Minor improvement to UNION file write

lib/core/agent.py

@@ -79,7 +79,9 @@ class Agent(object):
 
         retVal = ""
 
-        if where is None and isTechniqueAvailable(kb.technique):
+        if kb.forceWhere:
+            where = kb.forceWhere
+        elif where is None and isTechniqueAvailable(kb.technique):
             where = kb.injection.data[kb.technique].where
 
         if kb.injection.place is not None:

lib/core/option.py

@@ -1795,6 +1795,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.forceWhere = None
     kb.futileUnion = None
     kb.headersFp = {}
     kb.heuristicDbms = None

plugins/dbms/mysql/filesystem.py

@@ -7,6 +7,8 @@ See the file 'doc/COPYING' for copying permission
 
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
@@ -97,8 +99,11 @@ class Filesystem(GenericFilesystem):
         debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile)
         logger.debug(debugMsg)
 
+        pushValue(kb.forceWhere)
+        kb.forceWhere = PAYLOAD.WHERE.NEGATIVE
         sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
         unionUse(sqlQuery, unpack=False)
+        kb.forceWhere = popValue()
 
         warnMsg = "expect junk characters inside the "
         warnMsg += "file as a leftover from UNION query"