Fixes #5581

2025-06-22 22:13:08 +03:00 · 2023-12-13 14:12:17 +01:00 · 2023-12-13 14:12:17 +01:00 · 53b8a9583e
commit 53b8a9583e
parent 6dd383fd72
3 changed files with 74 additions and 54 deletions
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@ -135,6 +135,23 @@ def dejsonize(data):
    return json.loads(data)
 def rot13(data):
    """
    Returns ROT13 encoded/decoded text
    >>> rot13('foobar was here!!')
    'sbbone jnf urer!!'
    >>> rot13('sbbone jnf urer!!')
    'foobar was here!!'
    """
    # Reference: https://stackoverflow.com/a/62662878
    retVal = ""
    alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
    for char in data:
        retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
    return retVal
 def decodeHex(value, binary=True):
    """
    Returns a decoded representation of provided hexadecimal value
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.12.5"
+VERSION = "1.7.12.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@ -18,6 +18,7 @@ from lib.core.common import readInput
 from lib.core.compat import xrange
 from lib.core.convert import encodeBase64
 from lib.core.convert import encodeHex
 from lib.core.convert import rot13
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -278,60 +279,62 @@ class Filesystem(GenericFilesystem):
        randFile = "tmpf%s.txt" % randomStr(lowercase=True)
        randFilePath = "%s\\%s" % (tmpPath, randFile)
-        vbs = """Dim inputFilePath, outputFilePath
+        vbs = """Qvz vachgSvyrCngu, bhgchgSvyrCngu
-        inputFilePath = "%s"
+        vachgSvyrCngu = "%f"
-        outputFilePath = "%s"
+        bhgchgSvyrCngu = "%f"
-        Set fs = CreateObject("Scripting.FileSystemObject")
+        Frg sf = PerngrBowrpg("Fpevcgvat.SvyrFlfgrzBowrpg")
-        Set file = fs.GetFile(inputFilePath)
+        Frg svyr = sf.TrgSvyr(vachgSvyrCngu)
-        If file.Size Then
+        Vs svyr.Fvmr Gura
-            Wscript.Echo "Loading from: " & inputFilePath
+            Jfpevcg.Rpub "Ybnqvat sebz: " & vachgSvyrCngu
-            Wscript.Echo
+            Jfpevcg.Rpub
-            Set fd = fs.OpenTextFile(inputFilePath, 1)
+            Frg sq = sf.BcraGrkgSvyr(vachgSvyrCngu, 1)
-            data = fd.ReadAll
+            qngn = sq.ErnqNyy
-            fd.Close
+            sq.Pybfr
-            data = Replace(data, " ", "")
+            qngn = Ercynpr(qngn, " ", "")
-            data = Replace(data, vbCr, "")
+            qngn = Ercynpr(qngn, ioPe, "")
-            data = Replace(data, vbLf, "")
+            qngn = Ercynpr(qngn, ioYs, "")
-            Wscript.Echo "Fixed Input: "
+            Jfpevcg.Rpub "Svkrq Vachg: "
-            Wscript.Echo data
+            Jfpevcg.Rpub qngn
-            Wscript.Echo
+            Jfpevcg.Rpub
-            decodedData = base64_decode(data)
+            qrpbqrqQngn = onfr64_qrpbqr(qngn)
-            Wscript.Echo "Output: "
+            Jfpevcg.Rpub "Bhgchg: "
-            Wscript.Echo decodedData
+            Jfpevcg.Rpub qrpbqrqQngn
-            Wscript.Echo
+            Jfpevcg.Rpub
-            Wscript.Echo "Writing output in: " & outputFilePath
+            Jfpevcg.Rpub "Jevgvat bhgchg va: " & bhgchgSvyrCngu
-            Wscript.Echo
+            Jfpevcg.Rpub
-            Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile(outputFilePath, 2, True)
+            Frg bsf = PerngrBowrpg("Fpevcgvat.SvyrFlfgrzBowrpg").BcraGrkgSvyr(bhgchgSvyrCngu, 2, Gehr)
-            ofs.Write decodedData
+            bsf.Jevgr qrpbqrqQngn
-            ofs.close
+            bsf.pybfr
-        Else
+        Ryfr
-            Wscript.Echo "The file is empty."
+            Jfpevcg.Rpub "Gur svyr vf rzcgl."
-        End If
+        Raq Vs
-        Function base64_decode(byVal strIn)
+        Shapgvba onfr64_qrpbqr(olIny fgeVa)
-            Dim w1, w2, w3, w4, n, strOut
+            Qvz j1, j2, j3, j4, a, fgeBhg
-            For n = 1 To Len(strIn) Step 4
+            Sbe a = 1 Gb Yra(fgeVa) Fgrc 4
-                w1 = mimedecode(Mid(strIn, n, 1))
+                j1 = zvzrqrpbqr(Zvq(fgeVa, a, 1))
-                w2 = mimedecode(Mid(strIn, n + 1, 1))
+                j2 = zvzrqrpbqr(Zvq(fgeVa, a + 1, 1))
-                w3 = mimedecode(Mid(strIn, n + 2, 1))
+                j3 = zvzrqrpbqr(Zvq(fgeVa, a + 2, 1))
-                w4 = mimedecode(Mid(strIn, n + 3, 1))
+                j4 = zvzrqrpbqr(Zvq(fgeVa, a + 3, 1))
-                If Not w2 Then _
+                Vs Abg j2 Gura _
-                strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255))
+                fgeBhg = fgeBhg + Pue(((j1 * 4 + Vag(j2 / 16)) Naq 255))
-                If  Not w3 Then _
+                Vs  Abg j3 Gura _
-                strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255))
+                fgeBhg = fgeBhg + Pue(((j2 * 16 + Vag(j3 / 4)) Naq 255))
-                If Not w4 Then _
+                Vs Abg j4 Gura _
-                strOut = strOut + Chr(((w3 * 64 + w4) And 255))
+                fgeBhg = fgeBhg + Pue(((j3 * 64 + j4) Naq 255))
-            Next
+            Arkg
-            base64_decode = strOut
+            onfr64_qrpbqr = fgeBhg
-            End Function
+            Raq Shapgvba
-        Function mimedecode(byVal strIn)
+        Shapgvba zvzrqrpbqr(olIny fgeVa)
-            Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+            Onfr64Punef = "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/"
-            If Len(strIn) = 0 Then
+            Vs Yra(fgeVa) = 0 Gura
-                mimedecode = -1 : Exit Function
+                zvzrqrpbqr = -1 : Rkvg Shapgvba
-            Else
+            Ryfr
-                mimedecode = InStr(Base64Chars, strIn) - 1
+                zvzrqrpbqr = VaFge(Onfr64Punef, fgeVa) - 1
-            End If
+            Raq Vs
-        End Function""" % (randFilePath, remoteFile)
+        Raq Shapgvba"""
        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5581
        vbs = rot13(vbs)
        vbs = vbs.replace("    ", "")
        encodedFileContent = encodeBase64(localFileContent, binary=False)