From 5ca0e11acb5a0d557744b4ce94599f7fdb4901e4 Mon Sep 17 00:00:00 2001
From: "Mr.T_cpdump" <taal@kali>
Date: Sun, 6 Sep 2015 11:55:33 -0400
Subject: [PATCH] Add support for --rw-dirs <rwDirs> cmd line argumant / conf
 file option. This allows one to fully automate commands where the default
 upload directories cannot be used, as in:

$ sqlmap --batch --rw-dirs='/var/www/html/uploads' --os-cmd="ls;id" \
	-u 'http://nullbyte/kzMb5nVYJw/420search.php?usrtosearch=ramses'
---
 lib/parse/cmdline.py | 5 +++++
 lib/takeover/web.py  | 8 +++++++-
 sqlmap.conf          | 6 ++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 2ad597188..d9ea1a1f4 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -566,6 +566,11 @@ def cmdLineParser():
                             help="Remote absolute path of temporary files "
                                  "directory")
 
+        takeover.add_option("--rw-dirs", dest="rwDirs",
+                            help="Remote absolute path of writable "
+                                 "directories for overriding defaults "
+                                 "(comma separated if multiple)")
+
         # Windows registry options
         windows = OptionGroup(parser, "Windows registry access", "These "
                                "options can be used to access the back-end "
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 504fb4a2c..4c006c3d8 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -197,7 +197,13 @@ class Web:
                 self.webApi = choices[int(choice) - 1]
                 break
 
-        directories = list(arrayizeValue(getManualDirectories()))
+        # If specified in the conf file/cmd line then use those, else ask/use defaults for them
+        if conf.rwDirs:
+            logger.info("Trying to upload to user supplied dirs: %s" % conf.rwDirs)
+            directories = conf.rwDirs.split(',')
+        else:
+            directories = list(arrayizeValue(getManualDirectories()))
+
         directories.extend(getAutoDirectories())
         directories = list(oset(directories))
 
diff --git a/sqlmap.conf b/sqlmap.conf
index d7db6c376..79863b32c 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -606,6 +606,12 @@ msfPath =
 # Valid: absolute file system path
 tmpPath = 
 
+# Remote absolute path of writable directories
+# for overriding defaults (comma separated if
+# multiple)
+# E.g.: /var/www/html/uploads,/var/www/wordpress/images
+rwDirs = 
+
 
 # These options can be used to access the back-end database management
 # system Windows registry.