PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes

Browse Source
This commit is contained in:
Bernardo Damele
2012-07-01 23:25:05 +01:00
parent d7cd55fb28
commit ab412da27f
14 changed files with 25 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/generic/filesystem.py
View File

@@ -176,12 +176,12 @@ class Filesystem:
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
def stackedWriteFile(self, wFile, dFile, fileType):
errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
@@ -235,7 +235,7 @@ class Filesystem:
return rFilePath
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
self.checkDbmsOs()
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
@@ -244,14 +244,14 @@ class Filesystem:
debugMsg += "stacked query SQL injection technique"
logger.debug(debugMsg)
self.stackedWriteFile(wFile, dFile, fileType, confirm)
self.stackedWriteFile(wFile, dFile, fileType)
self.cleanup(onlyFileTbl=True)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to upload the %s file with " % fileType
debugMsg += "UNION query SQL injection technique"
logger.debug(debugMsg)
self.unionWriteFile(wFile, dFile, fileType, confirm)
self.unionWriteFile(wFile, dFile, fileType)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to write files to the underlying file "