sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Patch for an Issue #740

Browse Source
This commit is contained in:
Miroslav Stampar 2014-06-29 00:27:23 +02:00
parent 686fe4d0e9
commit c2f14e57e7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/takeover/web.py
View File

@ -41,6 +41,7 @@ from lib.core.enums import DBMS
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import WEB_API from lib.core.enums import WEB_API
from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
from lib.core.settings import EVENTVALIDATION_REGEX from lib.core.settings import EVENTVALIDATION_REGEX
from lib.core.settings import VIEWSTATE_REGEX from lib.core.settings import VIEWSTATE_REGEX
@ -346,7 +347,11 @@ class Web:
testStr = "command execution test" testStr = "command execution test"
output = self.webBackdoorRunCmd("echo %s" % testStr) output = self.webBackdoorRunCmd("echo %s" % testStr)
if output and testStr in output: if output == "0":
warnMsg = "the backdoor has been uploaded but required privileges "
warnMsg += "for running the system commands are missing"
raise SqlmapNoneDataException(warnMsg)
elif output and testStr in output:
infoMsg = "the backdoor has been successfully " infoMsg = "the backdoor has been successfully "
else: else:
infoMsg = "the backdoor has probably been successfully " infoMsg = "the backdoor has probably been successfully "