PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix in takeover functionalities on Microsoft SQL Server

Browse Source
This commit is contained in:
Bernardo Damele
2010-01-29 00:09:05 +00:00
parent c6cae7da41
commit 7b8316728c
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/takeover/xp_cmdshell.py
View File

@@ -103,7 +103,7 @@ class xp_cmdshell:
self.xpCmdshellExecCmd(cmd)
def __xpCmdshellCheck(self):
query = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec + 2))
query = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))
duration = timeUse(query)
if duration >= conf.timeSec:
@@ -112,14 +112,15 @@ class xp_cmdshell:
return False
def xpCmdshellForgeCmd(self, cmd):
return "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
forgedCmd = urlencode(forgedCmd, convall=True)
return forgedCmd
def xpCmdshellExecCmd(self, cmd, silent=False, forgeCmd=False):
if forgeCmd:
cmd = self.xpCmdshellForgeCmd(cmd)
cmd = urlencode(cmd, convall=True)
inject.goStacked(cmd, silent)
def xpCmdshellEvalCmd(self, cmd, first=None, last=None):