sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Delegate urlencoding to agent.py only

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-31 13:28:05 +00:00
parent 17e8abe841
commit 65a0a8d285
5 changed files with 0 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/takeover/udf.py
View File

@ -12,7 +12,6 @@ import os
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.convert import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -80,7 +79,6 @@ class UDF:
udfName = "sys_exec" udfName = "sys_exec"
cmd = unescaper.unescape(cmd) cmd = unescaper.unescape(cmd)
cmd = urlencode(cmd, convall=True)
inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent) inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
@ -90,7 +88,6 @@ class UDF:
udfName = "sys_eval" udfName = "sys_eval"
cmd = unescaper.unescape(cmd) cmd = unescaper.unescape(cmd)
cmd = urlencode(cmd, convall=True)
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last) output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last)

2
lib/takeover/xp_cmdshell.py
View File

@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.convert import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -98,7 +97,6 @@ class xp_cmdshell:
def xpCmdshellForgeCmd(self, cmd): def xpCmdshellForgeCmd(self, cmd):
forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd) forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
forgedCmd = urlencode(forgedCmd, convall=True)
return forgedCmd return forgedCmd

2
plugins/dbms/mssqlserver/filesystem.py
View File

@ -14,7 +14,6 @@ import os
from lib.core.common import getRange from lib.core.common import getRange
from lib.core.common import posixToNtSlashes from lib.core.common import posixToNtSlashes
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.convert import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -89,7 +88,6 @@ class Filesystem(GenericFilesystem):
""" % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField) """ % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField)
binToHexQuery = binToHexQuery.replace(" ", "").replace("\n", " ") binToHexQuery = binToHexQuery.replace(" ", "").replace("\n", " ")
binToHexQuery = urlencode(binToHexQuery, convall=True)
inject.goStacked(binToHexQuery) inject.goStacked(binToHexQuery)
if kb.unionPosition is not None: if kb.unionPosition is not None:

2
plugins/dbms/mssqlserver/takeover.py
View File

@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
import binascii import binascii
from lib.core.convert import urlencode
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
@ -143,7 +142,6 @@ class Takeover(GenericTakeover):
""" % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar) """ % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar)
self.spExploit = self.spExploit.replace(" ", "").replace("\n", " ") self.spExploit = self.spExploit.replace(" ", "").replace("\n", " ")
self.spExploit = urlencode(self.spExploit, convall=True)
logger.info("triggering the buffer overflow vulnerability, wait..") logger.info("triggering the buffer overflow vulnerability, wait..")
inject.goStacked(self.spExploit, silent=True) inject.goStacked(self.spExploit, silent=True)

3
plugins/generic/enumeration.py
View File

@ -24,7 +24,6 @@ from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
from lib.core.common import strToHex from lib.core.common import strToHex
from lib.core.convert import urlencode
from lib.core.convert import utf8decode from lib.core.convert import utf8decode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -1731,8 +1730,6 @@ class Enumeration:
return output return output
else: else:
query = urlencode(query, convall=True)
if kb.stackedTest is None: if kb.stackedTest is None:
stackedTest() stackedTest()