PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Some filtering

Browse Source
This commit is contained in:
Miroslav Stampar
2014-08-21 01:12:44 +02:00
parent 3cfdb5ff0f
commit c5b71cff10
4 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/takeover/web.py
View File

@@ -46,6 +46,7 @@ from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
from lib.core.settings import EVENTVALIDATION_REGEX
from lib.core.settings import VIEWSTATE_REGEX
from lib.request.connect import Connect as Request
from thirdparty.oset.pyoset import oset
class Web:
@@ -197,7 +198,7 @@ class Web:
directories = list(arrayizeValue(getManualDirectories()))
directories.extend(getAutoDirectories())
directories = sorted(set(directories))
directories = list(oset(directories))
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi))
@@ -220,9 +221,9 @@ class Web:
else:
directory = directory[2:] if isWindowsDriveLetterPath(directory) else directory
# Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE technique
# Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method
infoMsg = "trying to upload the file stager on '%s' " % directory
infoMsg += "via LIMIT 'LINES TERMINATED BY' technique"
infoMsg += "via LIMIT 'LINES TERMINATED BY' method"
logger.info(infoMsg)
self._webFileInject(stagerContent, stagerName, directory)
@@ -239,7 +240,7 @@ class Web:
uploaded = True
break
# Fall-back to UNION queries file upload technique
# Fall-back to UNION queries file upload method
if not uploaded:
warnMsg = "unable to upload the file stager "
warnMsg += "on '%s'" % directory
@@ -247,7 +248,7 @@ class Web:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
infoMsg = "trying to upload the file stager on '%s' " % directory
infoMsg += "via UNION technique"
infoMsg += "via UNION method"
logger.info(infoMsg)
handle, filename = mkstemp()