diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 74736aee1..be26e1535 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -271,7 +271,7 @@ class Web: _ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath) f.write(utf8encode(_)) - self.unionWriteFile(filename, self.webStagerFilePath, "text") + self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True) uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) uplPage = uplPage or "" diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 08f3ebc63..301fd3c69 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -80,7 +80,7 @@ class Filesystem(GenericFilesystem): return result - def unionWriteFile(self, wFile, dFile, fileType): + def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): logger.debug("encoding file to its hexadecimal string value") fcEncodedList = self.fileEncode(wFile, "hex", True) @@ -104,6 +104,8 @@ class Filesystem(GenericFilesystem): warnMsg += "file as a leftover from UNION query" singleTimeWarnMessage(warnMsg) + return self.askCheckWrittenFile(wFile, dFile, forceCheck) + def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): debugMsg = "creating a support table to write the hexadecimal " debugMsg += "encoded file to" diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 6af3cb2e8..7ced5df0a 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -137,15 +137,14 @@ class Filesystem: def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False): output = None + if forceCheck is not True: message = "do you want confirmation that the local file '%s' " % localFile message += "has been successfully written on the back-end DBMS " message += "file system (%s)? [Y/n] " % remoteFile output = readInput(message, default="Y") - readInput("press ENTER to continue :)") - - if forceCheck or (not output or output in ("y", "Y")): + if forceCheck or (output and output.lower() == "y"): return self._checkFileLength(localFile, remoteFile) return True @@ -274,7 +273,7 @@ class Filesystem: debugMsg += "UNION query SQL injection technique" logger.debug(debugMsg) - self.unionWriteFile(localFile, remoteFile, fileType) + written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck) else: errMsg = "none of the SQL injection techniques detected can " errMsg += "be used to write files to the underlying file "