mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 12:33:49 +03:00
Important refactoring for web-based functionality
This commit is contained in:
parent
81ccf28785
commit
5358d85d37
|
@ -36,7 +36,6 @@ from math import sqrt
|
||||||
from optparse import OptionValueError
|
from optparse import OptionValueError
|
||||||
from subprocess import PIPE
|
from subprocess import PIPE
|
||||||
from subprocess import Popen as execute
|
from subprocess import Popen as execute
|
||||||
from tempfile import NamedTemporaryFile
|
|
||||||
from tempfile import mkstemp
|
from tempfile import mkstemp
|
||||||
from xml.etree import ElementTree as ET
|
from xml.etree import ElementTree as ET
|
||||||
from xml.dom import minidom
|
from xml.dom import minidom
|
||||||
|
@ -1401,37 +1400,11 @@ def showStaticWords(firstPage, secondPage):
|
||||||
|
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
def decloakToNamedTemporaryFile(filepath, name=None):
|
def decloakToNamedStream(filepath, name=None):
|
||||||
retVal = NamedTemporaryFile()
|
class _(StringIO):
|
||||||
|
__len__ = property(lambda self: self.len)
|
||||||
def __del__():
|
retVal = _(decloak(filepath))
|
||||||
try:
|
retVal.name = name
|
||||||
if hasattr(retVal, 'old_name'):
|
|
||||||
retVal.name = retVal.old_name
|
|
||||||
retVal.close()
|
|
||||||
except OSError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
retVal.__del__ = __del__
|
|
||||||
retVal.write(decloak(filepath))
|
|
||||||
retVal.seek(0)
|
|
||||||
|
|
||||||
if name:
|
|
||||||
retVal.old_name = retVal.name
|
|
||||||
retVal.name = name
|
|
||||||
|
|
||||||
return retVal
|
|
||||||
|
|
||||||
def decloakToMkstemp(filepath, **kwargs):
|
|
||||||
handle, name = mkstemp(**kwargs)
|
|
||||||
|
|
||||||
_ = os.fdopen(handle)
|
|
||||||
_.close() # close low level handle (causing problems latter)
|
|
||||||
|
|
||||||
retVal = open(name, 'w+b')
|
|
||||||
|
|
||||||
retVal.write(decloak(filepath))
|
|
||||||
retVal.seek(0)
|
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -10,12 +10,13 @@ import os
|
||||||
import posixpath
|
import posixpath
|
||||||
import re
|
import re
|
||||||
|
|
||||||
|
from tempfile import mkstemp
|
||||||
|
|
||||||
from extra.cloak.cloak import decloak
|
from extra.cloak.cloak import decloak
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
from lib.core.common import decloakToMkstemp
|
from lib.core.common import decloakToNamedStream
|
||||||
from lib.core.common import decloakToNamedTemporaryFile
|
|
||||||
from lib.core.common import extractRegexResult
|
from lib.core.common import extractRegexResult
|
||||||
from lib.core.common import getDirs
|
from lib.core.common import getDirs
|
||||||
from lib.core.common import getDocRoot
|
from lib.core.common import getDocRoot
|
||||||
|
@ -187,7 +188,7 @@ class Web:
|
||||||
directories = sorted(getDirs())
|
directories = sorted(getDirs())
|
||||||
|
|
||||||
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
|
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
|
||||||
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
|
backdoorStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
|
||||||
originalBackdoorContent = backdoorContent = backdoorStream.read()
|
originalBackdoorContent = backdoorContent = backdoorStream.read()
|
||||||
|
|
||||||
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
|
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
|
||||||
|
@ -255,8 +256,15 @@ class Web:
|
||||||
infoMsg += "UNION technique"
|
infoMsg += "UNION technique"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
|
handle, filename = mkstemp()
|
||||||
self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text")
|
os.fdopen(handle).close() # close low level handle (causing problems latter)
|
||||||
|
|
||||||
|
with open(filename, "w+") as f:
|
||||||
|
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
|
||||||
|
_ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
|
||||||
|
f.write(_)
|
||||||
|
|
||||||
|
self.unionWriteFile(filename, self.webStagerFilePath, "text")
|
||||||
|
|
||||||
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
||||||
uplPage = uplPage or ""
|
uplPage = uplPage or ""
|
||||||
|
@ -282,7 +290,7 @@ class Web:
|
||||||
|
|
||||||
if self.webApi == WEB_API.ASP:
|
if self.webApi == WEB_API.ASP:
|
||||||
runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
|
runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
|
||||||
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
|
runcmdStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
|
||||||
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
|
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
|
||||||
|
|
||||||
if match:
|
if match:
|
||||||
|
@ -291,7 +299,7 @@ class Web:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
|
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
|
||||||
backdoorStream.file.truncate()
|
backdoorStream.truncate()
|
||||||
backdoorStream.read()
|
backdoorStream.read()
|
||||||
backdoorStream.seek(0)
|
backdoorStream.seek(0)
|
||||||
backdoorStream.write(backdoorContent)
|
backdoorStream.write(backdoorContent)
|
||||||
|
|
5
thirdparty/multipart/multipartpost.py
vendored
5
thirdparty/multipart/multipartpost.py
vendored
|
@ -24,6 +24,7 @@ import mimetools
|
||||||
import mimetypes
|
import mimetypes
|
||||||
import os
|
import os
|
||||||
import stat
|
import stat
|
||||||
|
import StringIO
|
||||||
import sys
|
import sys
|
||||||
import urllib
|
import urllib
|
||||||
import urllib2
|
import urllib2
|
||||||
|
@ -52,7 +53,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
for(key, value) in data.items():
|
for(key, value) in data.items():
|
||||||
if type(value) == file or hasattr(value, 'file'):
|
if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO):
|
||||||
v_files.append((key, value))
|
v_files.append((key, value))
|
||||||
else:
|
else:
|
||||||
v_vars.append((key, value))
|
v_vars.append((key, value))
|
||||||
|
@ -85,7 +86,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
|
||||||
buf += '\r\n\r\n' + value + '\r\n'
|
buf += '\r\n\r\n' + value + '\r\n'
|
||||||
|
|
||||||
for (key, fd) in files:
|
for (key, fd) in files:
|
||||||
file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
|
file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
|
||||||
filename = fd.name.split('/')[-1]
|
filename = fd.name.split('/')[-1]
|
||||||
contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
|
contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
|
||||||
buf += '--%s\r\n' % boundary
|
buf += '--%s\r\n' % boundary
|
||||||
|
|
Loading…
Reference in New Issue
Block a user