From 9b422e1e94106f871e0734b35a3b7587028e5d31 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 19 Dec 2012 09:37:29 +0000
Subject: [PATCH 1/2] minor fix for issue #309

---
 plugins/generic/filesystem.py    | 2 +-
 procs/mysql/write_file_limit.sql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index d4fdb40dc..98704220d 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -72,7 +72,7 @@ class Filesystem:
                 infoMsg = "the remote file %s is larger than " % remoteFile
                 infoMsg += "the local file %s" % localFile
             else:
-                infoMsg += ", but the size differs from the local "
+                infoMsg = "the remote file %s is smaller than " % remoteFile
                 infoMsg += "file '%s' (%d bytes)" % (localFile, localFileSize)
 
             logger.info(infoMsg)
diff --git a/procs/mysql/write_file_limit.sql b/procs/mysql/write_file_limit.sql
index 47f6caaa1..58fccab0a 100644
--- a/procs/mysql/write_file_limit.sql
+++ b/procs/mysql/write_file_limit.sql
@@ -1 +1 @@
-LIMIT 1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- 
+LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- 

From 65ed2304fda571794fea49aaf580946114ece809 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 19 Dec 2012 09:38:03 +0000
Subject: [PATCH 2/2] comment update

---
 lib/takeover/web.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 2a67f45da..31e171ea1 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -242,7 +242,7 @@ class Web:
                 localPath = posixpath.normpath(localPath).rstrip('/')
                 uriPath = posixpath.normpath(uriPath).rstrip('/')
 
-                # Upload the file stager
+                # Upload the file stager with the LIMIT 0, 1 INTO OUTFILE technique
                 self._webFileInject(stagerContent, stagerName, localPath)
 
                 self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
@@ -252,6 +252,7 @@ class Web:
                 uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
                 uplPage = uplPage or ""
 
+                # Fall-back to UNION queries file upload technique
                 if "sqlmap file uploader" not in uplPage:
                     warnMsg = "unable to upload the file stager "
                     warnMsg += "on '%s'" % localPath