From 77e630d89e8c6c85c4af37dd9c0494cd78d32d13 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Oct 2011 20:19:42 +0000
Subject: [PATCH] replaced longer CHAR form of escaped MySQL strings with more
 compact hex form

---
 lib/request/connect.py       |  2 +-
 plugins/dbms/mysql/syntax.py | 40 +++++++++++-------------------------
 2 files changed, 13 insertions(+), 29 deletions(-)

diff --git a/lib/request/connect.py b/lib/request/connect.py
index 07a7b372c..d5e989589 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -161,7 +161,7 @@ class Connect:
         responseHeaders = None
         logHeaders = ""
 
-        # support for non-latin URLs (e.g. cyrilic) as urllib/urllib2 doesn't
+        # support for non-latin (e.g. cyrillic) URLs as urllib/urllib2 doesn't
         # support those by default
         url = asciifyUrl(url)
 
diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py
index 352d0e268..973ec5b2a 100644
--- a/plugins/dbms/mysql/syntax.py
+++ b/plugins/dbms/mysql/syntax.py
@@ -7,8 +7,10 @@ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.exception import sqlmapSyntaxException
+import binascii
+import re
 
+from lib.core.exception import sqlmapSyntaxException
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):
@@ -18,35 +20,13 @@ class Syntax(GenericSyntax):
     @staticmethod
     def unescape(expression, quote=True):
         if quote:
-            while True:
-                index = expression.find("'")
-                if index == -1:
-                    break
-
-                firstIndex = index + 1
-                index = expression[firstIndex:].find("'")
-
-                if index == -1:
-                    raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
-
-                lastIndex = firstIndex + index
-                old = "'%s'" % expression[firstIndex:lastIndex]
-                unescaped = ""
-
-                for i in xrange(firstIndex, lastIndex):
-                    unescaped += "%d" % (ord(expression[i]))
-                    if i < lastIndex - 1:
-                        unescaped += ","
-
-                expression = expression.replace(old, "CHAR(%s)" % unescaped)
+            unescaped = expression
+            for item in re.findall(r"'[^']+'", expression, re.S):
+                unescaped = unescaped.replace(item, "0x%s" % binascii.hexlify(item.strip("'")))
         else:
-            unescaped = "CHAR("
-            unescaped += ",".join("%d" % ord(c) for c in expression)
-            unescaped += ")"
+            unescaped = "0x%s" % binascii.hexlify(expression)
 
-            expression = unescaped
-
-        return expression
+        return unescaped
 
     @staticmethod
     def escape(expression):
@@ -70,4 +50,8 @@ class Syntax(GenericSyntax):
             escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
             expression = expression.replace(old, escaped)
 
+        original = expression
+        for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S):
+            expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:]))
+
         return expression