Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0ed5ba5

Browse files
stamparmstamparm
committed
minor update
1 parent c4951fd commit 0ed5ba5

1 file changed

Lines changed: 3 additions & 4 deletions

File tree

lib/takeover/web.py

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,8 @@ def webFileUpload(self, fileToUpload, destFileName, directory):
8686
return retVal
8787

8888
def __webFileStreamUpload(self, stream, destFileName, directory):
89+
stream.seek(0) #rewind
90+
8991
if self.webApi in ("php", "asp"):
9092
multipartParams = {
9193
"upload": "1",
@@ -95,9 +97,6 @@ def __webFileStreamUpload(self, stream, destFileName, directory):
9597

9698
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)
9799

98-
if stream:
99-
stream.seek(0)
100-
101100
if "File uploaded" not in page:
102101
warnMsg = "unable to upload the backdoor through "
103102
warnMsg += "the uploader agent on '%s'" % directory
@@ -118,6 +117,7 @@ def __webFileInject(self, fileContent, fileName, directory):
118117
query = agent.postfixQuery(query)
119118
payload = agent.payload(newValue=query)
120119
page = Request.queryPage(payload)
120+
return page
121121

122122
def webInit(self):
123123
"""
@@ -169,7 +169,6 @@ def webInit(self):
169169
backdoorName = "backdoor.%s" % self.webApi
170170
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)
171171
backdoorContent = backdoorStream.read()
172-
backdoorStream.seek(0)
173172

174173
uploaderName = "uploader.%s" % self.webApi
175174
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))

0 commit comments

Comments
 (0)