mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Fixes #2684
This commit is contained in:
parent
30ea219228
commit
96b9950f96
|
@ -110,7 +110,7 @@ def hexdecode(value):
|
|||
value = value.lower()
|
||||
return (value[2:] if value.startswith("0x") else value).decode("hex")
|
||||
|
||||
def hexencode(value):
|
||||
def hexencode(value, encoding=None):
|
||||
"""
|
||||
Encodes string value from plain to hex format
|
||||
|
||||
|
@ -118,7 +118,7 @@ def hexencode(value):
|
|||
'666f6f626172'
|
||||
"""
|
||||
|
||||
return unicodeencode(value, conf.charset or UNICODE_ENCODING).encode("hex")
|
||||
return unicodeencode(value, encoding).encode("hex")
|
||||
|
||||
def unicodeencode(value, encoding=None):
|
||||
"""
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.1.9.5"
|
||||
VERSION = "1.1.9.6"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -144,7 +144,7 @@ class Web:
|
|||
randInt = randomInt()
|
||||
query += "OR %d=%d " % (randInt, randInt)
|
||||
|
||||
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery))
|
||||
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery, conf.charset))
|
||||
query = agent.prefixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
|
|
@ -163,7 +163,7 @@ class XP_cmdshell:
|
|||
# Obfuscate the command to execute, also useful to bypass filters
|
||||
# on single-quotes
|
||||
self._randStr = randomStr(lowercase=True)
|
||||
self._cmd = "0x%s" % hexencode(cmd)
|
||||
self._cmd = "0x%s" % hexencode(cmd, conf.charset)
|
||||
self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr
|
||||
self._forgedCmd += "SET @%s=%s;" % (self._randStr, self._cmd)
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ class Filesystem(GenericFilesystem):
|
|||
scrString = ""
|
||||
|
||||
for lineChar in fileContent[fileLine:fileLine + lineLen]:
|
||||
strLineChar = hexencode(lineChar)
|
||||
strLineChar = hexencode(lineChar, conf.charset)
|
||||
|
||||
if not scrString:
|
||||
scrString = "e %x %s" % (lineAddr, strLineChar)
|
||||
|
|
|
@ -235,7 +235,7 @@ class Users:
|
|||
|
||||
if retVal:
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
|
||||
password = "0x%s" % hexencode(password).upper()
|
||||
password = "0x%s" % hexencode(password, conf.charset).upper()
|
||||
|
||||
if user not in kb.data.cachedUsersPasswords:
|
||||
kb.data.cachedUsersPasswords[user] = [password]
|
||||
|
|
|
@ -28,7 +28,7 @@ a66093c734c7f94ecdf94d882c2d8b89 lib/controller/controller.py
|
|||
9f1adb993f66da030a4168571978e6fa lib/core/agent.py
|
||||
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
|
||||
55e0317b8bacce94bd6edb1a644e6b4d lib/core/common.py
|
||||
8fb2c878ffa7e965f1c8ad9beb08d162 lib/core/convert.py
|
||||
9edefb92b0b9cad862543fcd587aaa66 lib/core/convert.py
|
||||
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
|
||||
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
|
||||
36c85e9ef109c5b4af3ca9bb1065ef1f lib/core/decorators.py
|
||||
|
@ -46,7 +46,7 @@ c5f09788ee8ff9c9d12a052986875bc6 lib/core/option.py
|
|||
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
||||
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
||||
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
||||
a0b1a886a56435e4d65f515e0c1b41ab lib/core/settings.py
|
||||
bf779ecbf40936813aa9d4602dd855ba lib/core/settings.py
|
||||
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
||||
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
||||
1576b63db3261e2afd5459189abf967b lib/core/target.py
|
||||
|
@ -85,8 +85,8 @@ c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py
|
|||
c90c993b020a6ae0f0e497fd84f37466 lib/takeover/metasploit.py
|
||||
ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py
|
||||
ff1af7f85fdf4f2a5369f2927d149824 lib/takeover/udf.py
|
||||
261c03b06ad74eb0b594c8ade5039bdc lib/takeover/web.py
|
||||
604b087dc52dbcb4c3938ad1bf63829c lib/takeover/xp_cmdshell.py
|
||||
8ecd543e41709ff48e0ff7bed0f2a5a9 lib/takeover/web.py
|
||||
9aa222e644db8d129b65ff2f119fc7f5 lib/takeover/xp_cmdshell.py
|
||||
201e7e69f9161dfa3aa10d83f690a488 lib/techniques/blind/inference.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/dns/__init__.py
|
||||
|
@ -161,7 +161,7 @@ e6036f5b2e39aec37ba036a8cf0efd6f plugins/dbms/maxdb/syntax.py
|
|||
0be362015605e26551e5d79cc83ed466 plugins/dbms/maxdb/takeover.py
|
||||
9b3a681ff4087824fb43e23679057fa3 plugins/dbms/mssqlserver/connector.py
|
||||
b8de437eaa3e05c3db666968b7d142e4 plugins/dbms/mssqlserver/enumeration.py
|
||||
5de6074ee2f7dc5b04b70307d36dbe1d plugins/dbms/mssqlserver/filesystem.py
|
||||
2129d6c7af5b40a58fe71f8bb49eb80b plugins/dbms/mssqlserver/filesystem.py
|
||||
5207943c31e166a70d5fc7cec8b5ef18 plugins/dbms/mssqlserver/fingerprint.py
|
||||
40bd890988f9acd3942255d687445371 plugins/dbms/mssqlserver/__init__.py
|
||||
400ce654ff6bc57a40fb291322a18282 plugins/dbms/mssqlserver/syntax.py
|
||||
|
@ -213,7 +213,7 @@ f700954549ad8ebf77f5187262fb9af0 plugins/generic/connector.py
|
|||
070f58c52e2a04e7a9896b42b2d17dc2 plugins/generic/search.py
|
||||
562cfa80a15d5f7f1d52e10c5736d7e2 plugins/generic/syntax.py
|
||||
fca9946e960942cc9b22ef26e12b8b3a plugins/generic/takeover.py
|
||||
f97b84b8dcbe80b2d86bc26829aed23b plugins/generic/users.py
|
||||
841c785748c22ad0f5e7af2f5cf7fd6e plugins/generic/users.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 plugins/__init__.py
|
||||
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
|
||||
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
|
||||
|
|
Loading…
Reference in New Issue
Block a user