MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / webInit

Method webInit

lib/takeover/web.py:167–433  ·  view source on GitHub ↗

This method is used to write a web backdoor (agent) on a writable remote directory within the web server document root.

(self)

Source from the content-addressed store, hash-verified

165 return page
166
167 def webInit(self):
168 """
169 This method is used to write a web backdoor (agent) on a writable
170 remote directory within the web server document root.
171 """
172
173 if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None:
174 return
175
176 self.checkDbmsOs()
177
178 default = None
179 choices = list(getPublicTypeMembers(WEB_PLATFORM, True))
180
181 for ext in choices:
182 if conf.url.endswith(ext):
183 default = ext
184 break
185
186 if not default:
187 default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP
188
189 message = "which web application language does the web server "
190 message += "support?\n"
191
192 for count in xrange(len(choices)):
193 ext = choices[count]
194 message += "[%d] %s%s\n" % (count + 1, ext.upper(), (" (default)" if default == ext else ""))
195
196 if default == ext:
197 default = count + 1
198
199 message = message[:-1]
200
201 while True:
202 choice = readInput(message, default=str(default))
203
204 if not isDigit(choice):
205 logger.warning("invalid value, only digits are allowed")
206
207 elif int(choice) < 1 or int(choice) > len(choices):
208 logger.warning("invalid value, it must be between 1 and %d" % len(choices))
209
210 else:
211 self.webPlatform = choices[int(choice) - 1]
212 break
213
214 if not kb.absFilePaths:
215 message = "do you want sqlmap to further try to "
216 message += "provoke the full path disclosure? [Y/n] "
217
218 if readInput(message, default='Y', boolean=True):
219 headers = {}
220 been = set([conf.url])
221
222 for match in re.finditer(r"=['\"]((https?):)?(//[^/&#x27;\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I):
223 url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php")
224 if url not in been:

Callers 1

initEnvMethod · 0.80

Calls 15

_webFileInjectMethod · 0.95
webUploadMethod · 0.95
webBackdoorRunCmdMethod · 0.95
getPublicTypeMembersFunction · 0.90
readInputFunction · 0.90
isDigitFunction · 0.90
parseFilePathsFunction · 0.90
arrayizeValueFunction · 0.90
getManualDirectoriesFunction · 0.90
getAutoDirectoriesFunction · 0.90
OrderedSetClass · 0.90
randomStrFunction · 0.90

Tested by

no test coverage detected