op'>&amp;</span><span class='id identifier rubyid_query_proc'>query_proc</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Missing the block that does the requests</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_block_given?'>block_given?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Positional arguments can\&#39;t be nil</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='lbracket'>[</span><span class='id identifier rubyid_datastore'>datastore</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span> <span class='id identifier rubyid_user_output'>user_output</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_any?'>any?</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='symbol'>:nil?</span><span class='rparen'>)</span>
<span class='id identifier rubyid_check_opts'>check_opts</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='ivar'>@query_proc</span> <span class='op'>=</span> <span class='id identifier rubyid_query_proc'>query_proc</span>
<span class='ivar'>@safe</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:safe</span><span class='rbracket'>]</span>
<span class='ivar'>@concat_separator</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:concat_separator</span><span class='rbracket'>]</span>
<span class='ivar'>@second_concat_separator</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:second_concat_separator</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@null_replacement</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:null_replacement</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@truncation_length</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:truncation_length</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:truncation_length</span><span class='rbracket'>]</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:truncation_length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:truncation_length</span><span class='rbracket'>]</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='ivar'>@hex_encode_strings</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:hex_encode_strings</span><span class='rbracket'>]</span>
<span class='ivar'>@encoder</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span>
<span class='ivar'>@datastore</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span>
<span class='ivar'>@framework</span> <span class='op'>=</span> <span class='id identifier rubyid_framework'>framework</span>
<span class='ivar'>@user_output</span> <span class='op'>=</span> <span class='id identifier rubyid_user_output'>user_output</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="concat_separator=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="concat_separator-instance_method">
#<strong>concat_separator</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute concat_separator.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_concat_separator'>concat_separator</span>
<span class='ivar'>@concat_separator</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id=""></span>
<div class="method_details ">
<h3 class="signature " id="datastore-instance_method">
#<strong>datastore</strong> &#x21d2; <tt>Object</tt> <span class="extras">(readonly)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute datastore.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
72
73
74</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 72</span>
<span class='kw'>def</span> <span class='id identifier rubyid_datastore'>datastore</span>
<span class='ivar'>@datastore</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id=""></span>
<div class="method_details ">
<h3 class="signature " id="framework-instance_method">
#<strong>framework</strong> &#x21d2; <tt>Object</tt> <span class="extras">(readonly)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute framework.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
72
73
74</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 72</span>
<span class='kw'>def</span> <span class='id identifier rubyid_framework'>framework</span>
<span class='ivar'>@framework</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="null_replacement=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="null_replacement-instance_method">
#<strong>null_replacement</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute null_replacement.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_null_replacement'>null_replacement</span>
<span class='ivar'>@null_replacement</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="safe=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="safe-instance_method">
#<strong>safe</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute safe.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_safe'>safe</span>
<span class='ivar'>@safe</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="second_concat_separator=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="second_concat_separator-instance_method">
#<strong>second_concat_separator</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute second_concat_separator.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_second_concat_separator'>second_concat_separator</span>
<span class='ivar'>@second_concat_separator</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="truncation_length=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="truncation_length-instance_method">
#<strong>truncation_length</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute truncation_length.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_truncation_length'>truncation_length</span>
<span class='ivar'>@truncation_length</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="raw_run_sql-instance_method">
#<strong>raw_run_sql</strong>(query) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Queries the block with the given SQL query, without necessarily returning a result (needed for</p>
<pre class="code ruby"><code class="ruby">example when uploading a file using a time-based SQL injection, as it&#39;s not necessary to
run multiple queries for that purpose), not to be overridden, it is guaranteed that the query
will run only once.
@param query [String] The SQL query to execute
@return [void]
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
52
53
54
55
56
57
58
59</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 52</span>
<span class='kw'>def</span> <span class='id identifier rubyid_raw_run_sql'>raw_run_sql</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>{SQLi} Executing (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_query'>query</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='ivar'>@hex_encode_strings</span>
<span class='id identifier rubyid_query'>query</span> <span class='op'>=</span> <span class='id identifier rubyid_hex_encode_strings'>hex_encode_strings</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>{SQLi} Encoded to (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_query'>query</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='ivar'>@query_proc</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="run_sql-instance_method">
#<strong>run_sql</strong>(query) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Queries the block with the given SQL query, and returns the result, this method is overridden in</p>
<pre class="code ruby"><code class="ruby">blind SQL injection classes, implementing the logic of leaking one bit at a time, and working
exactly the same as this method.
@param query [String] The SQL query to execute
@return [String] The query results
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
68
69
70</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/common.rb', line 68</span>
<span class='kw'>def</span> <span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raw_run_sql'>raw_run_sql</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:03:29 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink