PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)

Browse Source
This commit is contained in:
Bernardo Damele
2012-07-02 15:02:00 +01:00
parent b7d2680e55
commit 04d803c7fd
8 changed files with 52 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/core/agent.py
View File

@@ -11,6 +11,7 @@ from xml.etree import ElementTree as ET
from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getSPQLSnippet
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomInt
@@ -27,6 +28,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import FROM_DUMMY_TABLE
from lib.core.settings import GENERIC_SQL_COMMENT
from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import SQL_STATEMENTS
from lib.core.unescaper import unescaper
class Agent:
@@ -816,5 +818,20 @@ class Agent:
return re.sub("(%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), "%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER), inpStr) if inpStr else inpStr
def runAsDBMSUser(self, query):
if conf.dCred and "Ad Hoc Distributed Queries" not in query:
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements:
if query.lower().startswith(sqlStatement):
sqlType = sqlTitle
break
if sqlType and "SELECT" not in sqlType:
query = "SELECT %d;%s" % (randomInt(), query)
query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
return query
# SQL agent
agent = Agent()