Skip to content

Commit 077d58c

Browse files
stamparmstamparm
committed
Fixes #5378 
1 parent 257c4d1 commit 077d58c

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from thirdparty.six import unichr as _unichr
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.7.3.4"
23+
VERSION = "1.7.3.5"
2424
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2525
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2626
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/dbms/hsqldb/filesystem.py

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,13 @@ def readFile(self, remoteFile):
2121

2222
@stackedmethod
2323
def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
24-
funcName = randomStr()
24+
func_name = randomStr()
2525
max_bytes = 1024 * 1024
2626

27-
debugMsg = "creating JLP procedure '%s'" % funcName
27+
debugMsg = "creating JLP procedure '%s'" % func_name
2828
logger.debug(debugMsg)
2929

30-
addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (funcName, max_bytes)
30+
addFuncQuery = "CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) " % (func_name, max_bytes)
3131
addFuncQuery += "LANGUAGE JAVA DETERMINISTIC NO SQL "
3232
addFuncQuery += "EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'"
3333
inject.goStacked(addFuncQuery)
@@ -47,11 +47,12 @@ def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=Fals
4747
logger.debug(debugMsg)
4848

4949
# Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures
50-
invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (funcName, remoteFile, fcEncodedStr, max_bytes)
50+
invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (func_name, remoteFile, fcEncodedStr, max_bytes)
5151
inject.goStacked(invokeQuery)
5252

53-
logger.debug("cleaning up" % funcName)
54-
delQuery = "DELETE PROCEDURE %s" % funcName
53+
logger.debug("cleaning up the database management system")
54+
55+
delQuery = "DELETE PROCEDURE %s" % func_name
5556
inject.goStacked(delQuery)
5657

5758
message = "the local file '%s' has been written on the back-end DBMS" % localFile

0 commit comments

Comments
 (0)