mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
Minor fixes to checking/re-enabling of xp_cmdshell procedure
This commit is contained in:
parent
1a5a66870e
commit
39decebe85
|
@ -251,4 +251,4 @@ URI_INJECTION_MARK_CHAR = '*'
|
||||||
MYSQL_ERROR_TRIM_LENGTH = 100
|
MYSQL_ERROR_TRIM_LENGTH = 100
|
||||||
|
|
||||||
# Do not unescape the injected statement if it contains any of the following SQL words
|
# Do not unescape the injected statement if it contains any of the following SQL words
|
||||||
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ")
|
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ")
|
||||||
|
|
|
@ -93,7 +93,12 @@ class xp_cmdshell:
|
||||||
|
|
||||||
inject.goStacked(cmd)
|
inject.goStacked(cmd)
|
||||||
|
|
||||||
return wasLastRequestDelayed()
|
delayed = wasLastRequestDelayed()
|
||||||
|
|
||||||
|
if isinstance(delayed, bool):
|
||||||
|
return delayed
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
def xpCmdshellForgeCmd(self, cmd):
|
def xpCmdshellForgeCmd(self, cmd):
|
||||||
self.__randStr = randomStr(lowercase=True)
|
self.__randStr = randomStr(lowercase=True)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user