From 13366aeb48b63f9615dac7cddc0367a546f1fcbb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 12 Mar 2016 12:26:30 +0100 Subject: [PATCH] Fixes #1752 --- lib/core/settings.py | 2 +- lib/techniques/dns/use.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c1386c70f..2adf560f7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version and site -VERSION = "1.0.0.17" +VERSION = "1.0.0.18" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index b3f81adc1..016dede79 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -60,6 +60,9 @@ def dnsUse(payload, expression): prefix, suffix = ("%s" % randomStr(length=3, alphabet=DNS_BOUNDARIES_ALPHABET) for _ in xrange(2)) chunk_length = MAX_DNS_LABEL / 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL) else MAX_DNS_LABEL / 4 - 2 _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) + extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(fieldToCastStr), expression).group(0) + if extendedField != fieldToCastStr: # e.g. MIN(surname) + fieldToCastStr = extendedField nulledCastedField = agent.nullAndCastField(fieldToCastStr) nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length) nulledCastedField = agent.hexConvertField(nulledCastedField)