From 76a2e658b58c093c2fe9596dff68af2b3b2e0999 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 10 Feb 2024 15:24:28 +0100 Subject: [PATCH] Adding switch '--unsafe-naming' --- lib/core/common.py | 3 +++ lib/core/optiondict.py | 1 + lib/core/settings.py | 2 +- lib/parse/cmdline.py | 3 +++ sqlmap.conf | 3 +++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index f0e0454d7..bccab6c67 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4273,6 +4273,9 @@ def safeSQLIdentificatorNaming(name, isTable=False): retVal = name + if conf.unsafeNaming: + return retVal + if isinstance(name, six.string_types): retVal = getUnicode(name) _ = isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index a404cccaa..a70474119 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -240,6 +240,7 @@ optDict = { "testFilter": "string", "testSkip": "string", "timeLimit": "float", + "unsafeNaming": "boolean", "webRoot": "string", }, diff --git a/lib/core/settings.py b/lib/core/settings.py index 34c0ad71d..c9d2eac66 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.8.2.0" +VERSION = "1.8.2.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 42d79ab28..104bc36e6 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -739,6 +739,9 @@ def cmdLineParser(argv=None): general.add_argument("--time-limit", dest="timeLimit", type=float, help="Run with a time limit in seconds (e.g. 3600)") + general.add_argument("--unsafe-naming", dest="unsafeNaming", action="store_true", + help="Disable escaping of DBMS identifiers (e.g. \"user\")") + general.add_argument("--web-root", dest="webRoot", help="Web server document root directory (e.g. \"/var/www\")") diff --git a/sqlmap.conf b/sqlmap.conf index 114324e8d..5b1a10271 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -829,6 +829,9 @@ testSkip = # Run with a time limit in seconds (e.g. 3600). timeLimit = +# Disable escaping of DBMS identifiers (e.g. "user"). +unsafeNaming = False + # Web server document root directory (e.g. "/var/www"). webRoot =