From 401905b2dd686509278988f8ec279356c79701b7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 26 Jul 2015 17:02:46 +0200 Subject: [PATCH] Minor improvement to UNION file write --- lib/core/agent.py | 4 +++- lib/core/option.py | 1 + plugins/dbms/mysql/filesystem.py | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 59c361455..556f379a9 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -79,7 +79,9 @@ class Agent(object): retVal = "" - if where is None and isTechniqueAvailable(kb.technique): + if kb.forceWhere: + where = kb.forceWhere + elif where is None and isTechniqueAvailable(kb.technique): where = kb.injection.data[kb.technique].where if kb.injection.place is not None: diff --git a/lib/core/option.py b/lib/core/option.py index 04cccf4e3..dcef83c03 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1795,6 +1795,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.followSitemapRecursion = None kb.forcedDbms = None kb.forcePartialUnion = False + kb.forceWhere = None kb.futileUnion = None kb.headersFp = {} kb.heuristicDbms = None diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 5e10266a9..1bfd8f621 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -7,6 +7,8 @@ See the file 'doc/COPYING' for copying permission from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable +from lib.core.common import popValue +from lib.core.common import pushValue from lib.core.common import randomStr from lib.core.common import singleTimeWarnMessage from lib.core.data import conf @@ -97,8 +99,11 @@ class Filesystem(GenericFilesystem): debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) logger.debug(debugMsg) + pushValue(kb.forceWhere) + kb.forceWhere = PAYLOAD.WHERE.NEGATIVE sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) unionUse(sqlQuery, unpack=False) + kb.forceWhere = popValue() warnMsg = "expect junk characters inside the " warnMsg += "file as a leftover from UNION query"