diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 4a65ff9dc..444e8405c 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -150,10 +150,11 @@ class Fingerprint(GenericFingerprint): # Get back-end DBMS underlying operating system version for version, data in versions.items(): - query = "(SELECT LEN(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField) - query += "LIKE '%Windows NT " + data[0] + "%')>0" + query = "SELECT LEN(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField) + query += "LIKE '%Windows NT " + data[0] + "%'" + result = inject.goStacked(query) - if inject.checkBooleanExpression(query): + if result is not None and result.isdigit(): Backend.setOsVersion(version) infoMsg += " %s" % Backend.getOsVersion() break @@ -175,10 +176,11 @@ class Fingerprint(GenericFingerprint): sps = versions[Backend.getOsVersion()][1] for sp in sps: - query = "(SELECT LEN(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField) - query += "LIKE '%Service Pack " + getUnicode(sp) + "%')>0" + query = "SELECT LEN(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField) + query += "LIKE '%Service Pack " + getUnicode(sp) + "%'" + result = inject.goStacked(query) - if inject.checkBooleanExpression(query): + if result is not None and result.isdigit(): Backend.setOsServicePack(sp) break diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 94842fd73..5b1c87424 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -39,6 +39,8 @@ class Miscellaneous: def getRemoteTempPath(self): if not conf.tmpPath: if Backend.isOs(OS.WINDOWS): + self.checkDbmsOs(detailed=True) + if Backend.getOsVersion() == "2000": conf.tmpPath = "C:/WINNT/Temp" else: