mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
minor adjustment
This commit is contained in:
parent
d8a0e7eacb
commit
f4028bd7d2
|
@ -271,7 +271,7 @@ class Web:
|
||||||
_ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
|
_ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
|
||||||
f.write(utf8encode(_))
|
f.write(utf8encode(_))
|
||||||
|
|
||||||
self.unionWriteFile(filename, self.webStagerFilePath, "text")
|
self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)
|
||||||
|
|
||||||
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
||||||
uplPage = uplPage or ""
|
uplPage = uplPage or ""
|
||||||
|
|
|
@ -80,7 +80,7 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def unionWriteFile(self, wFile, dFile, fileType):
|
def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False):
|
||||||
logger.debug("encoding file to its hexadecimal string value")
|
logger.debug("encoding file to its hexadecimal string value")
|
||||||
|
|
||||||
fcEncodedList = self.fileEncode(wFile, "hex", True)
|
fcEncodedList = self.fileEncode(wFile, "hex", True)
|
||||||
|
@ -104,6 +104,8 @@ class Filesystem(GenericFilesystem):
|
||||||
warnMsg += "file as a leftover from UNION query"
|
warnMsg += "file as a leftover from UNION query"
|
||||||
singleTimeWarnMessage(warnMsg)
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
|
return self.askCheckWrittenFile(wFile, dFile, forceCheck)
|
||||||
|
|
||||||
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
|
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
|
||||||
debugMsg = "creating a support table to write the hexadecimal "
|
debugMsg = "creating a support table to write the hexadecimal "
|
||||||
debugMsg += "encoded file to"
|
debugMsg += "encoded file to"
|
||||||
|
|
|
@ -137,15 +137,14 @@ class Filesystem:
|
||||||
|
|
||||||
def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
|
def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
|
||||||
output = None
|
output = None
|
||||||
|
|
||||||
if forceCheck is not True:
|
if forceCheck is not True:
|
||||||
message = "do you want confirmation that the local file '%s' " % localFile
|
message = "do you want confirmation that the local file '%s' " % localFile
|
||||||
message += "has been successfully written on the back-end DBMS "
|
message += "has been successfully written on the back-end DBMS "
|
||||||
message += "file system (%s)? [Y/n] " % remoteFile
|
message += "file system (%s)? [Y/n] " % remoteFile
|
||||||
output = readInput(message, default="Y")
|
output = readInput(message, default="Y")
|
||||||
|
|
||||||
readInput("press ENTER to continue :)")
|
if forceCheck or (output and output.lower() == "y"):
|
||||||
|
|
||||||
if forceCheck or (not output or output in ("y", "Y")):
|
|
||||||
return self._checkFileLength(localFile, remoteFile)
|
return self._checkFileLength(localFile, remoteFile)
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
@ -274,7 +273,7 @@ class Filesystem:
|
||||||
debugMsg += "UNION query SQL injection technique"
|
debugMsg += "UNION query SQL injection technique"
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
self.unionWriteFile(localFile, remoteFile, fileType)
|
written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)
|
||||||
else:
|
else:
|
||||||
errMsg = "none of the SQL injection techniques detected can "
|
errMsg = "none of the SQL injection techniques detected can "
|
||||||
errMsg += "be used to write files to the underlying file "
|
errMsg += "be used to write files to the underlying file "
|
||||||
|
|
Loading…
Reference in New Issue
Block a user