PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-05 22:29:14 +00:00
Code Issues Projects Releases Wiki Activity

code refactoring - added functions posixToNtSlashes and ntToPosixSlashes

Browse Source
This commit is contained in:
Miroslav Stampar
2010-02-04 14:37:00 +00:00
parent a1e80e77a1
commit ec63fc4036
7 changed files with 37 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/core/common.py
View File

@@ -236,15 +236,15 @@ def getDocRoot():
absFilePathWin = None
if isWindowsPath(absFilePath):
absFilePathWin = absFilePath.replace("/", "\\")
absFilePath = absFilePath[2:].replace("\\", "/")
absFilePathWin = posixToNtSlashes(absFilePath)
absFilePath = ntToPosixSlashes(absFilePath[2:])
if pagePath in absFilePath:
index = absFilePath.index(pagePath)
docRoot = absFilePath[:index]
if absFilePathWin:
docRoot = "C:/%s" % docRoot.replace("\\", "/")
docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
docRoot = normalizePath(docRoot)
break
@@ -908,3 +908,9 @@ def decloakToMkstemp(filepath, **kwargs):
def isWindowsPath(filepath):
return re.search("\A[A-Za-z]:", filepath) is not None
def posixToNtSlashes(filepath):
return filepath.replace('/', '\\')
def ntToPosixSlashes(filepath):
return filepath.replace('\\', '/')

11
lib/core/option.py
View File

@@ -35,6 +35,7 @@ import urlparse
from ConfigParser import ConfigParser
from lib.core.common import getFileType
from lib.core.common import ntToPosixSlashes
from lib.core.common import parseTargetUrl
from lib.core.common import paths
from lib.core.common import randomRange
@@ -903,19 +904,19 @@ def __cleanupOptions():
conf.delay = float(conf.delay)
if conf.rFile:
conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
conf.rFile = os.path.normpath(ntToPosixSlashes(conf.rFile))
if conf.wFile:
conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
conf.wFile = os.path.normpath(ntToPosixSlashes(conf.wFile))
if conf.dFile:
conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
conf.dFile = os.path.normpath(ntToPosixSlashes(conf.dFile))
if conf.msfPath:
conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
conf.msfPath = os.path.normpath(ntToPosixSlashes(conf.msfPath))
if conf.tmpPath:
conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
conf.tmpPath = os.path.normpath(ntToPosixSlashes(conf.tmpPath))
if conf.googleDork or conf.list:
conf.multipleTargets = True

3
lib/request/basic.py
View File

@@ -30,6 +30,7 @@ import zlib
from lib.core.common import directoryPath
from lib.core.common import isWindowsPath
from lib.core.common import posixToNtSlashes
from lib.core.common import urlEncodeCookieValues
from lib.core.data import conf
from lib.core.data import kb
@@ -83,7 +84,7 @@ def parseResponse(page, headers):
absFilePath = match.group("result").strip()
page = page.replace(absFilePath, "")
if isWindowsPath(absFilePath):
absFilePath = absFilePath.replace("/", "\\")
absFilePath = posixToNtSlashes(absFilePath)
if absFilePath not in kb.absFilePaths:
kb.absFilePaths.add(absFilePath)

19
lib/takeover/web.py
View File

@@ -31,8 +31,10 @@ from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import fileToStr
from lib.core.common import getDirs
from lib.core.common import getDocRoot
from lib.core.common import ntToPosixSlashes
from lib.core.common import isWindowsPath
from lib.core.common import normalizePath
from lib.core.common import posixToNtSlashes
from lib.core.common import readInput
from lib.core.convert import hexencode
from lib.core.data import conf
@@ -90,6 +92,7 @@ class Web:
"file": stream,
"uploadDir": directory,
}
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
if "File uploaded" not in page:
@@ -174,7 +177,7 @@ class Web:
for directory in directories:
# Upload the uploader agent
outFile = normalizePath("%s/%s" % (directory, uploaderName))
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory)
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
query = agent.prefixQuery(" %s" % query)
@@ -182,13 +185,13 @@ class Web:
payload = agent.payload(newValue=query)
page = Request.queryPage(payload)
requestDir = directory.replace('\\', '/').replace(kb.docRoot.replace('\\', '/'), "/").replace("//", "/")
requestDir = ntToPosixSlashes(directory).replace(ntToPosixBrackets(kb.docRoot), "/").replace("//", "/")
if isWindowsPath(requestDir):
requestDir = requestDir[2:]
requestDir = normalizePath(requestDir)
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
if "sqlmap file uploader" not in uplPage:
@@ -201,18 +204,16 @@ class Web:
infoMsg = "the uploader agent has been successfully uploaded "
infoMsg += "on '%s'" % directory
logger.info(infoMsg)
if kb.os == "Windows":
directory = posixToNtSlashes(directory)
if self.__webFileStreamUpload(backdoorStream, backdoorName, directory):
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = directory
infoMsg = "the backdoor has probably been successfully "
infoMsg += "uploaded on '%s', go with your browser " % directory
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
logger.info(infoMsg)
else:
infoMsg = "the backdoor hasn't been successfully "
infoMsg += "uploaded on '%s'" % directory
logger.warn(infoMsg)
break