From 6d07d52ccd52d8923396abff85133e2178edd891 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 17 Nov 2019 00:21:55 +0100 Subject: [PATCH] Minor patch --- lib/core/settings.py | 2 +- lib/request/direct.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8f36e2310..64be8ca88 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.11.62" +VERSION = "1.3.11.63" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/direct.py b/lib/request/direct.py index b107cb599..07654c1ec 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +import re import time from lib.core.agent import agent @@ -43,8 +44,14 @@ def direct(query, content=True): select = False break - if select and not query.upper().startswith("SELECT "): - query = "SELECT %s" % query + if select: + if not query.upper().startswith("SELECT "): + query = "SELECT %s" % query + if conf.binaryFields: + for field in conf.binaryFields.split(','): + field = field.strip() + if re.search(r"\b%s\b" % re.escape(field), query): + query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query) logger.log(CUSTOM_LOGGING.PAYLOAD, query)