mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Falling back to web backdoor if UDF fails
This commit is contained in:
parent
1c3982c32d
commit
9a624605b6
|
@ -2012,6 +2012,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.threadException = False
|
kb.threadException = False
|
||||||
kb.tableExistsChoice = None
|
kb.tableExistsChoice = None
|
||||||
kb.uChar = NULL
|
kb.uChar = NULL
|
||||||
|
kb.udfFail = False
|
||||||
kb.unionDuplicates = False
|
kb.unionDuplicates = False
|
||||||
kb.wizardMode = False
|
kb.wizardMode = False
|
||||||
kb.xpCmdshellAvailable = False
|
kb.xpCmdshellAvailable = False
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.10.21"
|
VERSION = "1.3.10.22"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -16,6 +16,7 @@ from lib.core.common import isStackingAvailable
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.convert import getUnicode
|
from lib.core.convert import getUnicode
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.enums import AUTOCOMPLETE_TYPE
|
from lib.core.enums import AUTOCOMPLETE_TYPE
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
|
@ -48,7 +49,7 @@ class Abstraction(Web, UDF, XP_cmdshell):
|
||||||
if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
|
if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
|
||||||
self.copyExecCmd(cmd)
|
self.copyExecCmd(cmd)
|
||||||
|
|
||||||
elif self.webBackdoorUrl and not isStackingAvailable():
|
elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):
|
||||||
self.webBackdoorRunCmd(cmd)
|
self.webBackdoorRunCmd(cmd)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||||
|
@ -67,7 +68,7 @@ class Abstraction(Web, UDF, XP_cmdshell):
|
||||||
if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
|
if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
|
||||||
retVal = self.copyExecCmd(cmd)
|
retVal = self.copyExecCmd(cmd)
|
||||||
|
|
||||||
elif self.webBackdoorUrl and not isStackingAvailable():
|
elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):
|
||||||
retVal = self.webBackdoorRunCmd(cmd)
|
retVal = self.webBackdoorRunCmd(cmd)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||||
|
@ -104,7 +105,7 @@ class Abstraction(Web, UDF, XP_cmdshell):
|
||||||
self.execCmd(cmd)
|
self.execCmd(cmd)
|
||||||
|
|
||||||
def shell(self):
|
def shell(self):
|
||||||
if self.webBackdoorUrl and not isStackingAvailable():
|
if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):
|
||||||
infoMsg = "calling OS shell. To quit type "
|
infoMsg = "calling OS shell. To quit type "
|
||||||
infoMsg += "'x' or 'q' and press ENTER"
|
infoMsg += "'x' or 'q' and press ENTER"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -137,7 +137,7 @@ class Miscellaneous(object):
|
||||||
self.delRemoteFile(self.webStagerFilePath)
|
self.delRemoteFile(self.webStagerFilePath)
|
||||||
self.delRemoteFile(self.webBackdoorFilePath)
|
self.delRemoteFile(self.webBackdoorFilePath)
|
||||||
|
|
||||||
if not isStackingAvailable() and not conf.direct:
|
if (not isStackingAvailable() or kb.udfFail) and not conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest:
|
if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest:
|
||||||
|
|
|
@ -15,6 +15,7 @@ from lib.core.common import openFile
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.common import runningAsAdmin
|
from lib.core.common import runningAsAdmin
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
@ -79,7 +80,20 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry):
|
||||||
raise SqlmapNotVulnerableException(errMsg)
|
raise SqlmapNotVulnerableException(errMsg)
|
||||||
|
|
||||||
self.getRemoteTempPath()
|
self.getRemoteTempPath()
|
||||||
self.initEnv(web=web)
|
|
||||||
|
try:
|
||||||
|
self.initEnv(web=web)
|
||||||
|
except SqlmapFilePathException:
|
||||||
|
if not web:
|
||||||
|
infoMsg = "falling back to web backdoor method..."
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
web = True
|
||||||
|
kb.udfFail = True
|
||||||
|
|
||||||
|
self.initEnv(web=web)
|
||||||
|
else:
|
||||||
|
raise
|
||||||
|
|
||||||
if not web or (web and self.webBackdoorUrl is not None):
|
if not web or (web and self.webBackdoorUrl is not None):
|
||||||
self.shell()
|
self.shell()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user