sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

doing a dummy test for --os-shell in case of xp_cmdshell

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-09 14:21:41 +00:00
parent 4ac2611a56
commit c878dd3e5a
3 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -562,7 +562,7 @@ def checkFalsePositives(injection):
retVal = None retVal = None
if retVal is None: if retVal is None:
warnMsg = "false positive and/or unexploitable injection point detected" warnMsg = "false positive or unexploitable injection point detected"
logger.warn(warnMsg) logger.warn(warnMsg)
kb.injection = popValue() kb.injection = popValue()

18
lib/takeover/abstraction.py
View File

@ -10,14 +10,19 @@ See the file 'doc/COPYING' for copying permission
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import isNoneValue
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import pushValue
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import popValue
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapGenericException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.shell import autoCompletion from lib.core.shell import autoCompletion
from lib.core.threads import getCurrentThreadData
from lib.takeover.udf import UDF from lib.takeover.udf import UDF
from lib.takeover.web import Web from lib.takeover.web import Web
from lib.takeover.xp_cmdshell import xp_cmdshell from lib.takeover.xp_cmdshell import xp_cmdshell
@ -108,6 +113,19 @@ class Abstraction(Web, UDF, xp_cmdshell):
infoMsg += "operating system command execution" infoMsg += "operating system command execution"
logger.info(infoMsg) logger.info(infoMsg)
threadData = getCurrentThreadData()
pushValue(threadData.disableStdOut)
threadData.disableStdOut = True
output = self.evalCmd("echo 1")
if isNoneValue(output):
errMsg = "it seems that the temporary directory ('%s') used for storing " % self.getRemoteTempPath()
errMsg += "console output at the back-end OS does not have "
errMsg += "writing permissions for the DBMS process. You are advised "
errMsg += "to manually adjust it with option '--tmp-path'"
raise sqlmapGenericException, errMsg
threadData.disableStdOut = popValue()
else: else:
errMsg = "feature not yet implemented for the back-end DBMS" errMsg = "feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg raise sqlmapUnsupportedFeatureException, errMsg

2
plugins/generic/misc.py
View File

@ -60,6 +60,8 @@ class Miscellaneous:
hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath) hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath)
return conf.tmpPath
def getVersionFromBanner(self): def getVersionFromBanner(self):
if "dbmsVersion" in kb.bannerFp: if "dbmsVersion" in kb.bannerFp:
return return