55See the file 'doc/COPYING' for copying permission
66"""
77
8- import urlparse
98import os
9+ import posixpath
1010import re
1111import StringIO
12+ import urlparse
1213
1314from tempfile import mkstemp
1415
@@ -130,7 +131,7 @@ def _webFileStreamUpload(self, stream, destFileName, directory):
130131 return False
131132
132133 def _webFileInject (self , fileContent , fileName , directory ):
133- outFile = ntToPosixSlashes ( os . path . join (directory , fileName ) )
134+ outFile = posixpath . join (ntToPosixSlashes ( directory ) , fileName )
134135 uplQuery = getUnicode (fileContent ).replace ("WRITABLE_DIR" , directory .replace ('/' , '\\ \\ ' ) if Backend .isOs (OS .WINDOWS ) else directory )
135136 query = ""
136137
@@ -203,19 +204,16 @@ def webInit(self):
203204 backdoorName = "tmpb%s.%s" % (randomStr (lowercase = True ), self .webApi )
204205 backdoorContent = decloak (os .path .join (paths .SQLMAP_SHELL_PATH , "backdoor.%s_" % self .webApi ))
205206
206- stagerName = "tmpu%s.%s" % (randomStr (lowercase = True ), self .webApi )
207207 stagerContent = decloak (os .path .join (paths .SQLMAP_SHELL_PATH , "stager.%s_" % self .webApi ))
208208 success = False
209209
210210 for directory in directories :
211- self .webStagerFilePath = ntToPosixSlashes (os .path .join (directory , stagerName ))
212-
213- if success :
214- break
215-
216211 if not directory :
217212 continue
218213
214+ stagerName = "tmpu%s.%s" % (randomStr (lowercase = True ), self .webApi )
215+ self .webStagerFilePath = posixpath .join (ntToPosixSlashes (directory ), stagerName )
216+
219217 uploaded = False
220218 directory = ntToPosixSlashes (normalizePath (directory ))
221219
@@ -224,6 +222,9 @@ def webInit(self):
224222 else :
225223 directory = directory [2 :] if isWindowsDriveLetterPath (directory ) else directory
226224
225+ if not directory .endswith ('/' ):
226+ directory += '/'
227+
227228 # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method
228229 infoMsg = "trying to upload the file stager on '%s' " % directory
229230 infoMsg += "via LIMIT 'LINES TERMINATED BY' method"
@@ -254,6 +255,9 @@ def webInit(self):
254255 infoMsg += "via UNION method"
255256 logger .info (infoMsg )
256257
258+ stagerName = "tmpu%s.%s" % (randomStr (lowercase = True ), self .webApi )
259+ self .webStagerFilePath = posixpath .join (ntToPosixSlashes (directory ), stagerName )
260+
257261 handle , filename = mkstemp ()
258262 os .fdopen (handle ).close () # close low level handle (causing problems later)
259263
@@ -278,19 +282,8 @@ def webInit(self):
278282 uploaded = True
279283 break
280284
281- # Extra check - required
282285 if not uploaded :
283- self .webBaseUrl = "%s://%s:%d/" % (conf .scheme , conf .hostname , conf .port )
284- self .webStagerUrl = urlparse .urljoin (self .webBaseUrl , stagerName )
285-
286- debugMsg = "trying to see if the file is accessible from '%s'" % self .webStagerUrl
287- logger .debug (debugMsg )
288-
289- uplPage , _ , _ = Request .getPage (url = self .webStagerUrl , direct = True , raise404 = False )
290- uplPage = uplPage or ""
291-
292- if "sqlmap file uploader" not in uplPage :
293- continue
286+ continue
294287
295288 if "<%" in uplPage or "<?" in uplPage :
296289 warnMsg = "file stager uploaded on '%s', " % directory
@@ -343,10 +336,10 @@ def webInit(self):
343336 else :
344337 continue
345338
346- self .webBackdoorUrl = ntToPosixSlashes ( os . path . join (self .webBaseUrl , backdoorName ) )
339+ self .webBackdoorUrl = posixpath . join (ntToPosixSlashes ( self .webBaseUrl ) , backdoorName )
347340 self .webDirectory = directory
348341
349- self .webBackdoorFilePath = ntToPosixSlashes ( os . path . join (directory , backdoorName ) )
342+ self .webBackdoorFilePath = posixpath . join (ntToPosixSlashes ( directory ) , backdoorName )
350343
351344 testStr = "command execution test"
352345 output = self .webBackdoorRunCmd ("echo %s" % testStr )
0 commit comments