PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Stabilizing DREI

Browse Source
This commit is contained in:
Miroslav Stampar
2019-05-03 13:20:15 +02:00
parent d8c62e0beb
commit f6f6844a0d
52 changed files with 347 additions and 334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/takeover/xp_cmdshell.py
View File

@@ -21,7 +21,7 @@ from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import wasLastResponseDelayed
from lib.core.compat import xrange
from lib.core.convert import hexencode
from lib.core.convert import encodeHex
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -166,7 +166,7 @@ class XP_cmdshell:
# Obfuscate the command to execute, also useful to bypass filters
# on single-quotes
self._randStr = randomStr(lowercase=True)
self._cmd = "0x%s" % hexencode(cmd, conf.encoding)
self._cmd = "0x%s" % encodeHex(cmd, binary=False)
self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr
self._forgedCmd += "SET @%s=%s;" % (self._randStr, self._cmd)