mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
This commit is contained in:
parent
6697927098
commit
add8352804
|
@ -16,6 +16,7 @@ from lib.core.data import logger
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.settings import SQL_STATEMENTS
|
||||
from lib.core.shell import autoCompletion
|
||||
from lib.request import inject
|
||||
from lib.takeover.udf import UDF
|
||||
|
@ -37,6 +38,21 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
Web.__init__(self)
|
||||
xp_cmdshell.__init__(self)
|
||||
|
||||
def runAsDBMSUser(self, query):
|
||||
if conf.dCred:
|
||||
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
|
||||
for sqlStatement in sqlStatements:
|
||||
if query.lower().startswith(sqlStatement):
|
||||
sqlType = sqlTitle
|
||||
break
|
||||
|
||||
if sqlType and "SELECT" not in sqlType:
|
||||
query = "SELECT 1;%s" % query
|
||||
|
||||
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
|
||||
|
||||
return query
|
||||
|
||||
def execCmd(self, cmd, silent=False):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
|
|
@ -21,7 +21,6 @@ from lib.core.data import logger
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import HASHDB_KEYS
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.settings import SQL_STATEMENTS
|
||||
from lib.core.threads import getCurrentThreadData
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
|
@ -148,21 +147,6 @@ class xp_cmdshell:
|
|||
if cmd:
|
||||
self.xpCmdshellExecCmd(cmd)
|
||||
|
||||
def xpCmdshellForgeRunAs(self, query):
|
||||
if conf.dCred:
|
||||
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
|
||||
for sqlStatement in sqlStatements:
|
||||
if query.lower().startswith(sqlStatement):
|
||||
sqlType = sqlTitle
|
||||
break
|
||||
|
||||
if sqlType and "SELECT" not in sqlType:
|
||||
query = "SELECT 1;%s" % query
|
||||
|
||||
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
|
||||
|
||||
return query
|
||||
|
||||
def xpCmdshellForgeCmd(self, cmd):
|
||||
self.__randStr = randomStr(lowercase=True)
|
||||
self.__cmd = "0x%s" % hexencode(cmd)
|
||||
|
@ -170,7 +154,7 @@ class xp_cmdshell:
|
|||
self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd)
|
||||
self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)
|
||||
|
||||
return self.xpCmdshellForgeRunAs(self.__forgedCmd)
|
||||
return self.runAsDBMSUser(self.__forgedCmd)
|
||||
|
||||
def xpCmdshellExecCmd(self, cmd, silent=False):
|
||||
cmd = self.xpCmdshellForgeCmd(cmd)
|
||||
|
|
Loading…
Reference in New Issue
Block a user