diff --git a/lib/core/common.py b/lib/core/common.py
index 8e43207a5..06291130c 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -222,12 +222,15 @@ def getHtmlErrorFp():
 
     return htmlParsed
 
-def getDocRoot():
+def getDocRoot(webApi=None):
     docRoot = None
     pagePath = directoryPath(conf.path)
 
     if kb.os == "Windows":
-        defaultDocRoot = "C:/Inetpub/wwwroot/"
+        if webApi == "php":
+            defaultDocRoot = "C:/xampp/htdocs/"
+        else:
+            defaultDocRoot = "C:/Inetpub/wwwroot/"
     else:
         defaultDocRoot = "/var/www/"
 
@@ -270,11 +273,14 @@ def getDocRoot():
 
     return docRoot
 
-def getDirs():
+def getDirs(webApi=None):
     directories = set()
 
     if kb.os == "Windows":
-        defaultDirs = ["C:/Inetpub/wwwroot/", "C:/xampp/htdocs/"]
+        if webApi == "php":
+            defaultDirs = ["C:/xampp/htdocs/"]
+        else:
+            defaultDirs = ["C:/Inetpub/wwwroot/"]
     else:
         defaultDirs = ["/var/www/"]
 
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 5d06a4759..ad853862b 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -131,11 +131,6 @@ class Web:
 
         self.checkDbmsOs()
 
-        kb.docRoot  = getDocRoot()
-        directories = getDirs()
-        directories = list(directories)
-        directories.sort()
-
         infoMsg = "trying to upload the uploader agent"
         logger.info(infoMsg)
 
@@ -167,6 +162,11 @@ class Web:
             elif int(choice) < 1 or int(choice) > 3:
                 logger.warn("invalid value, it must be 1 or 3")
 
+        kb.docRoot  = getDocRoot(self.webApi)
+        directories = getDirs(self.webApi)
+        directories = list(directories)
+        directories.sort()
+
         backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
         backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
         originalBackdoorContent = backdoorContent = backdoorStream.read()
@@ -178,11 +178,10 @@ class Web:
             # Upload the uploader agent
             self.__webFileInject(uploaderContent, uploaderName, directory)
             
-            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/")
+            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/").replace("//", "/")
             if isWindowsPath(requestDir):
                 requestDir = requestDir[2:]
-            while requestDir.find('//') != -1:
-                requestDir = requestDir.replace('//', '/')
+            requestDir  = normalizePath(requestDir)
             
             self.webBaseUrl     = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
             self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName)
@@ -203,9 +202,9 @@ class Web:
             if self.webApi == "asp":
                 runcmdName = "tmpe%s.exe" % randomStr(4)
                 runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
-                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
+                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
 
-                if match:
+                if match:
                     backdoorDirectory = match.group(1)
                 else:
                     continue