sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-12 03:33:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

some changes regarding web takeover

Browse Source
This commit is contained in:
Miroslav Stampar 2010-02-09 14:27:41 +00:00
parent 542b01993e
commit 00a23ace9a
2 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/common.py
View File

@ -232,6 +232,8 @@ def getDocRoot():
if kb.absFilePaths: if kb.absFilePaths:
for absFilePath in kb.absFilePaths: for absFilePath in kb.absFilePaths:
if directoryPath(absFilePath) == '/':
continue
absFilePath = normalizePath(absFilePath) absFilePath = normalizePath(absFilePath)
absFilePathWin = None absFilePathWin = None
@ -271,20 +273,22 @@ def getDirs():
directories = set() directories = set()
if kb.os == "Windows": if kb.os == "Windows":
defaultDir = "C:/Inetpub/wwwroot/test/" defaultDir = "C:/Inetpub/wwwroot/"
else: else:
defaultDir = "/var/www/test/" defaultDir = "/var/www/"
if kb.absFilePaths: if kb.absFilePaths:
infoMsg = "retrieved web server full paths: " infoMsg = "retrieved web server full paths: "
infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths) infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
logger.info(infoMsg) logger.info(infoMsg)
for absFilePath in kb.absFilePaths: for absFilePath in kb.absFilePaths:
if absFilePath: if absFilePath:
directory = directoryPath(absFilePath) directory = directoryPath(absFilePath)
if isWindowsPath(directory): if isWindowsPath(directory):
directory = directory.replace('\\', '/') directory = directory.replace('\\', '/')
if directory == '/':
continue
directories.add(directory) directories.add(directory)
else: else:
warnMsg = "unable to retrieve any web server path" warnMsg = "unable to retrieve any web server path"

19
lib/takeover/web.py
View File

@ -86,14 +86,14 @@ class Web:
return retVal return retVal
def __webFileStreamUpload(self, stream, destFileName, directory): def __webFileStreamUpload(self, stream, destFileName, directory):
if self.webApi == "php": if self.webApi in ("php", "asp"):
multipartParams = { multipartParams = {
"upload": "1", "upload": "1",
"file": stream, "file": stream,
"uploadDir": directory, "uploadDir": directory,
} }
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams) page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)
if "File uploaded" not in page: if "File uploaded" not in page:
warnMsg = "unable to upload the backdoor through " warnMsg = "unable to upload the backdoor through "
@ -103,21 +103,6 @@ class Web:
else: else:
return True return True
elif self.webApi == "asp":
backdoorRemotePath = "%s/%s" % (directory, destFileName)
backdoorRemotePath = normalizePath(backdoorRemotePath)
backdoorContent = stream.read()
postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
if "permission denied" in page.lower():
warnMsg = "unable to upload the backdoor through "
warnMsg += "the uploader agent on '%s'" % directory
logger.warn(warnMsg)
return False
else:
return True
elif self.webApi == "jsp": elif self.webApi == "jsp":
return False return False