Minor improvement to UNION file write

stamparm · stamparm · commit 401905b2dd68 · 2015-07-26T17:02:46.000+02:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -79,7 +79,9 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
 
         retVal = ""
 
-        if where is None and isTechniqueAvailable(kb.technique):
+        if kb.forceWhere:
+            where = kb.forceWhere
+        elif where is None and isTechniqueAvailable(kb.technique):
             where = kb.injection.data[kb.technique].where
 
         if kb.injection.place is not None:
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1795,6 +1795,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.forceWhere = None
     kb.futileUnion = None
     kb.headersFp = {}
     kb.heuristicDbms = None
diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py
@@ -7,6 +7,8 @@
 
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomStr
 from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
@@ -97,8 +99,11 @@ def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False):
         debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile)
         logger.debug(debugMsg)
 
+        pushValue(kb.forceWhere)
+        kb.forceWhere = PAYLOAD.WHERE.NEGATIVE
         sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
         unionUse(sqlQuery, unpack=False)
+        kb.forceWhere = popValue()
 
         warnMsg = "expect junk characters inside the "
         warnMsg += "file as a leftover from UNION query"
