From 39decebe85d2516054a538f3dbb665f22c36bac4 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Mon, 7 Feb 2011 12:17:19 +0000
Subject: [PATCH] Minor fixes to checking/re-enabling of xp_cmdshell procedure

---
 lib/core/settings.py        | 2 +-
 lib/takeover/xp_cmdshell.py | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 87d58759d..d69b4f988 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -251,4 +251,4 @@ URI_INJECTION_MARK_CHAR = '*'
 MYSQL_ERROR_TRIM_LENGTH = 100
 
 # Do not unescape the injected statement if it contains any of the following SQL words
-EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ")
+EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ")
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 3b12cf4db..b0de43ff4 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -93,7 +93,12 @@ class xp_cmdshell:
 
         inject.goStacked(cmd)
 
-        return wasLastRequestDelayed()
+        delayed = wasLastRequestDelayed()
+
+        if isinstance(delayed, bool):
+            return delayed
+        else:
+            return None
 
     def xpCmdshellForgeCmd(self, cmd):
         self.__randStr = randomStr(lowercase=True)