mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
This commit is contained in:
parent
a1e80e77a1
commit
ec63fc4036
|
@ -236,15 +236,15 @@ def getDocRoot():
|
||||||
absFilePathWin = None
|
absFilePathWin = None
|
||||||
|
|
||||||
if isWindowsPath(absFilePath):
|
if isWindowsPath(absFilePath):
|
||||||
absFilePathWin = absFilePath.replace("/", "\\")
|
absFilePathWin = posixToNtSlashes(absFilePath)
|
||||||
absFilePath = absFilePath[2:].replace("\\", "/")
|
absFilePath = ntToPosixSlashes(absFilePath[2:])
|
||||||
|
|
||||||
if pagePath in absFilePath:
|
if pagePath in absFilePath:
|
||||||
index = absFilePath.index(pagePath)
|
index = absFilePath.index(pagePath)
|
||||||
docRoot = absFilePath[:index]
|
docRoot = absFilePath[:index]
|
||||||
|
|
||||||
if absFilePathWin:
|
if absFilePathWin:
|
||||||
docRoot = "C:/%s" % docRoot.replace("\\", "/")
|
docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
|
||||||
|
|
||||||
docRoot = normalizePath(docRoot)
|
docRoot = normalizePath(docRoot)
|
||||||
break
|
break
|
||||||
|
@ -908,3 +908,9 @@ def decloakToMkstemp(filepath, **kwargs):
|
||||||
|
|
||||||
def isWindowsPath(filepath):
|
def isWindowsPath(filepath):
|
||||||
return re.search("\A[A-Za-z]:", filepath) is not None
|
return re.search("\A[A-Za-z]:", filepath) is not None
|
||||||
|
|
||||||
|
def posixToNtSlashes(filepath):
|
||||||
|
return filepath.replace('/', '\\')
|
||||||
|
|
||||||
|
def ntToPosixSlashes(filepath):
|
||||||
|
return filepath.replace('\\', '/')
|
||||||
|
|
|
@ -35,6 +35,7 @@ import urlparse
|
||||||
from ConfigParser import ConfigParser
|
from ConfigParser import ConfigParser
|
||||||
|
|
||||||
from lib.core.common import getFileType
|
from lib.core.common import getFileType
|
||||||
|
from lib.core.common import ntToPosixSlashes
|
||||||
from lib.core.common import parseTargetUrl
|
from lib.core.common import parseTargetUrl
|
||||||
from lib.core.common import paths
|
from lib.core.common import paths
|
||||||
from lib.core.common import randomRange
|
from lib.core.common import randomRange
|
||||||
|
@ -903,19 +904,19 @@ def __cleanupOptions():
|
||||||
conf.delay = float(conf.delay)
|
conf.delay = float(conf.delay)
|
||||||
|
|
||||||
if conf.rFile:
|
if conf.rFile:
|
||||||
conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
|
conf.rFile = os.path.normpath(ntToPosixSlashes(conf.rFile))
|
||||||
|
|
||||||
if conf.wFile:
|
if conf.wFile:
|
||||||
conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
|
conf.wFile = os.path.normpath(ntToPosixSlashes(conf.wFile))
|
||||||
|
|
||||||
if conf.dFile:
|
if conf.dFile:
|
||||||
conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
|
conf.dFile = os.path.normpath(ntToPosixSlashes(conf.dFile))
|
||||||
|
|
||||||
if conf.msfPath:
|
if conf.msfPath:
|
||||||
conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
|
conf.msfPath = os.path.normpath(ntToPosixSlashes(conf.msfPath))
|
||||||
|
|
||||||
if conf.tmpPath:
|
if conf.tmpPath:
|
||||||
conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
|
conf.tmpPath = os.path.normpath(ntToPosixSlashes(conf.tmpPath))
|
||||||
|
|
||||||
if conf.googleDork or conf.list:
|
if conf.googleDork or conf.list:
|
||||||
conf.multipleTargets = True
|
conf.multipleTargets = True
|
||||||
|
|
|
@ -30,6 +30,7 @@ import zlib
|
||||||
|
|
||||||
from lib.core.common import directoryPath
|
from lib.core.common import directoryPath
|
||||||
from lib.core.common import isWindowsPath
|
from lib.core.common import isWindowsPath
|
||||||
|
from lib.core.common import posixToNtSlashes
|
||||||
from lib.core.common import urlEncodeCookieValues
|
from lib.core.common import urlEncodeCookieValues
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
|
@ -83,7 +84,7 @@ def parseResponse(page, headers):
|
||||||
absFilePath = match.group("result").strip()
|
absFilePath = match.group("result").strip()
|
||||||
page = page.replace(absFilePath, "")
|
page = page.replace(absFilePath, "")
|
||||||
if isWindowsPath(absFilePath):
|
if isWindowsPath(absFilePath):
|
||||||
absFilePath = absFilePath.replace("/", "\\")
|
absFilePath = posixToNtSlashes(absFilePath)
|
||||||
if absFilePath not in kb.absFilePaths:
|
if absFilePath not in kb.absFilePaths:
|
||||||
kb.absFilePaths.add(absFilePath)
|
