Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dfa9076

Browse files
bdamelebdamele
committed
fixed and improved web shell upload in MySQL (it was actually broken since fc57b75)
1 parent 6863436 commit dfa9076

2 files changed

Lines changed: 158 additions & 150 deletions

File tree

lib/core/common.py

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/usr/bin/env python
22

33
"""
4-
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
4+
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
55
See the file 'doc/COPYING' for copying permission
66
"""
77

@@ -610,15 +610,15 @@ def paramToDict(place, parameters=None):
610610

611611
return testableParameters
612612

613-
def getDocRoot():
614-
docRoot = None
613+
def getManualDirectories():
614+
directories = None
615615
pagePath = directoryPath(conf.path)
616616

617617
defaultDocRoot = DEFAULT_DOC_ROOTS.get(Backend.getOs(), DEFAULT_DOC_ROOTS[OS.LINUX])
618618

619619
if kb.absFilePaths:
620620
for absFilePath in kb.absFilePaths:
621-
if docRoot:
621+
if directories:
622622
break
623623

624624
if directoryPath(absFilePath) == '/':
@@ -636,41 +636,41 @@ def getDocRoot():
636636
_ = "/%s/" % _
637637

638638
if _ in absFilePath:
639-
docRoot = "%s%s" % (absFilePath.split(_)[0], _)
639+
directories = "%s%s" % (absFilePath.split(_)[0], _)
640640
break
641641

642642
if pagePath and pagePath in absFilePath:
643-
docRoot = absFilePath.split(pagePath)[0]
643+
directories = absFilePath.split(pagePath)[0]
644644
if windowsDriveLetter:
645-
docRoot = "%s/%s" % (windowsDriveLetter, ntToPosixSlashes(docRoot))
645+
directories = "%s/%s" % (windowsDriveLetter, ntToPosixSlashes(directories))
646646

647-
docRoot = normalizePath(docRoot)
647+
directories = normalizePath(directories)
648648

649-
if docRoot:
650-
infoMsg = "retrieved the web server document root: '%s'" % docRoot
649+
if directories:
650+
infoMsg = "retrieved the web server document root: '%s'" % directories
651651
logger.info(infoMsg)
652652
else:
653653
warnMsg = "unable to retrieve automatically the web server "
654654
warnMsg += "document root"
655655
logger.warn(warnMsg)
656656

657-
docRoot = []
657+
directories = []
658658

659-
message = "what do you want to use for web server document root?\n"
659+
message = "what do you want to use for writable directory?\n"
660660
message += "[1] common location(s) '%s' (default)\n" % ", ".join(root for root in defaultDocRoot)
661-
message += "[2] custom location\n"
661+
message += "[2] custom location(s)\n"
662662
message += "[3] custom directory list file\n"
663663
message += "[4] brute force search\n"
664664
choice = readInput(message, default="1").strip()
665665

666666
if choice == "2":
667-
message = "please provide the web server document root: "
668-
docRoot = readInput(message, default="").split(',')
667+
message = "please provide a comma separate list of absolute directory paths: "
668+
directories = readInput(message, default="").split(',')
669669
elif choice == "3":
670670
message = "what's the list file location?\n"
671671
listPath = readInput(message, default="")
672672
checkFile(listPath)
673-
docRoot = getFileItems(listPath)
673+
directories = getFileItems(listPath)
674674
elif choice == "4":
675675
targets = set([conf.hostname])
676676
_ = conf.hostname.split('.')
@@ -691,31 +691,30 @@ def getDocRoot():
691691
for target in targets:
692692
item = "%s/%s" % (prefix, suffix)
693693
item = item.replace(BRUTE_DOC_ROOT_TARGET_MARK, target).replace("//", '/').rstrip('/')
694-
docRoot.append(item)
694+
directories.append(item)
695695

696696
if BRUTE_DOC_ROOT_TARGET_MARK not in prefix:
697697
break
698698

699-
infoMsg = "using common document root locations: %s" % ','.join(docRoot)
699+
infoMsg = "using common directories: %s" % ','.join(directories)
700700
logger.info(infoMsg)
701701

702-
msg = "use additional custom "
703-
msg += "document root locations [Enter for None]: "
702+
msg = "use additional custom directories [Enter for None]: "
704703
answer = readInput(msg)
705704

706705
if answer:
707-
docRoot.extend(answer.split(','))
706+
directories.extend(answer.split(','))
708707

709708
else:
710-
docRoot = defaultDocRoot
709+
directories = defaultDocRoot
711710

712-
return docRoot
711+
return directories
713712

714-
def getDirs():
713+
def getAutoDirectories():
715714
directories = set("/")
716715

717716
if kb.absFilePaths:
718-
infoMsg = "retrieved web server full paths: "
717+
infoMsg = "retrieved web server absolute paths: "
719718
infoMsg += "'%s'" % ", ".join(ntToPosixSlashes(path) for path in kb.absFilePaths)
720719
logger.info(infoMsg)
721720

@@ -728,7 +727,8 @@ def getDirs():
728727
warnMsg = "unable to retrieve automatically any web server path"
729728
logger.warn(warnMsg)
730729

731-
webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/", conf.url)
730+
webDir = extractRegexResult(r"//[^/]+?(?P<result>/.*)/", conf.url)
731+
732732
if webDir:
733733
directories.add(webDir)
734734

0 commit comments

Comments
 (0)