diff --git a/lib/core/settings.py b/lib/core/settings.py index 93668991d..b336ec671 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.6.57" +VERSION = "1.3.6.58" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/brute.py b/lib/utils/brute.py index 14023c9a8..b44ab6b94 100644 --- a/lib/utils/brute.py +++ b/lib/utils/brute.py @@ -18,6 +18,7 @@ from lib.core.common import getFileItems from lib.core.common import getPageWordSet from lib.core.common import hashDBWrite from lib.core.common import isNoneValue +from lib.core.common import ntToPosixSlashes from lib.core.common import popValue from lib.core.common import pushValue from lib.core.common import randomInt @@ -298,6 +299,19 @@ def columnExists(columnFile, regex=None): @stackedmethod def fileExists(pathFile): retVal = [] + + message = "which common files file do you want to use?\n" + message += "[1] default '%s' (press Enter)\n" % pathFile + message += "[2] custom" + choice = readInput(message, default='1') + + if choice == '2': + message = "what's the custom common files file location?\n" + pathFile = readInput(message) or pathFile + + infoMsg = "checking files existence using items from '%s'" % pathFile + logger.info(infoMsg) + paths = getFileItems(pathFile, unique=True) kb.bruteMode = True @@ -321,7 +335,7 @@ def fileExists(pathFile): while kb.threadContinue: kb.locks.count.acquire() if threadData.shared.count < threadData.shared.limit: - path = paths[threadData.shared.count] + path = ntToPosixSlashes(paths[threadData.shared.count]) threadData.shared.count += 1 kb.locks.count.release() else: diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 72133f27c..640b1ddf7 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -89,7 +89,7 @@ class Filesystem(GenericFilesystem): result = [] txtTbl = self.fileTblName - hexTbl = "%shex" % self.fileTblName + hexTbl = "%s%shex" % (self.fileTblName, randomStr()) self.createSupportTbl(txtTbl, self.tblField, "text") inject.goStacked("DROP TABLE %s" % hexTbl)