minor adjustment

bdamele · bdamele · commit f4028bd7d2ba · 2013-01-23T02:10:38.000Z
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
@@ -271,7 +271,7 @@ def webInit(self):
                             _ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
                             f.write(utf8encode(_))
 
-                        self.unionWriteFile(filename, self.webStagerFilePath, "text")
+                        self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)
 
                         uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
                         uplPage = uplPage or ""
diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py
@@ -80,7 +80,7 @@ def stackedReadFile(self, rFile):
 
         return result
 
-    def unionWriteFile(self, wFile, dFile, fileType):
+    def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False):
         logger.debug("encoding file to its hexadecimal string value")
 
         fcEncodedList = self.fileEncode(wFile, "hex", True)
@@ -104,6 +104,8 @@ def unionWriteFile(self, wFile, dFile, fileType):
         warnMsg += "file as a leftover from UNION query"
         singleTimeWarnMessage(warnMsg)
 
+        return self.askCheckWrittenFile(wFile, dFile, forceCheck)
+
     def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
         debugMsg = "creating a support table to write the hexadecimal "
         debugMsg += "encoded file to"
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
@@ -137,15 +137,14 @@ def fileEncode(self, fileName, encoding, single):
 
     def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
         output = None
+
         if forceCheck is not True:
             message = "do you want confirmation that the local file '%s' " % localFile
             message += "has been successfully written on the back-end DBMS "
             message += "file system (%s)? [Y/n] " % remoteFile
             output = readInput(message, default="Y")
 
-        readInput("press ENTER to continue :)")
-
-        if forceCheck or (not output or output in ("y", "Y")):
+        if forceCheck or (output and output.lower() == "y"):
             return self._checkFileLength(localFile, remoteFile)
 
         return True
@@ -274,7 +273,7 @@ def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
             debugMsg += "UNION query SQL injection technique"
             logger.debug(debugMsg)
 
-            self.unionWriteFile(localFile, remoteFile, fileType)
+            written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)
         else:
             errMsg = "none of the SQL injection techniques detected can "
             errMsg += "be used to write files to the underlying file "
