From 1e6191e3b1c13db089a0b5aac70bb3a4d25b1875 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 16 Jul 2016 15:51:09 +0200
Subject: [PATCH] Fixes #2026

---
 lib/core/settings.py        |  2 +-
 lib/techniques/union/use.py | 44 ++++++++++++++++++++-----------------
 2 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index c4c4f6898..c10f3c2d7 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.7.25"
+VERSION = "1.0.7.26"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index 891bc9eca..975b88c96 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -102,28 +102,32 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
 
             retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop))
         else:
-            output = extractRegexResult(r"(?P<result>(<row[^>]+>)+)", page)
+            output = extractRegexResult(r"(?P<result>(<row.+?/>)+)", page)
             if output:
-                retVal = ""
-                root = xml.etree.ElementTree.fromstring("<root>%s</root>" % output)
-                for column in kb.dumpColumns:
-                    base64 = True
-                    for child in root:
-                        try:
-                            child.attrib.get(column, "").decode("base64")
-                        except binascii.Error:
-                            base64 = False
-                            break
-
-                    if base64:
-                        for child in root:
-                            child.attrib[column] = child.attrib.get(column, "").decode("base64") or NULL
-
-                for child in root:
-                    row = []
+                try:
+                    root = xml.etree.ElementTree.fromstring("<root>%s</root>" % output)
+                    retVal = ""
                     for column in kb.dumpColumns:
-                        row.append(child.attrib.get(column, NULL))
-                    retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(row), kb.chars.stop)
+                        base64 = True
+                        for child in root:
+                            try:
+                                child.attrib.get(column, "").decode("base64")
+                            except binascii.Error:
+                                base64 = False
+                                break
+
+                        if base64:
+                            for child in root:
+                                child.attrib[column] = child.attrib.get(column, "").decode("base64") or NULL
+
+                    for child in root:
+                        row = []
+                        for column in kb.dumpColumns:
+                            row.append(child.attrib.get(column, NULL))
+                        retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(row), kb.chars.stop)
+
+                except xml.etree.ElementTree.ParseError:
+                    pass
 
         if retVal is not None:
             retVal = getUnicode(retVal, kb.pageEncoding)