From 8b3425ccdfc3f42b373ee1b9e5871472d903ccda Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 15 Nov 2024 18:18:25 +0100 Subject: [PATCH] Minor patch (e.g. --sql-query=SELECT 'a','b','c') --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/generic/custom.py | 8 ++++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 069a79d51..6c38f6ff6 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profi 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -f9b5c2156613960f23c4460ce714e4fd105d4a21eaad0c02fca330286f866b48 lib/core/settings.py +43bcfd3c7edeaf35e7186ac106abaca93cd19f3e941aa7978dd213b0d30bfda0 lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py @@ -460,7 +460,7 @@ acc41465f146d2611fca5a84bd8896bc0ccd2b032b8938357aea3e5b173a5a10 plugins/dbms/v 3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49 plugins/dbms/virtuoso/syntax.py 7ac6006e0fc6da229c37fbce39a1406022e5fcc4cac5209814fa20818b8c031a plugins/dbms/virtuoso/takeover.py e6dfaab13d9f98ccffdc70dd46800ca2d61519731d10a267bc82f9fb82cd504d plugins/generic/connector.py -664be8bb4157452f2e40c4f98a359e26b559d7ef4f4148564cb8533b5ebf7d54 plugins/generic/custom.py +4e150d82261308071180fe3595c2dbd777c1a3c58a6b71352df11f96db0b846e plugins/generic/custom.py 3d118a7ddb1604a9f86826118cfbae4ab0b83f6e9bef9c6d1c7e77d3da6acf67 plugins/generic/databases.py 96924a13d7bf0ed8056dc70f10593e9253750a3d83e9a9c9656c3d1527eda344 plugins/generic/entries.py a734d74599761cd1cf7d49c88deeb121ea57d80c2f0447e361a4e3a737154c0e plugins/generic/enumeration.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 4093127cd..725ffb487 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.8.11.4" +VERSION = "1.8.11.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index dbfd589dc..308f7b887 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -13,7 +13,9 @@ import sys from lib.core.common import Backend from lib.core.common import dataToStdout from lib.core.common import getSQLSnippet +from lib.core.common import isListLike from lib.core.common import isStackingAvailable +from lib.core.common import joinValue from lib.core.convert import getUnicode from lib.core.data import conf from lib.core.data import logger @@ -41,6 +43,7 @@ class Custom(object): sqlType = None query = query.rstrip(';') + try: for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): for sqlStatement in sqlStatements: @@ -61,6 +64,11 @@ class Custom(object): output = inject.getValue(query, fromUser=True) + if "SELECT" in sqlType and isListLike(output): + for i in xrange(len(output)): + if isListLike(output[i]): + output[i] = joinValue(output[i]) + return output elif not isStackingAvailable() and not conf.direct: warnMsg = "execution of non-query SQL statements is only "