mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Delegate urlencoding to agent.py only
This commit is contained in:
parent
17e8abe841
commit
65a0a8d285
|
@ -12,7 +12,6 @@ import os
|
|||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import readInput
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -80,7 +79,6 @@ class UDF:
|
|||
udfName = "sys_exec"
|
||||
|
||||
cmd = unescaper.unescape(cmd)
|
||||
cmd = urlencode(cmd, convall=True)
|
||||
|
||||
inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
|
||||
|
||||
|
@ -90,7 +88,6 @@ class UDF:
|
|||
udfName = "sys_eval"
|
||||
|
||||
cmd = unescaper.unescape(cmd)
|
||||
cmd = urlencode(cmd, convall=True)
|
||||
|
||||
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
||||
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last)
|
||||
|
|
|
@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -98,7 +97,6 @@ class xp_cmdshell:
|
|||
|
||||
def xpCmdshellForgeCmd(self, cmd):
|
||||
forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
|
||||
forgedCmd = urlencode(forgedCmd, convall=True)
|
||||
|
||||
return forgedCmd
|
||||
|
||||
|
|
|
@ -14,7 +14,6 @@ import os
|
|||
from lib.core.common import getRange
|
||||
from lib.core.common import posixToNtSlashes
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -89,7 +88,6 @@ class Filesystem(GenericFilesystem):
|
|||
""" % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField)
|
||||
|
||||
binToHexQuery = binToHexQuery.replace(" ", "").replace("\n", " ")
|
||||
binToHexQuery = urlencode(binToHexQuery, convall=True)
|
||||
inject.goStacked(binToHexQuery)
|
||||
|
||||
if kb.unionPosition is not None:
|
||||
|
|
|
@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import binascii
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
@ -143,7 +142,6 @@ class Takeover(GenericTakeover):
|
|||
""" % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar)
|
||||
|
||||
self.spExploit = self.spExploit.replace(" ", "").replace("\n", " ")
|
||||
self.spExploit = urlencode(self.spExploit, convall=True)
|
||||
|
||||
logger.info("triggering the buffer overflow vulnerability, wait..")
|
||||
inject.goStacked(self.spExploit, silent=True)
|
||||
|
|
|
@ -24,7 +24,6 @@ from lib.core.common import randomStr
|
|||
from lib.core.common import readInput
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import strToHex
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.convert import utf8decode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -1731,8 +1730,6 @@ class Enumeration:
|
|||
|
||||
return output
|
||||
else:
|
||||
query = urlencode(query, convall=True)
|
||||
|
||||
if kb.stackedTest is None:
|
||||
stackedTest()
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user