sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #5581

Browse Source
This commit is contained in:
Miroslav Stampar 2023-12-13 14:12:17 +01:00
parent 6dd383fd72
commit 53b8a9583e
3 changed files with 74 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/core/convert.py
View File

@ -135,6 +135,23 @@ def dejsonize(data):
return json.loads(data)
def rot13(data):
"""
Returns ROT13 encoded/decoded text
>>> rot13('foobar was here!!')
'sbbone jnf urer!!'
>>> rot13('sbbone jnf urer!!')
'foobar was here!!'
"""
# Reference: https://stackoverflow.com/a/62662878
retVal = ""
alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
for char in data:
retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
return retVal
def decodeHex(value, binary=True):
"""
Returns a decoded representation of provided hexadecimal value

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.7.12.5"
VERSION = "1.7.12.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

109
plugins/dbms/mssqlserver/filesystem.py
View File

@ -18,6 +18,7 @@ from lib.core.common import readInput
from lib.core.compat import xrange
from lib.core.convert import encodeBase64
from lib.core.convert import encodeHex
from lib.core.convert import rot13
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -278,60 +279,62 @@ class Filesystem(GenericFilesystem):
randFile = "tmpf%s.txt" % randomStr(lowercase=True)
randFilePath = "%s\\%s" % (tmpPath, randFile)
vbs = """Dim inputFilePath, outputFilePath
inputFilePath = "%s"
outputFilePath = "%s"
Set fs = CreateObject("Scripting.FileSystemObject")
Set file = fs.GetFile(inputFilePath)
If file.Size Then
Wscript.Echo "Loading from: " & inputFilePath
Wscript.Echo
Set fd = fs.OpenTextFile(inputFilePath, 1)
data = fd.ReadAll
fd.Close
data = Replace(data, " ", "")
data = Replace(data, vbCr, "")
data = Replace(data, vbLf, "")
Wscript.Echo "Fixed Input: "
Wscript.Echo data
Wscript.Echo
decodedData = base64_decode(data)
Wscript.Echo "Output: "
Wscript.Echo decodedData
Wscript.Echo
Wscript.Echo "Writing output in: " & outputFilePath
Wscript.Echo
Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile(outputFilePath, 2, True)
ofs.Write decodedData
ofs.close
Else
Wscript.Echo "The file is empty."
End If
Function base64_decode(byVal strIn)
Dim w1, w2, w3, w4, n, strOut
For n = 1 To Len(strIn) Step 4
w1 = mimedecode(Mid(strIn, n, 1))
w2 = mimedecode(Mid(strIn, n + 1, 1))
w3 = mimedecode(Mid(strIn, n + 2, 1))
w4 = mimedecode(Mid(strIn, n + 3, 1))
If Not w2 Then _
strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255))
If Not w3 Then _
strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255))
If Not w4 Then _
strOut = strOut + Chr(((w3 * 64 + w4) And 255))
Next
base64_decode = strOut
End Function
Function mimedecode(byVal strIn)
Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
If Len(strIn) = 0 Then
mimedecode = -1 : Exit Function
Else
mimedecode = InStr(Base64Chars, strIn) - 1
End If
End Function""" % (randFilePath, remoteFile)
vbs = """Qvz vachgSvyrCngu, bhgchgSvyrCngu
vachgSvyrCngu = "%f"
bhgchgSvyrCngu = "%f"
Frg sf = PerngrBowrpg("Fpevcgvat.SvyrFlfgrzBowrpg")
Frg svyr = sf.TrgSvyr(vachgSvyrCngu)
Vs svyr.Fvmr Gura
Jfpevcg.Rpub "Ybnqvat sebz: " & vachgSvyrCngu
Jfpevcg.Rpub
Frg sq = sf.BcraGrkgSvyr(vachgSvyrCngu, 1)
qngn = sq.ErnqNyy
sq.Pybfr
qngn = Ercynpr(qngn, " ", "")
qngn = Ercynpr(qngn, ioPe, "")
qngn = Ercynpr(qngn, ioYs, "")
Jfpevcg.Rpub "Svkrq Vachg: "
Jfpevcg.Rpub qngn
Jfpevcg.Rpub
qrpbqrqQngn = onfr64_qrpbqr(qngn)
Jfpevcg.Rpub "Bhgchg: "
Jfpevcg.Rpub qrpbqrqQngn
Jfpevcg.Rpub
Jfpevcg.Rpub "Jevgvat bhgchg va: " & bhgchgSvyrCngu
Jfpevcg.Rpub
Frg bsf = PerngrBowrpg("Fpevcgvat.SvyrFlfgrzBowrpg").BcraGrkgSvyr(bhgchgSvyrCngu, 2, Gehr)
bsf.Jevgr qrpbqrqQngn
bsf.pybfr
Ryfr
Jfpevcg.Rpub "Gur svyr vf rzcgl."
Raq Vs
Shapgvba onfr64_qrpbqr(olIny fgeVa)
Qvz j1, j2, j3, j4, a, fgeBhg
Sbe a = 1 Gb Yra(fgeVa) Fgrc 4
j1 = zvzrqrpbqr(Zvq(fgeVa, a, 1))
j2 = zvzrqrpbqr(Zvq(fgeVa, a + 1, 1))
j3 = zvzrqrpbqr(Zvq(fgeVa, a + 2, 1))
j4 = zvzrqrpbqr(Zvq(fgeVa, a + 3, 1))
Vs Abg j2 Gura _
fgeBhg = fgeBhg + Pue(((j1 * 4 + Vag(j2 / 16)) Naq 255))
Vs Abg j3 Gura _
fgeBhg = fgeBhg + Pue(((j2 * 16 + Vag(j3 / 4)) Naq 255))
Vs Abg j4 Gura _
fgeBhg = fgeBhg + Pue(((j3 * 64 + j4) Naq 255))
Arkg
onfr64_qrpbqr = fgeBhg
Raq Shapgvba
Shapgvba zvzrqrpbqr(olIny fgeVa)
Onfr64Punef = "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/"
Vs Yra(fgeVa) = 0 Gura
zvzrqrpbqr = -1 : Rkvg Shapgvba
Ryfr
zvzrqrpbqr = VaFge(Onfr64Punef, fgeVa) - 1
Raq Vs
Raq Shapgvba"""
# NOTE: https://github.com/sqlmapproject/sqlmap/issues/5581
vbs = rot13(vbs)
vbs = vbs.replace(" ", "")
encodedFileContent = encodeBase64(localFileContent, binary=False)