From 43df4efd11c5483122dc5ba2392ade8f20e37911 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 16 Feb 2014 21:44:57 +0100 Subject: [PATCH] Bug fix (bad idea is to do os.path.join on web URLs - especially on Windows OS) --- lib/takeover/web.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index e333fe062..538e8a0d3 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -5,6 +5,7 @@ Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import urlparse import os import re import StringIO @@ -222,9 +223,9 @@ class Web: logger.info(infoMsg) self._webFileInject(stagerContent, stagerName, directory) - for x in list(re.finditer('/', directory)): - self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, directory[x.start():]) - self.webStagerUrl = os.path.join(self.webBaseUrl, stagerName) + for match in re.finditer('/', directory): + self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, directory[match.start():]) + self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName) self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName)) debugMsg = "trying to see if the file is accessible from %s" % self.webStagerUrl