sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix (UNION SQLi with --no-escape)

Browse Source
This commit is contained in:
Miroslav Stampar 2018-03-08 17:44:15 +01:00
parent 43044d8512
commit 190e8ae5fa
3 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.3.9"
VERSION = "1.2.3.10"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

7
lib/techniques/union/use.py
View File

@ -44,6 +44,7 @@ from lib.core.data import logger
from lib.core.data import queries
from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS
from lib.core.enums import HTTP_HEADER
from lib.core.enums import PAYLOAD
from lib.core.exception import SqlmapDataException
from lib.core.exception import SqlmapSyntaxException
@ -89,11 +90,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
# Parse the returned page to get the exact UNION-based
# SQL injection output
def _(regex):
return reduce(lambda x, y: x if x is not None else y, (\
extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \
None)
return reduce(lambda x, y: x if x is not None else y, (extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), None)
# Automatically patching last char trimming cases
if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""):

4
txt/checksum.md5
View File

@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
bcacc60d5d1a2769a667e787eb08b625 lib/core/settings.py
3e4a8bea5a0f5b2f4e1fa0c0c5baf9ee lib/core/settings.py
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
3cc852f927833895361973fbcfd156d2 lib/core/target.py
@ -97,7 +97,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py
e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py
6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py
ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py
e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py
37dfb641358669f62c2acedff241348b lib/utils/brute.py
a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py