Use the encoder in all the #test_vulnerable methods from the common class

red0xff · red0xff · commit 5331c343a005 · 2022-06-06T23:13:26.000+02:00
diff --git a/lib/msf/core/exploit/sqli/mssqli/common.rb b/lib/msf/core/exploit/sqli/mssqli/common.rb
@@ -182,7 +182,10 @@ def dump_table_fields(table, columns, condition = '', num_limit = 0)
     def test_vulnerable
       random_string_len = @truncation_length ? [rand(2..10), @truncation_length].min : rand(2..10)
       random_string = Rex::Text.rand_text_alphanumeric(random_string_len)
-      run_sql("select '#{random_string}'") == random_string
+      query_string = "'#{random_string}'"
+      query_string = @encoder[:encode].sub(/\^DATA\^/, query_string) if @encoder
+      output = run_sql("select #{query_string}")
+      (@encoder ? @encoder[:decode].call(output) : output) == random_string
     end
 
     #
diff --git a/lib/msf/core/exploit/sqli/mysqli/common.rb b/lib/msf/core/exploit/sqli/mysqli/common.rb
@@ -197,7 +197,10 @@ def dump_table_fields(table, columns, condition = '', num_limit = 0)
     def test_vulnerable
       random_string_len = @truncation_length ? [rand(2..10), @truncation_length].min : rand(2..10)
       random_string = Rex::Text.rand_text_alphanumeric(random_string_len)
-      run_sql("select '#{random_string}'") == random_string
+      query_string = "'#{random_string}'"
+      query_string = @encoder[:encode].sub(/\^DATA\^/, query_string) if @encoder
+      output = run_sql("select #{query_string}")
+      (@encoder ? @encoder[:decode].call(output) : output) == random_string
     end
 
     #
diff --git a/lib/msf/core/exploit/sqli/postgresqli/common.rb b/lib/msf/core/exploit/sqli/postgresqli/common.rb
@@ -189,7 +189,10 @@ def dump_table_fields(table, columns, condition = '', num_limit = 0)
     def test_vulnerable
       random_string_len = @truncation_length ? [rand(2..10), @truncation_length].min : rand(2..10)
       random_string = Rex::Text.rand_text_alphanumeric(random_string_len)
-      run_sql("select '#{random_string}'") == random_string
+      query_string = "'#{random_string}'"
+      query_string = @encoder[:encode].sub(/\^DATA\^/, query_string) if @encoder
+      output = run_sql("select #{query_string}")
+      (@encoder ? @encoder[:decode].call(output) : output) == random_string
     end
 
     #
