MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / stackedWriteFile

Method stackedWriteFile

plugins/dbms/mysql/filesystem.py:148–177  ·  view source on GitHub ↗
(self, localFile, remoteFile, fileType, forceCheck=False)

Source from the content-addressed store, hash-verified

146 return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)
147
148 def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):
149 debugMsg = "creating a support table to write the hexadecimal "
150 debugMsg += "encoded file to"
151 logger.debug(debugMsg)
152
153 self.createSupportTbl(self.fileTblName, self.tblField, "longblob")
154
155 logger.debug("encoding file to its hexadecimal string value")
156 fcEncodedList = self.fileEncode(localFile, "hex", False)
157
158 debugMsg = "forging SQL statements to write the hexadecimal "
159 debugMsg += "encoded file to the support table"
160 logger.debug(debugMsg)
161
162 sqlQueries = self.fileToSqlQueries(fcEncodedList)
163
164 logger.debug("inserting the hexadecimal encoded file to the support table")
165
166 inject.goStacked("SET GLOBAL max_allowed_packet = %d" % (1024 * 1024)) # 1MB (Note: https://github.com/sqlmapproject/sqlmap/issues/3230)
167
168 for sqlQuery in sqlQueries:
169 inject.goStacked(sqlQuery)
170
171 debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
172 logger.debug(debugMsg)
173
174 # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
175 inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, remoteFile), silent=True)
176
177 return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)

Callers

nothing calls this directly

Calls 5

fileEncodeMethod · 0.95
fileToSqlQueriesMethod · 0.95
askCheckWrittenFileMethod · 0.95
debugMethod · 0.80
createSupportTblMethod · 0.80

Tested by

no test coverage detected