mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	Falling back to web backdoor if UDF fails
This commit is contained in:
		
							parent
							
								
									1c3982c32d
								
							
						
					
					
						commit
						9a624605b6
					
				|  | @ -2012,6 +2012,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): | ||||||
|     kb.threadException = False |     kb.threadException = False | ||||||
|     kb.tableExistsChoice = None |     kb.tableExistsChoice = None | ||||||
|     kb.uChar = NULL |     kb.uChar = NULL | ||||||
|  |     kb.udfFail = False | ||||||
|     kb.unionDuplicates = False |     kb.unionDuplicates = False | ||||||
|     kb.wizardMode = False |     kb.wizardMode = False | ||||||
|     kb.xpCmdshellAvailable = False |     kb.xpCmdshellAvailable = False | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ from lib.core.enums import OS | ||||||
| from thirdparty.six import unichr as _unichr | from thirdparty.six import unichr as _unichr | ||||||
| 
 | 
 | ||||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||||
| VERSION = "1.3.10.21" | VERSION = "1.3.10.22" | ||||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||||
|  |  | ||||||
|  | @ -16,6 +16,7 @@ from lib.core.common import isStackingAvailable | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.convert import getUnicode | from lib.core.convert import getUnicode | ||||||
| from lib.core.data import conf | from lib.core.data import conf | ||||||
|  | from lib.core.data import kb | ||||||
| from lib.core.data import logger | from lib.core.data import logger | ||||||
| from lib.core.enums import AUTOCOMPLETE_TYPE | from lib.core.enums import AUTOCOMPLETE_TYPE | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
|  | @ -48,7 +49,7 @@ class Abstraction(Web, UDF, XP_cmdshell): | ||||||
|         if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): |         if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): | ||||||
|             self.copyExecCmd(cmd) |             self.copyExecCmd(cmd) | ||||||
| 
 | 
 | ||||||
|         elif self.webBackdoorUrl and not isStackingAvailable(): |         elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): | ||||||
|             self.webBackdoorRunCmd(cmd) |             self.webBackdoorRunCmd(cmd) | ||||||
| 
 | 
 | ||||||
|         elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): |         elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): | ||||||
|  | @ -67,7 +68,7 @@ class Abstraction(Web, UDF, XP_cmdshell): | ||||||
|         if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): |         if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): | ||||||
|             retVal = self.copyExecCmd(cmd) |             retVal = self.copyExecCmd(cmd) | ||||||
| 
 | 
 | ||||||
|         elif self.webBackdoorUrl and not isStackingAvailable(): |         elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): | ||||||
|             retVal = self.webBackdoorRunCmd(cmd) |             retVal = self.webBackdoorRunCmd(cmd) | ||||||
| 
 | 
 | ||||||
|         elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): |         elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): | ||||||
|  | @ -104,7 +105,7 @@ class Abstraction(Web, UDF, XP_cmdshell): | ||||||
|             self.execCmd(cmd) |             self.execCmd(cmd) | ||||||
| 
 | 
 | ||||||
|     def shell(self): |     def shell(self): | ||||||
|         if self.webBackdoorUrl and not isStackingAvailable(): |         if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): | ||||||
|             infoMsg = "calling OS shell. To quit type " |             infoMsg = "calling OS shell. To quit type " | ||||||
|             infoMsg += "'x' or 'q' and press ENTER" |             infoMsg += "'x' or 'q' and press ENTER" | ||||||
|             logger.info(infoMsg) |             logger.info(infoMsg) | ||||||
|  |  | ||||||
|  | @ -137,7 +137,7 @@ class Miscellaneous(object): | ||||||
|             self.delRemoteFile(self.webStagerFilePath) |             self.delRemoteFile(self.webStagerFilePath) | ||||||
|             self.delRemoteFile(self.webBackdoorFilePath) |             self.delRemoteFile(self.webBackdoorFilePath) | ||||||
| 
 | 
 | ||||||
|         if not isStackingAvailable() and not conf.direct: |         if (not isStackingAvailable() or kb.udfFail) and not conf.direct: | ||||||
|             return |             return | ||||||
| 
 | 
 | ||||||
|         if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest: |         if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest: | ||||||
|  |  | ||||||
|  | @ -15,6 +15,7 @@ from lib.core.common import openFile | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import runningAsAdmin | from lib.core.common import runningAsAdmin | ||||||
| from lib.core.data import conf | from lib.core.data import conf | ||||||
|  | from lib.core.data import kb | ||||||
| from lib.core.data import logger | from lib.core.data import logger | ||||||
| from lib.core.enums import DBMS | from lib.core.enums import DBMS | ||||||
| from lib.core.enums import OS | from lib.core.enums import OS | ||||||
|  | @ -79,7 +80,20 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): | ||||||
|             raise SqlmapNotVulnerableException(errMsg) |             raise SqlmapNotVulnerableException(errMsg) | ||||||
| 
 | 
 | ||||||
|         self.getRemoteTempPath() |         self.getRemoteTempPath() | ||||||
|         self.initEnv(web=web) | 
 | ||||||
|  |         try: | ||||||
|  |             self.initEnv(web=web) | ||||||
|  |         except SqlmapFilePathException: | ||||||
|  |             if not web: | ||||||
|  |                 infoMsg = "falling back to web backdoor method..." | ||||||
|  |                 logger.info(infoMsg) | ||||||
|  | 
 | ||||||
|  |                 web = True | ||||||
|  |                 kb.udfFail = True | ||||||
|  | 
 | ||||||
|  |                 self.initEnv(web=web) | ||||||
|  |             else: | ||||||
|  |                 raise | ||||||
| 
 | 
 | ||||||
|         if not web or (web and self.webBackdoorUrl is not None): |         if not web or (web and self.webBackdoorUrl is not None): | ||||||
|             self.shell() |             self.shell() | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user