123456789101112131415161718192021222324252627282930313233 |
- def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
- written = False
- checkFile(localFile)
- self.checkDbmsOs()
- if localFile.endswith('_'):
- localFile = decloakToTemp(localFile)
- if conf.direct or isStackingAvailable():
- if isStackingAvailable():
- debugMsg = "going to upload the file '%s' with " % fileType
- debugMsg += "stacked query SQL injection technique"
- logger.debug(debugMsg)
- written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)
- self.cleanup(onlyFileTbl=True)
- elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
- debugMsg = "going to upload the file '%s' with " % fileType
- debugMsg += "UNION query SQL injection technique"
- logger.debug(debugMsg)
- written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)
- else:
- errMsg = "none of the SQL injection techniques detected can "
- errMsg += "be used to write files to the underlying file "
- errMsg += "system of the back-end %s server" % Backend.getDbms()
- logger.error(errMsg)
- return None
- return written
|