minor adjustment

2024-11-22 01:26:42 +03:00 · 2013-01-23 02:10:38 +00:00 · 2013-01-23 02:10:38 +00:00 · f4028bd7d2
commit f4028bd7d2
parent d8a0e7eacb
3 changed files with 7 additions and 6 deletions
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -271,7 +271,7 @@ class Web:
                            _ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
                            f.write(utf8encode(_))

-                        self.unionWriteFile(filename, self.webStagerFilePath, "text")
+                        self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)

                        uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
                        uplPage = uplPage or ""
--- a/plugins/dbms/mysql/filesystem.py
+++ b/plugins/dbms/mysql/filesystem.py
@ -80,7 +80,7 @@ class Filesystem(GenericFilesystem):

        return result

-    def unionWriteFile(self, wFile, dFile, fileType):
+    def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        logger.debug("encoding file to its hexadecimal string value")

        fcEncodedList = self.fileEncode(wFile, "hex", True)
@ -104,6 +104,8 @@ class Filesystem(GenericFilesystem):
        warnMsg += "file as a leftover from UNION query"
        singleTimeWarnMessage(warnMsg)

+        return self.askCheckWrittenFile(wFile, dFile, forceCheck)
+
    def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        debugMsg = "creating a support table to write the hexadecimal "
        debugMsg += "encoded file to"
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -137,15 +137,14 @@ class Filesystem:

    def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
        output = None
+
        if forceCheck is not True:
            message = "do you want confirmation that the local file '%s' " % localFile
            message += "has been successfully written on the back-end DBMS "
            message += "file system (%s)? [Y/n] " % remoteFile
            output = readInput(message, default="Y")

-        readInput("press ENTER to continue :)")
-
-        if forceCheck or (not output or output in ("y", "Y")):
+        if forceCheck or (output and output.lower() == "y"):
            return self._checkFileLength(localFile, remoteFile)

        return True
@ -274,7 +273,7 @@ class Filesystem:
            debugMsg += "UNION query SQL injection technique"
            logger.debug(debugMsg)

-            self.unionWriteFile(localFile, remoteFile, fileType)
+            written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)
        else:
            errMsg = "none of the SQL injection techniques detected can "
            errMsg += "be used to write files to the underlying file "