kb.absFilePaths.add(absFilePath)
|
||||||
|
|
||||||
|
|
|
@ -31,8 +31,10 @@ from lib.core.common import decloakToNamedTemporaryFile
|
||||||
from lib.core.common import fileToStr
|
from lib.core.common import fileToStr
|
||||||
from lib.core.common import getDirs
|
from lib.core.common import getDirs
|
||||||
from lib.core.common import getDocRoot
|
from lib.core.common import getDocRoot
|
||||||
|
from lib.core.common import ntToPosixSlashes
|
||||||
from lib.core.common import isWindowsPath
|
from lib.core.common import isWindowsPath
|
||||||
from lib.core.common import normalizePath
|
from lib.core.common import normalizePath
|
||||||
|
from lib.core.common import posixToNtSlashes
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.convert import hexencode
|
from lib.core.convert import hexencode
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -90,6 +92,7 @@ class Web:
|
||||||
"file": stream,
|
"file": stream,
|
||||||
"uploadDir": directory,
|
"uploadDir": directory,
|
||||||
}
|
}
|
||||||
|
|
||||||
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
|
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
|
||||||
|
|
||||||
if "File uploaded" not in page:
|
if "File uploaded" not in page:
|
||||||
|
@ -174,7 +177,7 @@ class Web:
|
||||||
for directory in directories:
|
for directory in directories:
|
||||||
# Upload the uploader agent
|
# Upload the uploader agent
|
||||||
outFile = normalizePath("%s/%s" % (directory, uploaderName))
|
outFile = normalizePath("%s/%s" % (directory, uploaderName))
|
||||||
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory)
|
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)
|
||||||
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
|
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
|
||||||
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
|
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
|
||||||
query = agent.prefixQuery(" %s" % query)
|
query = agent.prefixQuery(" %s" % query)
|
||||||
|
@ -182,13 +185,13 @@ class Web:
|
||||||
payload = agent.payload(newValue=query)
|
payload = agent.payload(newValue=query)
|
||||||
page = Request.queryPage(payload)
|
page = Request.queryPage(payload)
|
||||||
|
|
||||||
requestDir = directory.replace('\\', '/').replace(kb.docRoot.replace('\\', '/'), "/").replace("//", "/")
|
requestDir = ntToPosixSlashes(directory).replace(ntToPosixBrackets(kb.docRoot), "/").replace("//", "/")
|
||||||
if isWindowsPath(requestDir):
|
if isWindowsPath(requestDir):
|
||||||
requestDir = requestDir[2:]
|
requestDir = requestDir[2:]
|
||||||
requestDir = normalizePath(requestDir)
|
requestDir = normalizePath(requestDir)
|
||||||
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
|
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
|
||||||
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
|
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
|
||||||
self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
|
self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
|
||||||
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
|
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
|
||||||
|
|
||||||
if "sqlmap file uploader" not in uplPage:
|
if "sqlmap file uploader" not in uplPage:
|
||||||
|
@ -202,17 +205,15 @@ class Web:
|
||||||
infoMsg += "on '%s'" % directory
|
infoMsg += "on '%s'" % directory
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
if kb.os == "Windows":
|
||||||
|
directory = posixToNtSlashes(directory)
|
||||||
|
|
||||||
if self.__webFileStreamUpload(backdoorStream, backdoorName, directory):
|
if self.__webFileStreamUpload(backdoorStream, backdoorName, directory):
|
||||||
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
|
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
|
||||||
self.webDirectory = directory
|
self.webDirectory = directory
|
||||||
|
|
||||||
infoMsg = "the backdoor has probably been successfully "
|
infoMsg = "the backdoor has probably been successfully "
|
||||||
infoMsg += "uploaded on '%s', go with your browser " % directory
|
infoMsg += "uploaded on '%s', go with your browser " % directory
|
||||||
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
|
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
else:
|
|
||||||
