From 8e9f7e90c34d8ef8a615ceca78982d2e595874c1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 27 Oct 2020 15:12:42 +0100 Subject: [PATCH] Fixes #4404 --- lib/core/settings.py | 2 +- lib/techniques/union/use.py | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 57124f112..09ae92e9d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.10.21" +VERSION = "1.4.10.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 8c2991bde..3539cb806 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -137,9 +137,14 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): elif kb.jsonAggMode: output = extractRegexResult(r"(?P%s.*?%s)" % (kb.chars.start, kb.chars.stop), page or "") if output: - retVal = "" - for row in json.loads(output[len(kb.chars.start):-len(kb.chars.stop)]): - retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop) + try: + retVal = "" + for row in json.loads(output[len(kb.chars.start):-len(kb.chars.stop)]): + retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop) + except: + pass + else: + retVal = getUnicode(retVal) else: # Parse the returned page to get the exact UNION-based # SQL injection output