filesystem_13.py 1.3 KB

123456789101112131415161718192021222324252627282930313233
  1. def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
  2. written = False
  3. checkFile(localFile)
  4. self.checkDbmsOs()
  5. if localFile.endswith('_'):
  6. localFile = decloakToTemp(localFile)
  7. if conf.direct or isStackingAvailable():
  8. if isStackingAvailable():
  9. debugMsg = "going to upload the file '%s' with " % fileType
  10. debugMsg += "stacked query SQL injection technique"
  11. logger.debug(debugMsg)
  12. written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)
  13. self.cleanup(onlyFileTbl=True)
  14. elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
  15. debugMsg = "going to upload the file '%s' with " % fileType
  16. debugMsg += "UNION query SQL injection technique"
  17. logger.debug(debugMsg)
  18. written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)
  19. else:
  20. errMsg = "none of the SQL injection techniques detected can "
  21. errMsg += "be used to write files to the underlying file "
  22. errMsg += "system of the back-end %s server" % Backend.getDbms()
  23. logger.error(errMsg)
  24. return None
  25. return written