sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-15 10:42:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859).

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-04 10:47:09 +00:00
parent 96a033b51d
commit 236ca9b952
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/generic/takeover.py
View File

@ -169,7 +169,7 @@ class Takeover(Abstraction, Metasploit, Registry):
requestDir = os.path.normpath(directory.replace(kb.docRoot, "/").replace("\\", "/")) requestDir = os.path.normpath(directory.replace(kb.docRoot, "/").replace("\\", "/"))
baseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) baseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
uploaderUrl = "%s/%s" % (baseUrl, uploaderName) uploaderUrl = "%s/%s" % (baseUrl, uploaderName)
uploaderUrl = uploaderUrl.replace("./", "/").replace("\\", "/").replace("//", "/") uploaderUrl = uploaderUrl.replace("./", "/").replace("\\", "/")
uplPage, _ = Request.getPage(url=uploaderUrl, direct=True) uplPage, _ = Request.getPage(url=uploaderUrl, direct=True)
if "sqlmap backdoor uploader" not in uplPage: if "sqlmap backdoor uploader" not in uplPage: