sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor fixes to checking/re-enabling of xp_cmdshell procedure

Browse Source
This commit is contained in:
Bernardo Damele 2011-02-07 12:17:19 +00:00
parent 1a5a66870e
commit 39decebe85
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -251,4 +251,4 @@ URI_INJECTION_MARK_CHAR = '*'
MYSQL_ERROR_TRIM_LENGTH = 100
# Do not unescape the injected statement if it contains any of the following SQL words
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ")
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ")

7
lib/takeover/xp_cmdshell.py
View File

@ -93,7 +93,12 @@ class xp_cmdshell:
inject.goStacked(cmd)
return wasLastRequestDelayed()
delayed = wasLastRequestDelayed()
if isinstance(delayed, bool):
return delayed
else:
return None
def xpCmdshellForgeCmd(self, cmd):
self.__randStr = randomStr(lowercase=True)