mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
doing a dummy test for --os-shell in case of xp_cmdshell
This commit is contained in:
parent
4ac2611a56
commit
c878dd3e5a
|
@ -562,7 +562,7 @@ def checkFalsePositives(injection):
|
|||
retVal = None
|
||||
|
||||
if retVal is None:
|
||||
warnMsg = "false positive and/or unexploitable injection point detected"
|
||||
warnMsg = "false positive or unexploitable injection point detected"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
|
|
@ -10,14 +10,19 @@ See the file 'doc/COPYING' for copying permission
|
|||
from extra.safe2bin.safe2bin import safechardecode
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isNoneValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import popValue
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapGenericException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.shell import autoCompletion
|
||||
from lib.core.threads import getCurrentThreadData
|
||||
from lib.takeover.udf import UDF
|
||||
from lib.takeover.web import Web
|
||||
from lib.takeover.xp_cmdshell import xp_cmdshell
|
||||
|
@ -108,6 +113,19 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
threadData = getCurrentThreadData()
|
||||
pushValue(threadData.disableStdOut)
|
||||
threadData.disableStdOut = True
|
||||
|
||||
output = self.evalCmd("echo 1")
|
||||
if isNoneValue(output):
|
||||
errMsg = "it seems that the temporary directory ('%s') used for storing " % self.getRemoteTempPath()
|
||||
errMsg += "console output at the back-end OS does not have "
|
||||
errMsg += "writing permissions for the DBMS process. You are advised "
|
||||
errMsg += "to manually adjust it with option '--tmp-path'"
|
||||
raise sqlmapGenericException, errMsg
|
||||
|
||||
threadData.disableStdOut = popValue()
|
||||
else:
|
||||
errMsg = "feature not yet implemented for the back-end DBMS"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
|
@ -60,6 +60,8 @@ class Miscellaneous:
|
|||
|
||||
hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath)
|
||||
|
||||
return conf.tmpPath
|
||||
|
||||
def getVersionFromBanner(self):
|
||||
if "dbmsVersion" in kb.bannerFp:
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue
Block a user