Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 359e734

Browse files
stamparmstamparm
committed
Minor refactoring
1 parent 32181d9 commit 359e734

4 files changed

Lines changed: 21 additions & 11 deletions

File tree

lib/core/enums.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -229,3 +229,9 @@ class ADJUST_TIME_DELAY:
229229
DISABLE = -1
230230
NO = 0
231231
YES = 1
232+
233+
class WEB_API:
234+
PHP = "php"
235+
ASP = "asp"
236+
ASPX = "aspx"
237+
JSP = "jsp"

lib/core/settings.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -469,10 +469,10 @@
469469
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException")
470470

471471
# Regular expression used for extracting ASP.NET view state values
472-
VIEWSTATE_REGEX = r'(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<value>[^"]+)'
472+
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'
473473

474474
# Regular expression used for extracting ASP.NET event validation values
475-
EVENTVALIDATION_REGEX = r'(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<value>[^"]+)'
475+
EVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^"]*)[^>]+value="(?P<result>[^"]+)'
476476

477477
# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)
478478
LIMITED_ROWS_TEST_NUMBER = 15

lib/request/basic.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -265,7 +265,7 @@ def processResponse(page, responseHeaders):
265265

266266
if kb.originalPage is None:
267267
for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):
268-
match = re.search(regex, page, re.I)
268+
match = re.search(regex, page)
269269
if match and PLACE.POST in conf.parameters:
270270
name, value = match.groups()
271271
if PLACE.POST in conf.paramDict and name in conf.paramDict[PLACE.POST]:

lib/takeover/web.py

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
from lib.core.common import extractRegexResult
2020
from lib.core.common import getDirs
2121
from lib.core.common import getDocRoot
22+
from lib.core.common import getPublicTypeMembers
2223
from lib.core.common import getSQLSnippet
2324
from lib.core.common import ntToPosixSlashes
2425
from lib.core.common import isTechniqueAvailable
@@ -37,6 +38,9 @@
3738
from lib.core.enums import DBMS
3839
from lib.core.enums import OS
3940
from lib.core.enums import PAYLOAD
41+
from lib.core.enums import WEB_API
42+
from lib.core.settings import EVENTVALIDATION_REGEX
43+
from lib.core.settings import VIEWSTATE_REGEX
4044
from lib.request.connect import Connect as Request
4145

4246

@@ -85,14 +89,14 @@ def webFileUpload(self, fileToUpload, destFileName, directory):
8589
def __webFileStreamUpload(self, stream, destFileName, directory):
8690
stream.seek(0) # Rewind
8791

88-
if self.webApi in ("php", "asp", "aspx", "jsp"):
92+
if self.webApi in getPublicTypeMembers(WEB_API, True):
8993
multipartParams = {
9094
"upload": "1",
9195
"file": stream,
9296
"uploadDir": directory,
9397
}
9498

95-
if self.webApi == "aspx":
99+
if self.webApi == WEB_API.ASPX:
96100
multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
97101
multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE
98102

@@ -141,7 +145,7 @@ def webInit(self):
141145
logger.info(infoMsg)
142146

143147
default = None
144-
choices = ('asp', 'aspx', 'php', 'jsp')
148+
choices = list(getPublicTypeMembers(WEB_API, True))
145149

146150
for ext in choices:
147151
if conf.url.endswith(ext):
@@ -150,9 +154,9 @@ def webInit(self):
150154

151155
if not default:
152156
if Backend.isOs(OS.WINDOWS):
153-
default = "asp"
157+
default = WEB_API.ASP
154158
else:
155-
default = "php"
159+
default = WEB_API.PHP
156160

157161
message = "which web application language does the web server "
158162
message += "support?\n"
@@ -268,9 +272,9 @@ def webInit(self):
268272
logger.warn(warnMsg)
269273
continue
270274

271-
elif self.webApi == "aspx":
272-
kb.data.__EVENTVALIDATION = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
273-
kb.data.__VIEWSTATE = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
275+
elif self.webApi == WEB_API.ASPX:
276+
kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)
277+
kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)
274278

275279
infoMsg = "the file stager has been successfully uploaded "
276280
infoMsg += "on '%s' - %s" % (localPath, self.webStagerUrl)

0 commit comments

Comments
 (0)