PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Refactoring of funcionality for finding out if stacking is available

Browse Source
This commit is contained in:
Miroslav Stampar
2013-02-13 09:57:16 +01:00
parent 8b4f72322a
commit dc41484b3f
8 changed files with 46 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/takeover/abstraction.py
View File

@@ -9,6 +9,7 @@ from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import dataToStdout
from lib.core.common import Backend
from lib.core.common import getSQLSnippet
from lib.core.common import isStackingAvailable
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@@ -39,7 +40,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
Xp_cmdshell.__init__(self)
def execCmd(self, cmd, silent=False):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if self.webBackdoorUrl and not isStackingAvailable():
self.webBackdoorRunCmd(cmd)
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
@@ -55,7 +56,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
def evalCmd(self, cmd, first=None, last=None):
retVal = None
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if self.webBackdoorUrl and not isStackingAvailable():
retVal = self.webBackdoorRunCmd(cmd)
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
@@ -92,7 +93,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
self.execCmd(cmd)
def shell(self):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if self.webBackdoorUrl and not isStackingAvailable():
infoMsg = "calling OS shell. To quit type "
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
@@ -146,7 +147,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
if not conf.dbmsCred:
return
if not conf.direct and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if not conf.direct and not isStackingAvailable():
errMsg = "stacked queries is not supported hence sqlmap cannot "
errMsg += "execute statements as another user. The execution "
errMsg += "will continue and the DBMS credentials provided "