Minor refactoring

2025-01-24 00:04:23 +03:00 · 2012-10-29 10:48:49 +01:00 · 2012-10-29 10:48:49 +01:00 · 359e734954
commit 359e734954
parent 32181d9322
4 changed files with 21 additions and 11 deletions
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -229,3 +229,9 @@ class ADJUST_TIME_DELAY:
    DISABLE = -1
    NO = 0
    YES = 1
+
+class WEB_API:
+    PHP = "php"
+    ASP = "asp"
+    ASPX = "aspx"
+    JSP = "jsp"
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -469,10 +469,10 @@ MAX_HELP_OPTION_LENGTH = 18
 FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException")

 # Regular expression used for extracting ASP.NET view state values
-VIEWSTATE_REGEX = r'(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<value>[^"]+)'
+VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

 # Regular expression used for extracting ASP.NET event validation values
-EVENTVALIDATION_REGEX = r'(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<value>[^"]+)'
+EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<result>[^"]+)'

 # Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
 LIMITED_ROWS_TEST_NUMBER = 15
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -265,7 +265,7 @@ def processResponse(page, responseHeaders):

    if kb.originalPage is None:
        for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):
-            match = re.search(regex, page, re.I)
+            match = re.search(regex, page)
            if match and PLACE.POST in conf.parameters:
                name, value = match.groups()
                if PLACE.POST in conf.paramDict and name in conf.paramDict[PLACE.POST]:
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -19,6 +19,7 @@ from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import extractRegexResult
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
+from lib.core.common import getPublicTypeMembers
 from lib.core.common import getSQLSnippet
 from lib.core.common import ntToPosixSlashes
 from lib.core.common import isTechniqueAvailable
@ -37,6 +38,9 @@ from lib.core.data import paths
 from lib.core.enums import DBMS
 from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
+from lib.core.enums import WEB_API
+from lib.core.settings import EVENTVALIDATION_REGEX
+from lib.core.settings import VIEWSTATE_REGEX
 from lib.request.connect import Connect as Request


@ -85,14 +89,14 @@ class Web:
    def __webFileStreamUpload(self, stream, destFileName, directory):
        stream.seek(0) # Rewind

-        if self.webApi in ("php", "asp", "aspx", "jsp"):
+        if self.webApi in getPublicTypeMembers(WEB_API, True):
            multipartParams = {
                                "upload":    "1",
                                "file":      stream,
                                "uploadDir": directory,
                              }

-            if self.webApi == "aspx":
+            if self.webApi == WEB_API.ASPX:
                multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
                multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE

@ -141,7 +145,7 @@ class Web:
        logger.info(infoMsg)

        default = None
-        choices = ('asp', 'aspx', 'php', 'jsp')
+        choices = list(getPublicTypeMembers(WEB_API, True))

        for ext in choices:
            if conf.url.endswith(ext):
@ -150,9 +154,9 @@ class Web:

        if not default:
            if Backend.isOs(OS.WINDOWS):
-                default = "asp"
+                default = WEB_API.ASP
            else:
-                default = "php"
+                default = WEB_API.PHP

        message = "which web application language does the web server "
        message += "support?\n"
@ -268,9 +272,9 @@ class Web:
                    logger.warn(warnMsg)
                    continue

-                elif self.webApi == "aspx":
-                    kb.data.__EVENTVALIDATION = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
-                    kb.data.__VIEWSTATE = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
+                elif self.webApi == WEB_API.ASPX:
+                    kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)
+                    kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)

                infoMsg = "the file stager has been successfully uploaded "
                infoMsg += "on '%s' - %s" % (localPath, self.webStagerUrl)