From 509bb41b06114d6d953dfaa6ac82c9dad9bc3253 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 17 Apr 2018 17:08:57 +0200
Subject: [PATCH] Adding (hidden) switch '--force-pivoting' (Issue #3032)

---
 lib/core/settings.py       |  2 +-
 lib/parse/cmdline.py       |  3 +++
 plugins/generic/entries.py | 13 +++++++++++--
 txt/checksum.md5           |  6 +++---
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index e0b1400e2..13a6c742e 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.4.17"
+VERSION = "1.2.4.18"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 3794d3ac2..2631a7b04 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -683,6 +683,9 @@ def cmdLineParser(argv=None):
         parser.add_option("--force-dns", dest="forceDns", action="store_true",
                           help=SUPPRESS_HELP)
 
+        parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true",
+                          help=SUPPRESS_HELP)
+
         parser.add_option("--force-threads", dest="forceThreads", action="store_true",
                           help=SUPPRESS_HELP)
 
diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py
index b5638c409..abf2003bb 100644
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@@ -23,6 +23,7 @@ from lib.core.common import prioritySortColumns
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import singleTimeLogMessage
+from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -184,7 +185,11 @@ class Entries:
                         if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
                             table = "%s.%s" % (conf.db, tbl)
 
-                            if Backend.isDbms(DBMS.MSSQL):
+                            if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:
+                                warnMsg = "in case of table dumping problems (e.g. column entry order) "
+                                warnMsg += "you are advised to rerun with '--force-pivoting'"
+                                singleTimeWarnMessage(warnMsg)
+
                                 query = rootQuery.blind.count % table
                                 query = agent.whereQuery(query)
 
@@ -327,7 +332,11 @@ class Entries:
                         elif Backend.isDbms(DBMS.INFORMIX):
                             table = "%s:%s" % (conf.db, tbl)
 
-                        if Backend.isDbms(DBMS.MSSQL):
+                        if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:
+                            warnMsg = "in case of table dumping problems (e.g. column entry order) "
+                            warnMsg += "you are advised to rerun with '--force-pivoting'"
+                            singleTimeWarnMessage(warnMsg)
+
                             try:
                                 indexRange = getLimitRange(count, plusOne=True)
 
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 9d29b6328..2bfe4a58a 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d  lib/core/optiondict.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-e854bd3a7ce6196a3ee3e3891473435e  lib/core/settings.py
+13d487ed576734ef3178720ec98ec406  lib/core/settings.py
 0dfc2ed40adf72e302291f6ecd4406f6  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 a35efa7bec9f1e6cedf17c9830a79241  lib/core/target.py
@@ -57,7 +57,7 @@ af2d1810b6a7ebc61689a53c253ddbaa  lib/core/update.py
 e772deb63270375e685fa5a7b775c382  lib/core/wordlist.py
 1e5532ede194ac9c083891c2f02bca93  lib/__init__.py
 7620f1f4b8791e13c7184c06b5421754  lib/parse/banner.py
-f667710f17b8447358ee7508a9d2faf1  lib/parse/cmdline.py
+5e46fac7f824ba8ab8003a1cd47d8af3  lib/parse/cmdline.py
 fb2e2f05dde98caeac6ccf3e67192177  lib/parse/configfile.py
 3794ff139869f5ae8e81cfdbe5714f56  lib/parse/handler.py
 aaad2a0d80f05eaebe52c71519b3dfc7  lib/parse/headers.py
@@ -204,7 +204,7 @@ a3db8618eed5bb2807b6f77605cba9cc  plugins/dbms/sybase/__init__.py
 34d181a7086d6dfc7e72ae5f8a4cfe0f  plugins/generic/connector.py
 e6cd1c5a5244d83396b401f7db43d323  plugins/generic/custom.py
 79c6dbcb7e6ad5e993a44aa52fdc36ed  plugins/generic/databases.py
-a9c8637f0526d751cd1a6a18f91967f5  plugins/generic/entries.py
+4e2b366bb9cfdaaed719b219913357c6  plugins/generic/entries.py
 d82f2c78c1d4d7c6487e94fd3a68a908  plugins/generic/enumeration.py
 0c8abe66a78edca0660bfb8049d109e2  plugins/generic/filesystem.py
 f5d5419efddfe04648ea5e953c650793  plugins/generic/fingerprint.py