mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
fall-back to UNION technique if web file stager was not uploaded with LIMIT
This commit is contained in:
parent
a1d2a7913b
commit
dba0a96c2e
|
@ -14,6 +14,7 @@ from extra.cloak.cloak import decloak
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
|
from lib.core.common import decloakToMkstemp
|
||||||
from lib.core.common import decloakToNamedTemporaryFile
|
from lib.core.common import decloakToNamedTemporaryFile
|
||||||
from lib.core.common import extractRegexResult
|
from lib.core.common import extractRegexResult
|
||||||
from lib.core.common import getDirs
|
from lib.core.common import getDirs
|
||||||
|
@ -238,16 +239,28 @@ class Web:
|
||||||
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
|
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
|
||||||
|
|
||||||
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
||||||
|
|
||||||
uplPage = uplPage or ""
|
uplPage = uplPage or ""
|
||||||
|
|
||||||
if "sqlmap file uploader" not in uplPage:
|
if "sqlmap file uploader" not in uplPage:
|
||||||
warnMsg = "unable to upload the file stager "
|
warnMsg = "unable to upload the file stager "
|
||||||
warnMsg += "on '%s'" % localPath
|
warnMsg += "on '%s'" % localPath
|
||||||
singleTimeWarnMessage(warnMsg)
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
|
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
|
||||||
|
infoMsg = "trying to upload the file stager via "
|
||||||
|
infoMsg += "UNION technique"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
|
||||||
|
self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text")
|
||||||
|
|
||||||
|
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
|
||||||
|
uplPage = uplPage or ""
|
||||||
|
|
||||||
|
if "sqlmap file uploader" not in uplPage:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
elif "<%" in uplPage or "<?" in uplPage:
|
if "<%" in uplPage or "<?" in uplPage:
|
||||||
warnMsg = "file stager uploaded on '%s', " % localPath
|
warnMsg = "file stager uploaded on '%s', " % localPath
|
||||||
warnMsg += "but not dynamically interpreted"
|
warnMsg += "but not dynamically interpreted"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user