important update regarding default directories

2024-11-22 09:36:35 +03:00 · 2010-02-25 15:22:41 +00:00 · 2010-02-25 15:22:41 +00:00 · 0913d700a8
commit 0913d700a8
parent a10adcfe08
2 changed files with 19 additions and 14 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -222,12 +222,15 @@ def getHtmlErrorFp():

    return htmlParsed

-def getDocRoot():
+def getDocRoot(webApi=None):
    docRoot = None
    pagePath = directoryPath(conf.path)

    if kb.os == "Windows":
-        defaultDocRoot = "C:/Inetpub/wwwroot/"
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
+            defaultDocRoot = "C:/Inetpub/wwwroot/"
    else:
        defaultDocRoot = "/var/www/"

@ -270,11 +273,14 @@ def getDocRoot():

    return docRoot

-def getDirs():
+def getDirs(webApi=None):
    directories = set()

    if kb.os == "Windows":
-        defaultDirs = ["C:/Inetpub/wwwroot/", "C:/xampp/htdocs/"]
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
+        else:
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
    else:
        defaultDirs = ["/var/www/"]

--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -131,11 +131,6 @@ class Web:

        self.checkDbmsOs()

-        kb.docRoot  = getDocRoot()
-        directories = getDirs()
-        directories = list(directories)
-        directories.sort()
-
        infoMsg = "trying to upload the uploader agent"
        logger.info(infoMsg)

@ -167,6 +162,11 @@ class Web:
            elif int(choice) < 1 or int(choice) > 3:
                logger.warn("invalid value, it must be 1 or 3")

+        kb.docRoot  = getDocRoot(self.webApi)
+        directories = getDirs(self.webApi)
+        directories = list(directories)
+        directories.sort()
+
        backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
        backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
        originalBackdoorContent = backdoorContent = backdoorStream.read()
@ -178,11 +178,10 @@ class Web:
            # Upload the uploader agent
            self.__webFileInject(uploaderContent, uploaderName, directory)
            
-            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/")
+            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/").replace("//", "/")
            if isWindowsPath(requestDir):
                requestDir = requestDir[2:]
-            while requestDir.find('//') != -1:
-                requestDir = requestDir.replace('//', '/')
+            requestDir  = normalizePath(requestDir)
            
            self.webBaseUrl     = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
            self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName)
@ -203,9 +202,9 @@ class Web:
            if self.webApi == "asp":
                runcmdName = "tmpe%s.exe" % randomStr(4)
                runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
-                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
+                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)

-                if match:
+                if match:
                    backdoorDirectory = match.group(1)
                else:
                    continue