sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 07:57:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #4842

Browse Source
This commit is contained in:
Miroslav Stampar 2021-10-08 17:33:43 +02:00
parent 0517979e0a
commit 18013bc8b2
2 changed files with 32 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.10.12"
VERSION = "1.5.10.13"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

58
lib/techniques/union/use.py
View File

@ -98,33 +98,37 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
if kb.jsonAggMode:
if Backend.isDbms(DBMS.MSSQL):
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
if output:
try:
retVal = ""
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
for row in json.loads(output):
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
except:
pass
else:
retVal = getUnicode(retVal)
elif Backend.isDbms(DBMS.PGSQL):
output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
if output:
retVal = output
else:
output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
if output:
try:
retVal = ""
for row in json.loads(output):
retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
except:
pass
else:
retVal = getUnicode(retVal)
for _page in (page or "", (page or "").replace('\\"', '"')):
if Backend.isDbms(DBMS.MSSQL):
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
if output:
try:
retVal = ""
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
for row in json.loads(output):
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
except:
pass
else:
retVal = getUnicode(retVal)
elif Backend.isDbms(DBMS.PGSQL):
output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
if output:
retVal = output
else:
output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
if output:
try:
retVal = ""
for row in json.loads(output):
retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
except:
pass
else:
retVal = getUnicode(retVal)
if retVal:
break
else:
# Parse the returned page to get the exact UNION-based
# SQL injection output