PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-07 15:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #2684

Browse Source
This commit is contained in:
Miroslav Stampar
2017-09-05 13:13:08 +02:00
parent 30ea219228
commit 96b9950f96
7 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/convert.py
View File

@@ -110,7 +110,7 @@ def hexdecode(value):
value = value.lower()
return (value[2:] if value.startswith("0x") else value).decode("hex")
def hexencode(value):
def hexencode(value, encoding=None):
"""
Encodes string value from plain to hex format
@@ -118,7 +118,7 @@ def hexencode(value):
'666f6f626172'
"""
return unicodeencode(value, conf.charset or UNICODE_ENCODING).encode("hex")
return unicodeencode(value, encoding).encode("hex")
def unicodeencode(value, encoding=None):
"""

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.9.5"
VERSION = "1.1.9.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
lib/takeover/web.py
View File

@@ -144,7 +144,7 @@ class Web:
randInt = randomInt()
query += "OR %d=%d " % (randInt, randInt)
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery))
query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery, conf.charset))
query = agent.prefixQuery(query)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)

2
lib/takeover/xp_cmdshell.py
View File

@@ -163,7 +163,7 @@ class XP_cmdshell:
# Obfuscate the command to execute, also useful to bypass filters
# on single-quotes
self._randStr = randomStr(lowercase=True)
self._cmd = "0x%s" % hexencode(cmd)
self._cmd = "0x%s" % hexencode(cmd, conf.charset)
self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr
self._forgedCmd += "SET @%s=%s;" % (self._randStr, self._cmd)