initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap

2025-12-07 05:01:30 +00:00 · 2012-07-02 02:04:19 +01:00
parent 87951bcff8
commit 6697927098
6 changed files with 62 additions and 5 deletions
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -45,8 +45,8 @@ def direct(query, content=True):
    logger.log(9, query)

    output = hashDBRetrieve(query, True, True)
-
    start = time.time()
+
    if not select and "EXEC " not in query:
        _ = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
    elif not (output and "sqlmapoutput" not in query and "sqlmapfile" not in query):