diff --git a/lib/controller/checks.py b/lib/controller/checks.py index c259c7dbf..6c803a5aa 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -200,6 +200,7 @@ def checkSqlInjection(place, parameter, value): # Parse test's comment = agent.getComment(test.request) fstPayload = agent.cleanupPayload(test.request.payload, value) + fstPayload = unescaper.unescape(fstPayload, dbms=dbms) for boundary in conf.boundaries: injectable = False @@ -286,6 +287,7 @@ def checkSqlInjection(place, parameter, value): # In case of boolean-based blind SQL injection if method == PAYLOAD.METHOD.COMPARISON: sndPayload = agent.cleanupPayload(test.response.comparison, value) + sndPayload = unescaper.unescape(sndPayload, dbms=dbms) # Forge response payload by prepending with # boundary's prefix and appending the boundary's diff --git a/lib/core/agent.py b/lib/core/agent.py index d21cf2023..efba63bbc 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -241,7 +241,7 @@ class Agent: errMsg += "knowledge of underlying DBMS" raise sqlmapNoneDataException, errMsg - payload = unescaper.unescape(payload) + #payload = unescaper.unescape(payload) return payload diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index a7b0c5911..c0d44e3ad 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -48,6 +48,7 @@ def __oneShotErrorUse(expression, field): # Forge the error-based SQL injection request vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector) + query = unescaper.unescape(vector) query = agent.prefixQuery(query) query = agent.suffixQuery(query) injExpression = expression.replace(field, nulledCastedField, 1)