From e10ab5aa0e8b42a1199dca85cdc96ebb3a4b2f29 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 10 Jan 2009 14:39:27 +0000 Subject: [PATCH] Major bug fixes --- lib/controller/checks.py | 2 ++ lib/core/settings.py | 4 ++++ plugins/dbms/mssqlserver.py | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 2202dab0d..588f63f2e 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -389,6 +389,8 @@ def checkConnection(): conf.seqMatcher.set_seq1(page) except sqlmapConnectionException, exceptionMsg: + exceptionMsg = str(exceptionMsg) + if conf.multipleTargets: exceptionMsg += ", skipping to next url" logger.warn(exceptionMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index df6d10661..853a0ee2c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -100,6 +100,10 @@ SQL_STATEMENTS = { "SQL data control": ( "grant ", ), + "SQL data execution": ( + "exec ", + "execute ", ), + "SQL transaction": ( "start transaction ", "begin work ", diff --git a/plugins/dbms/mssqlserver.py b/plugins/dbms/mssqlserver.py index 92627f645..3d783d254 100644 --- a/plugins/dbms/mssqlserver.py +++ b/plugins/dbms/mssqlserver.py @@ -184,7 +184,7 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover): logger.info(logMsg) for version in ( 0, 5, 8 ): - payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)='%d'" % version) + payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)=%d" % version) result = Request.queryPage(payload) if result == True: