From 190e8ae5fae49a9d9e84dd528146b05510ac44da Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Mar 2018 17:44:15 +0100 Subject: [PATCH] Bug fix (UNION SQLi with --no-escape) --- lib/core/settings.py | 2 +- lib/techniques/union/use.py | 7 ++----- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 09f524300..5c5f4f0bb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.9" +VERSION = "1.2.3.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index baa42ddd7..6be9d4bbc 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -44,6 +44,7 @@ from lib.core.data import logger from lib.core.data import queries from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS +from lib.core.enums import HTTP_HEADER from lib.core.enums import PAYLOAD from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapSyntaxException @@ -89,11 +90,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): # Parse the returned page to get the exact UNION-based # SQL injection output def _(regex): - return reduce(lambda x, y: x if x is not None else y, (\ - extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \ - extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \ - if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \ - None) + return reduce(lambda x, y: x if x is not None else y, (extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), None) # Automatically patching last char trimming cases if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index db964e741..7d183aa84 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bcacc60d5d1a2769a667e787eb08b625 lib/core/settings.py +3e4a8bea5a0f5b2f4e1fa0c0c5baf9ee lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -97,7 +97,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py -6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py +ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py