diff --git a/lib/core/common.py b/lib/core/common.py index 46ac1b16e..20da2d876 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2590,7 +2590,10 @@ def decodeIntToUnicode(value): try: # http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord if Backend.getIdentifiedDbms() in (DBMS.MYSQL,): - retVal = getUnicode(hexdecode(hex(value))) + _ = "%x" % value + if len(_) % 2 == 1: + _ = "0%s" % _ + retVal = getUnicode(hexdecode(_)) elif value > 255: retVal = unichr(value) else: diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 33a98e2e7..d13feb9cc 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -9,7 +9,9 @@ import re from lib.core.common import Backend from lib.core.common import dataToStdout +from lib.core.common import getPublicTypeMembers from lib.core.common import getSQLSnippet +from lib.core.common import getTechniqueData from lib.core.common import isTechniqueAvailable from lib.core.convert import utf8decode from lib.core.data import conf @@ -39,14 +41,23 @@ class Custom: sqlType = sqlTitle break - if 'OPENROWSET' not in query.upper() and (not sqlType or 'SELECT' in sqlType): + stacked = isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) + + if not stacked: + for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True): + _ = getTechniqueData(technique) + if _ and "stacked" in _["title"].lower(): + stacked = True + break + + if "OPENROWSET" not in query.upper() and (not sqlType or "SELECT" in sqlType): infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query) logger.info(infoMsg) output = inject.getValue(query, fromUser=True) return output - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: + elif not stacked and not conf.direct: warnMsg = "execution of custom SQL queries is only " warnMsg += "available when stacked queries are supported" logger.warn(warnMsg)