Re: [sqlmap-users] Windows Registry Read/Write/Delete - Fails due to unquoted path
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Windows Registry Read/Write/Delete - Fails due to unquoted path
|
From: Miroslav S. <mir...@gm...> - 2015-03-11 22:49:28
|
Thank you for report. Will try to check it tomorrow. Bye On Wed, Mar 11, 2015 at 10:54 PM, Johnathon Doe <hoo...@gm...> wrote: > Hey SQLMAP Users, > > I am working on finishing touches to Web GUI using API and lately been > working on incorporating the advanced attacks. This week I have been > focusing on the Windows Registry options (read, write, & delete). In my > testing I have noticed that all functions seem to be failing by default. > Based on the errors it appears to be lack of quoting of the full path to > the batch file being used to run reg commands. As a result it fails to ever > run the command, and thus no results return. > > My test machine is Windows 2003 Server, IIS + ASP + MS-SQL 2005. > > Now I have figured out my own workaround by patching the > ./lbi/takeover/registry.py file so that all instances of > 'self._batPathRemote' being passed to evalCmd(), delRemoteFile(), or > execCmd() are quoted when passed, like so: '"' + self._batPathRemote + '"'. > This seems to resolve the issue and allow things to work when writing to > locations with spaces in the path name. > > 1 - Is anyone else have this issue or do you guys think this is target > specific? > 2 - Not sure how I submit for a fix if this is indeed a bug > 3 - My patched registry.py: http://pastebin.com/fhVK0m6J > > Thanks, > HR > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
