sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

some refactoring and one less request for aspx maintanance during --os-shell

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-24 14:20:43 +00:00
parent 253eafb643
commit 6712f4da55
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/core/common.py
View File

@ -1424,7 +1424,7 @@ def goGoodSamaritan(prevValue, originalCharset):
else:
return None, None, None, originalCharset
def getCompiledRegex(regex, *args):
def getCompiledRegex(regex, flags=0):
"""
Returns compiled regular expression and stores it in cache for further
usage
@ -1432,11 +1432,11 @@ def getCompiledRegex(regex, *args):
<_sre.SRE_Pattern object at...
"""
if (regex, args) in kb.cache.regex:
return kb.cache.regex[(regex, args)]
if (regex, flags) in kb.cache.regex:
return kb.cache.regex[(regex, flags)]
else:
retVal = re.compile(regex, *args)
kb.cache.regex[(regex, args)] = retVal
retVal = re.compile(regex, flags)
kb.cache.regex[(regex, flags)] = retVal
return retVal
def getPartRun():
@ -1628,11 +1628,11 @@ def getPublicTypeMembers(type_):
return retVal
def extractRegexResult(regex, content):
def extractRegexResult(regex, content, flags=0):
retVal = None
if regex and content and '?P<result>' in regex:
match = re.search(regex, content)
match = re.search(regex, content, flags)
if match:
retVal = match.group("result")

9
lib/takeover/web.py
View File

@ -85,9 +85,8 @@ class Web:
}
if self.webApi == "aspx":
page = Request.getPage(url=self.webStagerUrl, content=True, raise404=False)
multipartParams['__EVENTVALIDATION'] = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
multipartParams['__VIEWSTATE'] = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)
@ -212,6 +211,10 @@ class Web:
logger.warn(warnMsg)
continue
elif self.webApi == "aspx":
kb.data.__EVENTVALIDATION = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
kb.data.__VIEWSTATE = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
infoMsg = "the file stager has been successfully uploaded "
infoMsg += "on '%s' ('%s')" % (directory, self.webStagerUrl)
logger.info(infoMsg)