Merge branch 'master' of github.com:sqlmapproject/sqlmap

2025-01-24 00:04:23 +03:00 · 2012-12-19 10:51:25 +01:00 · 2012-12-19 10:51:25 +01:00 · d29dddf5b2
commit d29dddf5b2
parent 92e338251a 65ed2304fd
3 changed files with 4 additions and 3 deletions
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -242,7 +242,7 @@ class Web:
                localPath = posixpath.normpath(localPath).rstrip('/')
                uriPath = posixpath.normpath(uriPath).rstrip('/')

-                # Upload the file stager
+                # Upload the file stager with the LIMIT 0, 1 INTO OUTFILE technique
                self._webFileInject(stagerContent, stagerName, localPath)

                self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
@ -252,6 +252,7 @@ class Web:
                uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
                uplPage = uplPage or ""

+                # Fall-back to UNION queries file upload technique
                if "sqlmap file uploader" not in uplPage:
                    warnMsg = "unable to upload the file stager "
                    warnMsg += "on '%s'" % localPath
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -72,7 +72,7 @@ class Filesystem:
                infoMsg = "the remote file %s is larger than " % remoteFile
                infoMsg += "the local file %s" % localFile
            else:
-                infoMsg += ", but the size differs from the local "
+                infoMsg = "the remote file %s is smaller than " % remoteFile
                infoMsg += "file '%s' (%d bytes)" % (localFile, localFileSize)

            logger.info(infoMsg)
--- a/procs/mysql/write_file_limit.sql
+++ b/procs/mysql/write_file_limit.sql
@ -1 +1 @@
-LIMIT 1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- 
+LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%--