From 5b1574614d326a1523b71a37c8b73518a5fa9023 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 23 Jan 2020 10:53:06 +0100 Subject: [PATCH] Minor patch --- lib/controller/checks.py | 8 +++++--- lib/core/dicts.py | 1 + lib/core/settings.py | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 13d7d1fc5..87676998a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -97,6 +97,7 @@ from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import URI_HTTP_HEADER from lib.core.threads import getCurrentThreadData +from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.request.comparison import comparison from lib.request.inject import checkBooleanExpression @@ -879,12 +880,13 @@ def heuristicCheckDbms(injection): kb.injection = injection for dbms in getPublicTypeMembers(DBMS, True): - if conf.noEscape and dbms not in FROM_DUMMY_TABLE: - continue - randStr1, randStr2 = randomStr(), randomStr() + Backend.forceDbms(dbms) + if (randStr1 in unescaper.escape("'%s'" % randStr1)) and dbms not in FROM_DUMMY_TABLE: + continue + if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)): if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)): retVal = dbms diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 679dc6f5b..c1aa9278f 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -208,6 +208,7 @@ DBMS_DICT = { DBMS.MCKOI: (MCKOI_ALIASES, None, None, None), } +# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/ FROM_DUMMY_TABLE = { DBMS.ORACLE: " FROM DUAL", DBMS.ACCESS: " FROM MSysAccessObjects", diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f0d99c9a..b1a2835ad 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.1.37" +VERSION = "1.4.1.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)