[sqlmap-users] Windows Registry Read/Write/Delete - Fails due to unquoted path
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Windows Registry Read/Write/Delete - Fails due to unquoted path
|
From: Johnathon D. <hoo...@gm...> - 2015-03-11 21:54:49
|
Hey SQLMAP Users, I am working on finishing touches to Web GUI using API and lately been working on incorporating the advanced attacks. This week I have been focusing on the Windows Registry options (read, write, & delete). In my testing I have noticed that all functions seem to be failing by default. Based on the errors it appears to be lack of quoting of the full path to the batch file being used to run reg commands. As a result it fails to ever run the command, and thus no results return. My test machine is Windows 2003 Server, IIS + ASP + MS-SQL 2005. Now I have figured out my own workaround by patching the ./lbi/takeover/registry.py file so that all instances of 'self._batPathRemote' being passed to evalCmd(), delRemoteFile(), or execCmd() are quoted when passed, like so: '"' + self._batPathRemote + '"'. This seems to resolve the issue and allow things to work when writing to locations with spaces in the path name. 1 - Is anyone else have this issue or do you guys think this is target specific? 2 - Not sure how I submit for a fix if this is indeed a bug 3 - My patched registry.py: http://pastebin.com/fhVK0m6J Thanks, HR |
