Delegate urlencoding to agent.py only

bdamele · bdamele · commit 65a0a8d2859a · 2010-10-31T13:28:05.000Z
diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py
@@ -12,7 +12,6 @@
 from lib.core.agent import agent
 from lib.core.common import dataToStdout
 from lib.core.common import readInput
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -80,7 +79,6 @@ def udfExecCmd(self, cmd, silent=False, udfName=None):
             udfName = "sys_exec"
 
         cmd = unescaper.unescape(cmd)
-        cmd = urlencode(cmd, convall=True)
 
         inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
 
@@ -90,7 +88,6 @@ def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
             udfName = "sys_eval"
 
         cmd = unescaper.unescape(cmd)
-        cmd = urlencode(cmd, convall=True)
 
         inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
         output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last)
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -9,7 +9,6 @@
 
 from lib.core.common import randomStr
 from lib.core.common import readInput
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -98,7 +97,6 @@ def __xpCmdshellCheck(self):
 
     def xpCmdshellForgeCmd(self, cmd):
         forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
-        forgedCmd = urlencode(forgedCmd, convall=True)
 
         return forgedCmd
 
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
@@ -14,7 +14,6 @@
 from lib.core.common import getRange
 from lib.core.common import posixToNtSlashes
 from lib.core.common import randomStr
-from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -89,7 +88,6 @@ def stackedReadFile(self, rFile):
         """ % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField)
 
         binToHexQuery = binToHexQuery.replace("    ", "").replace("\n", " ")
-        binToHexQuery = urlencode(binToHexQuery, convall=True)
         inject.goStacked(binToHexQuery)
 
         if kb.unionPosition is not None:
diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py
@@ -9,7 +9,6 @@
 
 import binascii
 
-from lib.core.convert import urlencode
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -143,7 +142,6 @@ def spHeapOverflow(self):
         """ % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar)
 
         self.spExploit = self.spExploit.replace("    ", "").replace("\n", " ")
-        self.spExploit = urlencode(self.spExploit, convall=True)
 
         logger.info("triggering the buffer overflow vulnerability, wait..")
         inject.goStacked(self.spExploit, silent=True)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -24,7 +24,6 @@
 from lib.core.common import readInput
 from lib.core.common import safeStringFormat
 from lib.core.common import strToHex
-from lib.core.convert import urlencode
 from lib.core.convert import utf8decode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -1731,8 +1730,6 @@ def sqlQuery(self, query):
 
             return output
         else:
-            query = urlencode(query, convall=True)
-
             if kb.stackedTest is None:
                 stackedTest()
 
