Thank you for report. Will try to check it tomorrow.
Bye
On Wed, Mar 11, 2015 at 10:54 PM, Johnathon Doe <hood3dro...@gmail.com>
wrote:
> Hey SQLMAP Users,
>
> I am working on finishing touches to Web GUI using API and lately been
> working on incorporating the advanced attacks. This week I have been
> focusing on the Windows Registry options (read, write, & delete). In my
> testing I have noticed that all functions seem to be failing by default.
> Based on the errors it appears to be lack of quoting of the full path to
> the batch file being used to run reg commands. As a result it fails to ever
> run the command, and thus no results return.
>
> My test machine is Windows 2003 Server, IIS + ASP + MS-SQL 2005.
>
> Now I have figured out my own workaround by patching the
> ./lbi/takeover/registry.py file so that all instances of
> 'self._batPathRemote' being passed to evalCmd(), delRemoteFile(), or
> execCmd() are quoted when passed, like so: '"' + self._batPathRemote + '"'.
> This seems to resolve the issue and allow things to work when writing to
> locations with spaces in the path name.
>
> 1 - Is anyone else have this issue or do you guys think this is target
> specific?
> 2 - Not sure how I submit for a fix if this is indeed a bug
> 3 - My patched registry.py: http://pastebin.com/fhVK0m6J
>
> Thanks,
> HR
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
