From 236ca9b952fdf673d50b421f07ea94c67e000d80 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 4 Jan 2010 10:47:09 +0000 Subject: [PATCH] Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). --- plugins/generic/takeover.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 3af05252a..1d1709c78 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -169,7 +169,7 @@ class Takeover(Abstraction, Metasploit, Registry): requestDir = os.path.normpath(directory.replace(kb.docRoot, "/").replace("\\", "/")) baseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) uploaderUrl = "%s/%s" % (baseUrl, uploaderName) - uploaderUrl = uploaderUrl.replace("./", "/").replace("\\", "/").replace("//", "/") + uploaderUrl = uploaderUrl.replace("./", "/").replace("\\", "/") uplPage, _ = Request.getPage(url=uploaderUrl, direct=True) if "sqlmap backdoor uploader" not in uplPage: