(self, localFile, remoteFile, fileType=None, forceCheck=False)
| 287 | return localFilePaths |
| 288 | |
| 289 | def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): |
| 290 | written = False |
| 291 | |
| 292 | checkFile(localFile) |
| 293 | |
| 294 | self.checkDbmsOs() |
| 295 | |
| 296 | if localFile.endswith('_'): |
| 297 | localFile = getUnicode(decloakToTemp(localFile)) |
| 298 | |
| 299 | if conf.direct or isStackingAvailable(): |
| 300 | if isStackingAvailable(): |
| 301 | debugMsg = "going to upload the file '%s' with " % fileType |
| 302 | debugMsg += "stacked query technique" |
| 303 | logger.debug(debugMsg) |
| 304 | |
| 305 | written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck) |
| 306 | self.cleanup(onlyFileTbl=True) |
| 307 | elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL): |
| 308 | debugMsg = "going to upload the file '%s' with " % fileType |
| 309 | debugMsg += "UNION query technique" |
| 310 | logger.debug(debugMsg) |
| 311 | |
| 312 | written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck) |
| 313 | elif Backend.isDbms(DBMS.MYSQL): |
| 314 | debugMsg = "going to upload the file '%s' with " % fileType |
| 315 | debugMsg += "LINES TERMINATED BY technique" |
| 316 | logger.debug(debugMsg) |
| 317 | |
| 318 | written = self.linesTerminatedWriteFile(localFile, remoteFile, fileType, forceCheck) |
| 319 | else: |
| 320 | errMsg = "none of the SQL injection techniques detected can " |
| 321 | errMsg += "be used to write files to the underlying file " |
| 322 | errMsg += "system of the back-end %s server" % Backend.getDbms() |
| 323 | logger.error(errMsg) |
| 324 | |
| 325 | return None |
| 326 | |
| 327 | return written |
no test coverage detected