mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
refactoring "echo 1" quick test for xp_cmdshell console output
This commit is contained in:
parent
e827f41cdb
commit
34b0935cb3
|
@ -447,7 +447,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
|
|||
|
||||
kb.safeCharEncode = False
|
||||
|
||||
if not kb.testMode and value is None:
|
||||
if not kb.testMode and value is None and Backend.getDbms():
|
||||
warnMsg = "in case of continuous data retrieval problems you are advised to try "
|
||||
warnMsg += "a hidden switch '--no-cast' (fixing problems with some collation "
|
||||
warnMsg += "issues) and/or switch '--hex'"
|
||||
|
|
|
@ -10,19 +10,14 @@ See the file 'doc/COPYING' for copying permission
|
|||
from extra.safe2bin.safe2bin import safechardecode
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isNoneValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import popValue
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapGenericException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.shell import autoCompletion
|
||||
from lib.core.threads import getCurrentThreadData
|
||||
from lib.takeover.udf import UDF
|
||||
from lib.takeover.web import Web
|
||||
from lib.takeover.xp_cmdshell import xp_cmdshell
|
||||
|
@ -113,19 +108,6 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
threadData = getCurrentThreadData()
|
||||
pushValue(threadData.disableStdOut)
|
||||
threadData.disableStdOut = True
|
||||
|
||||
output = self.evalCmd("echo 1")
|
||||
if isNoneValue(output):
|
||||
errMsg = "it seems that the temporary directory ('%s') used for storing " % self.getRemoteTempPath()
|
||||
errMsg += "console output at the back-end OS does not have "
|
||||
errMsg += "writing permissions for the DBMS process. You are advised "
|
||||
errMsg += "to manually adjust it with option '--tmp-path'"
|
||||
raise sqlmapGenericException, errMsg
|
||||
|
||||
threadData.disableStdOut = popValue()
|
||||
else:
|
||||
errMsg = "feature not yet implemented for the back-end DBMS"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -10,6 +10,9 @@ See the file 'doc/COPYING' for copying permission
|
|||
from lib.core.common import Backend
|
||||
from lib.core.common import getSPLSnippet
|
||||
from lib.core.common import hashDBWrite
|
||||
from lib.core.common import isNoneValue
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import wasLastRequestDelayed
|
||||
|
@ -19,6 +22,7 @@ from lib.core.data import logger
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import HASHDB_KEYS
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.threads import getCurrentThreadData
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
|
||||
|
@ -95,6 +99,22 @@ class xp_cmdshell:
|
|||
|
||||
return wasLastRequestDelayed()
|
||||
|
||||
def __xpCmdshellTest(self):
|
||||
threadData = getCurrentThreadData()
|
||||
pushValue(threadData.disableStdOut)
|
||||
threadData.disableStdOut = True
|
||||
|
||||
output = self.evalCmd("echo 1")
|
||||
if isNoneValue(output):
|
||||
errMsg = "it seems that the temporary directory ('%s') used for storing " % self.getRemoteTempPath()
|
||||
errMsg += "console output at the back-end OS does not have "
|
||||
errMsg += "writing permissions for the DBMS process. You are advised "
|
||||
errMsg += "to manually adjust it with option '--tmp-path' or you won't "
|
||||
errMsg += "be able to retrieve the console output"
|
||||
logger.error(errMsg)
|
||||
|
||||
threadData.disableStdOut = popValue()
|
||||
|
||||
def xpCmdshellForgeCmd(self, cmd):
|
||||
self.__randStr = randomStr(lowercase=True)
|
||||
self.__cmd = unescaper.unescape("'%s'" % cmd)
|
||||
|
@ -199,3 +219,5 @@ class xp_cmdshell:
|
|||
# TEXT can't be used here because in error technique you get:
|
||||
# "The text, ntext, and image data types cannot be compared or sorted"
|
||||
self.createSupportTbl(self.cmdTblName, self.tblField, "NVARCHAR(4000)")
|
||||
|
||||
self.__xpCmdshellTest()
|
||||
|
|
Loading…
Reference in New Issue
Block a user