Couple of patches related to the #3473

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.2.6"
+VERSION = "1.3.2.7"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -185,7 +185,7 @@ MAX_TIME_RESPONSES = 200
 MIN_UNION_RESPONSES = 5
 
 # After these number of blanks at the end inference should stop (just in case)
-INFERENCE_BLANK_BREAK = 10
+INFERENCE_BLANK_BREAK = 5
 
 # Use this replacement character for cases when inference is not able to retrieve the proper character value
 INFERENCE_UNKNOWN_CHAR = '?'

lib/request/inject.py

@@ -347,6 +347,11 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
     """
 
     if conf.hexConvert:
+        if not hasattr(queries[Backend.getIdentifiedDbms()], "hex"):
+            warnMsg = "switch '--hex' is currently not supported on DBMS %s" % Backend.getIdentifiedDbms()
+            singleTimeWarnMessage(warnMsg)
+            conf.hexConvert = False
+        else:
             charsetType = CHARSET_TYPE.HEXADECIMAL
 
     kb.safeCharEncode = safeCharEncode

lib/techniques/blind/inference.py

@@ -631,9 +631,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     dataToStdout(filterControlChars(val))
 
                 # some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces
-                if len(partialValue) > INFERENCE_BLANK_BREAK and partialValue[-INFERENCE_BLANK_BREAK:].isspace() and partialValue.strip(' ')[-1:] != '\n':
+                if len(partialValue) > INFERENCE_BLANK_BREAK and partialValue[-INFERENCE_BLANK_BREAK:].isspace():
                     finalValue = partialValue[:-INFERENCE_BLANK_BREAK]
                     break
+                elif charsetType and partialValue[-1:].isspace():
+                    break
 
                 if (lastChar > 0 and index >= lastChar):
                     finalValue = "" if length == 0 else partialValue

txt/checksum.md5

@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb  lib/core/readlineng.py
 7d8a22c582ad201f65b73225e4456170  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-92a41d5a203138d85c80e2ab76a744e4  lib/core/settings.py
+4e9e2ab5f80ca605f2be342798b29ba3  lib/core/settings.py
 4483b4a5b601d8f1c4281071dff21ecc  lib/core/shell.py
 10fd19b0716ed261e6d04f311f6f527c  lib/core/subprocessng.py
 43772ea73e9e3d446f782af591cb4eda  lib/core/target.py
@@ -77,7 +77,7 @@ fc25d951217077fe655ed2a3a81552ae  lib/request/comparison.py
 2b7509ba38a667c61cefff036ec4ca6f  lib/request/dns.py
 ceac6b3bf1f726f8ff43c6814e9d7281  lib/request/httpshandler.py
 fb6be55d21a70765e35549af2484f762  lib/request/__init__.py
-338f39808f63af8d4f4afe9e7b0665a2  lib/request/inject.py
+2fa26f93a7bf6261bbc4d94b14df5a4e  lib/request/inject.py
 52a067bd2fe91ea9395269a684380cbb  lib/request/methodrequest.py
 ac482ec52227daf48f523827dd67078f  lib/request/pkihandler.py
 16ff6e078819fe517b1fc0ae3cbc1aa8  lib/request/rangehandler.py
@@ -91,7 +91,7 @@ d55029a4c048e345fbb07a8f91604d83  lib/takeover/metasploit.py
 ad038ac567f97a4b940b7987792d64a4  lib/takeover/udf.py
 915a3fbd557fb136bd0e16c46d993be3  lib/takeover/web.py
 1aadcdc058bb813d09ad23d26ea2a6b5  lib/takeover/xp_cmdshell.py
-96f120e4299baaea4defd902afc85979  lib/techniques/blind/inference.py
+d838c943f4fc68d2ae89386024fa33ca  lib/techniques/blind/inference.py
 fb6be55d21a70765e35549af2484f762  lib/techniques/blind/__init__.py
 fb6be55d21a70765e35549af2484f762  lib/techniques/dns/__init__.py
 ea48db4c48276d7d0e71aa467c0c523f  lib/techniques/dns/test.py