From 10097dd124507ce42c2312153660b26e041c6c9a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 29 Oct 2016 00:13:04 +0200
Subject: [PATCH] Fixes #2253

---
 lib/core/convert.py  | 21 +++++++++++++--------
 lib/core/option.py   |  2 +-
 lib/core/settings.py |  4 ++--
 txt/checksum.md5     |  6 +++---
 4 files changed, 19 insertions(+), 14 deletions(-)
 mode change 100644 => 100755 lib/core/convert.py
 mode change 100644 => 100755 lib/core/option.py
 mode change 100644 => 100755 lib/core/settings.py

diff --git a/lib/core/convert.py b/lib/core/convert.py
old mode 100644
new mode 100755
index 501ce04f4..285433845
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -6,9 +6,11 @@ See the file 'doc/COPYING' for copying permission
 """
 
 try:
-   import cPickle as pickle
+    import cPickle as pickle
 except:
-   import pickle
+    import pickle
+finally:
+    import pickle as picklePy
 
 import base64
 import json
@@ -45,7 +47,7 @@ def base64pickle(value):
     Serializes (with pickle) and encodes to Base64 format supplied (binary) value
 
     >>> base64pickle('foobar')
-    'gAJVBmZvb2JhcnEALg=='
+    'gAJVBmZvb2JhcnEBLg=='
     """
 
     retVal = None
@@ -64,11 +66,11 @@ def base64pickle(value):
 
     return retVal
 
-def base64unpickle(value):
+def base64unpickle(value, unsafe=False):
     """
     Decodes value from Base64 to plain format and deserializes (with pickle) its content
 
-    >>> base64unpickle('gAJVBmZvb2JhcnEALg==')
+    >>> base64unpickle('gAJVBmZvb2JhcnEBLg==')
     'foobar'
     """
 
@@ -82,9 +84,12 @@ def base64unpickle(value):
         self.load_reduce()
 
     def loads(str):
-        file = StringIO.StringIO(str)
-        unpickler = pickle.Unpickler(file)
-        unpickler.dispatch[pickle.REDUCE] = _
+        f = StringIO.StringIO(str)
+        if unsafe:
+            unpickler = picklePy.Unpickler(f)
+            unpickler.dispatch[pickle.REDUCE] = _
+        else:
+            unpickler = pickle.Unpickler(f)
         return unpickler.load()
 
     try:
diff --git a/lib/core/option.py b/lib/core/option.py
old mode 100644
new mode 100755
index c6417b8c4..d004fe07a
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2222,7 +2222,7 @@ def _mergeOptions(inputOptions, overrideOptions):
 
     if inputOptions.pickledOptions:
         try:
-            inputOptions = base64unpickle(inputOptions.pickledOptions)
+            inputOptions = base64unpickle(inputOptions.pickledOptions, unsafe=True)
             if type(inputOptions) == dict:
                 inputOptions = AttribDict(inputOptions)
             _normalizeOptions(inputOptions)
diff --git a/lib/core/settings.py b/lib/core/settings.py
old mode 100644
new mode 100755
index 9bdacc33e..1fbc1f8e7
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.10.59"
+VERSION = "1.0.10.60"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -551,7 +551,7 @@ HASHDB_RETRIEVE_RETRIES = 3
 HASHDB_END_TRANSACTION_RETRIES = 3
 
 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
-HASHDB_MILESTONE_VALUE = "BkfRWrtCYK"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
+HASHDB_MILESTONE_VALUE = "dPHoJRQYvs"  # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
 
 # Warn user of possible delay due to large page dump in full UNION query injections
 LARGE_OUTPUT_THRESHOLD = 1024 ** 2
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 1c445ed56..27fb401cb 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -27,7 +27,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e  lib/controller/__init__.py
 04f16204c899438dc7599a9a8426bfee  lib/core/agent.py
 eb0bd28b0bd9fbf67dcc3119116df377  lib/core/bigarray.py
 136246c879e7a15309ed892ea4c1c3eb  lib/core/common.py
-7793cad97d18e482345bdc0b12315d96  lib/core/convert.py
+7a23d2365f7de1a7d20d065a31c04d49  lib/core/convert.py
 e77cca1cb063016f71f6e6bdebf4ec73  lib/core/data.py
 1d042f0bc0557d3fd564ea5a46deb77e  lib/core/datatype.py
 e4ca0fd47f20cf7ba6a5f5cbf980073c  lib/core/decorators.py
@@ -39,13 +39,13 @@ e4aec2b11c1ad6039d0c3dbbfbc5eb1a  lib/core/exception.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/core/__init__.py
 91c514013daa796e2cdd940389354eac  lib/core/log.py
 d027df65e7cbb99758daf77aaa6ab61c  lib/core/optiondict.py
-a9daee091e2e7ed05085603741fe8af4  lib/core/option.py
+6a67d7d1e09c0630df77e55d78cbff13  lib/core/option.py
 7af487340c138f7b5dbd443161cbb428  lib/core/profiling.py
 e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-8f72331b896fb1c0fe3760b85ab0e9af  lib/core/settings.py
+a69157619025ede338abb16f5e519519  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 c3ace7874a536d801f308cf1fd03df99  lib/core/target.py