From 65a0a8d2859a5919e1b3b45952af9b1f2483c0e5 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sun, 31 Oct 2010 13:28:05 +0000 Subject: [PATCH] Delegate urlencoding to agent.py only --- lib/takeover/udf.py | 3 --- lib/takeover/xp_cmdshell.py | 2 -- plugins/dbms/mssqlserver/filesystem.py | 2 -- plugins/dbms/mssqlserver/takeover.py | 2 -- plugins/generic/enumeration.py | 3 --- 5 files changed, 12 deletions(-) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index b0fe7be9a..34b28b016 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -12,7 +12,6 @@ import os from lib.core.agent import agent from lib.core.common import dataToStdout from lib.core.common import readInput -from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -80,7 +79,6 @@ class UDF: udfName = "sys_exec" cmd = unescaper.unescape(cmd) - cmd = urlencode(cmd, convall=True) inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent) @@ -90,7 +88,6 @@ class UDF: udfName = "sys_eval" cmd = unescaper.unescape(cmd) - cmd = urlencode(cmd, convall=True) inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last) diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index 390617974..0df5e23e5 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission from lib.core.common import randomStr from lib.core.common import readInput -from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -98,7 +97,6 @@ class xp_cmdshell: def xpCmdshellForgeCmd(self, cmd): forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd) - forgedCmd = urlencode(forgedCmd, convall=True) return forgedCmd diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index b5aae1cc6..24b6c1f7c 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -14,7 +14,6 @@ import os from lib.core.common import getRange from lib.core.common import posixToNtSlashes from lib.core.common import randomStr -from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -89,7 +88,6 @@ class Filesystem(GenericFilesystem): """ % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField) binToHexQuery = binToHexQuery.replace(" ", "").replace("\n", " ") - binToHexQuery = urlencode(binToHexQuery, convall=True) inject.goStacked(binToHexQuery) if kb.unionPosition is not None: diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index 49d387c8b..681c1e184 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission import binascii -from lib.core.convert import urlencode from lib.core.data import kb from lib.core.data import logger from lib.core.exception import sqlmapUnsupportedFeatureException @@ -143,7 +142,6 @@ class Takeover(GenericTakeover): """ % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar) self.spExploit = self.spExploit.replace(" ", "").replace("\n", " ") - self.spExploit = urlencode(self.spExploit, convall=True) logger.info("triggering the buffer overflow vulnerability, wait..") inject.goStacked(self.spExploit, silent=True) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 62963f646..7600f2202 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -24,7 +24,6 @@ from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeStringFormat from lib.core.common import strToHex -from lib.core.convert import urlencode from lib.core.convert import utf8decode from lib.core.data import conf from lib.core.data import kb @@ -1731,8 +1730,6 @@ class Enumeration: return output else: - query = urlencode(query, convall=True) - if kb.stackedTest is None: stackedTest()