infoMsg = "the backdoor hasn't been successfully "
|
|
||||||
infoMsg += "uploaded on '%s'" % directory
|
|
||||||
logger.warn(infoMsg)
|
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
|
@ -31,6 +31,7 @@ from lib.core.common import formatDBMSfp
|
||||||
from lib.core.common import formatFingerprint
|
from lib.core.common import formatFingerprint
|
||||||
from lib.core.common import getHtmlErrorFp
|
from lib.core.common import getHtmlErrorFp
|
||||||
from lib.core.common import getRange
|
from lib.core.common import getRange
|
||||||
|
from lib.core.common import posixToNtSlashes
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.convert import urlencode
|
from lib.core.convert import urlencode
|
||||||
|
@ -496,9 +497,9 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
debugSize = 0xFF00
|
debugSize = 0xFF00
|
||||||
tmpPath = conf.tmpPath.replace("/", "\\")
|
tmpPath = posixToNtSlashes(conf.tmpPath)
|
||||||
dFileName = os.path.split(dFile)[1]
|
dFileName = os.path.split(dFile)[1]
|
||||||
dFile = dFile.replace("/", "\\")
|
dFile = posixToNtSlashes(dFile)
|
||||||
wFileSize = os.path.getsize(wFile)
|
wFileSize = os.path.getsize(wFile)
|
||||||
wFilePointer = open(wFile, "rb")
|
wFilePointer = open(wFile, "rb")
|
||||||
wFileContent = wFilePointer.read()
|
wFileContent = wFilePointer.read()
|
||||||
|
|
|
@ -29,6 +29,7 @@ from lib.core.agent import agent
|
||||||
from lib.core.common import formatDBMSfp
|
from lib.core.common import formatDBMSfp
|
||||||
from lib.core.common import formatFingerprint
|
from lib.core.common import formatFingerprint
|
||||||
from lib.core.common import getHtmlErrorFp
|
from lib.core.common import getHtmlErrorFp
|
||||||
|
from lib.core.common import ntToPosixSlashes
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -496,7 +497,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||||
|
|
||||||
# Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir
|
# Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir
|
||||||
self.__basedir = inject.getValue("SELECT @@basedir")
|
self.__basedir = inject.getValue("SELECT @@basedir")
|
||||||
self.__basedir = os.path.normpath(self.__basedir.replace("\\", "/"))
|
self.__basedir = os.path.normpath(ntToPosixSlashes(self.__basedir))
|
||||||
|
|
||||||
if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I):
|
if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I):
|
||||||
kb.os = "Windows"
|
kb.os = "Windows"
|
||||||
|
@ -517,7 +518,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||||
# NOTE: specifying the relative path as './udf.dll'
|
# NOTE: specifying the relative path as './udf.dll'
|
||||||
# saves in @@datadir on both MySQL 4.1 and MySQL 5.0
|
# saves in @@datadir on both MySQL 4.1 and MySQL 5.0
|
||||||
self.__datadir = "."
|
self.__datadir = "."
|
||||||
self.__datadir = os.path.normpath(self.__datadir.replace("\\", "/"))
|
self.__datadir = os.path.normpath(ntToPosixSlashes(self.__datadir))
|
||||||
|
|
||||||
if re.search("[\w]\:\/", self.__datadir, re.I):
|
if re.search("[\w]\:\/", self.__datadir, re.I):
|
||||||
kb.os = "Windows"
|
kb.os = "Windows"
|
||||||
|
|
|
@ -25,6 +25,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
|
|
||||||
|
from lib.core.common import ntToPosixSlashes
|
||||||
|
from lib.core.common import posixToNtSlashes
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
|
@ -65,7 +67,7 @@ class Miscellaneous:
|
||||||
if re.search("^[\w]\:[\/\\\\]+", conf.tmpPath, re.I):
|
if re.search("^[\w]\:[\/\\\\]+", conf.tmpPath, re.I):
|
||||||
kb.os = "Windows"
|
kb.os = "Windows"
|
||||||
|
|
||||||
conf.tmpPath = conf.tmpPath.replace("\\", "/")
|
conf.tmpPath = ntToPosixSlashes(conf.tmpPath)
|
||||||
conf.tmpPath = os.path.normpath(conf.tmpPath)
|
conf.tmpPath = os.path.normpath(conf.tmpPath)
|
||||||
|
|
||||||
setRemoteTempPath()
|
setRemoteTempPath()
|
||||||
|
@ -77,7 +79,7 @@ class Miscellaneous:
|
||||||
if doubleslash:
|
if doubleslash:
|
||||||
tempFile = tempFile.replace("/", "\\\\")
|
tempFile = tempFile.replace("/", "\\\\")
|
||||||
else:
|
else:
|
||||||
tempFile = tempFile.replace("/", "\\")
|
tempFile = posixToNtSlashes(tempFile)
|
||||||
|
|
||||||
cmd = "del /F /Q %s" % tempFile
|
cmd = "del /F /Q %s" % tempFile
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user