Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ebd40b3

Browse files
bdamelebdamele
committed
Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection)
1 parent aee269c commit ebd40b3

2 files changed

Lines changed: 2 additions & 4 deletions

File tree

plugins/dbms/mssqlserver/filesystem.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,7 @@ def stackedReadFile(self, rFile):
5151
inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (txtTbl, rFile, randomStr(10), randomStr(10)), silent=True)
5252

5353
# Reference: http://support.microsoft.com/kb/104829
54-
binToHexQuery = """
55-
DECLARE @charset VARCHAR(16)
54+
binToHexQuery = """DECLARE @charset VARCHAR(16)
5655
DECLARE @counter INT
5756
DECLARE @hexstr VARCHAR(4096)
5857
DECLARE @length INT

plugins/dbms/mssqlserver/takeover.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,7 @@ def spHeapOverflow(self):
7676

7777
shellcodeChar = shellcodeChar[:-1]
7878

79-
self.spExploit = """
80-
DECLARE @buf NVARCHAR(4000),
79+
self.spExploit = """DECLARE @buf NVARCHAR(4000),
8180
@val NVARCHAR(4),
8281
@counter INT
8382
SET @buf = '

0 commit comments

Comments
 (0)