sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Another update related to the #1539

Browse Source
This commit is contained in:
Miroslav Stampar 2015-11-16 15:33:05 +01:00
parent c1e3431877
commit 94639d11a3
6 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@ -37,6 +37,7 @@ from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
from lib.core.settings import GENERIC_SQL_COMMENT from lib.core.settings import GENERIC_SQL_COMMENT
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import REPLACEMENT_MARKER from lib.core.settings import REPLACEMENT_MARKER
@ -400,7 +401,10 @@ class Agent(object):
nulledCastedField = field nulledCastedField = field
else: else:
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')): if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
nulledCastedField = rootQuery.cast.query % field if Backend.isDbms(DBMS.MYSQL):
nulledCastedField = rootQuery.cast.query.replace(")", " CHARACTER SET %s)") % (field, DEFAULT_MYSQL_CHARACTER_SET)
else:
nulledCastedField = rootQuery.cast.query % field
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,): if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField) nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
else: else:

4
lib/core/settings.py
View File

@ -224,6 +224,10 @@ HOST_ALIASES = ("host",)
HSQLDB_DEFAULT_SCHEMA = "PUBLIC" HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
# Default character set used in MySQL
# Reference: http://pieroxy.net/blog/2013/05/28/mysql_charset_hell.html
DEFAULT_MYSQL_CHARACTER_SET = "latin1"
# Names that can't be used to name files on Windows OS # Names that can't be used to name files on Windows OS
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9") WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

7
lib/techniques/blind/inference.py
View File

@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
import threading import threading
import time import time
from extra.safe2bin.safe2bin import safechardecode
from extra.safe2bin.safe2bin import safecharencode from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import Backend from lib.core.common import Backend
@ -18,6 +19,7 @@ from lib.core.common import decodeIntToUnicode
from lib.core.common import filterControlChars from lib.core.common import filterControlChars
from lib.core.common import getCharset from lib.core.common import getCharset
from lib.core.common import getCounter from lib.core.common import getCounter
from lib.core.common import getUnicode
from lib.core.common import goGoodSamaritan from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun from lib.core.common import getPartRun
from lib.core.common import hashDBRetrieve from lib.core.common import hashDBRetrieve
@ -35,6 +37,7 @@ from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import SqlmapThreadException from lib.core.exception import SqlmapThreadException
from lib.core.settings import CHAR_INFERENCE_MARK from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
from lib.core.settings import INFERENCE_BLANK_BREAK from lib.core.settings import INFERENCE_BLANK_BREAK
from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import INFERENCE_GREATER_CHAR from lib.core.settings import INFERENCE_GREATER_CHAR
@ -589,6 +592,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
raise KeyboardInterrupt raise KeyboardInterrupt
_ = finalValue or partialValue _ = finalValue or partialValue
if Backend.isDbms(DBMS.MYSQL) and safechardecode(_) != _:
_ = getUnicode(safechardecode(_).encode(DEFAULT_MYSQL_CHARACTER_SET))
return getCounter(kb.technique), safecharencode(_) if kb.safeCharEncode else _ return getCounter(kb.technique), safecharencode(_) if kb.safeCharEncode else _
def queryOutputLength(expression, payload): def queryOutputLength(expression, payload):

3
plugins/dbms/mysql/syntax.py
View File

@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
import binascii import binascii
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -26,7 +27,7 @@ class Syntax(GenericSyntax):
try: try:
retVal = "0x%s" % binascii.hexlify(value) retVal = "0x%s" % binascii.hexlify(value)
except UnicodeEncodeError: except UnicodeEncodeError:
retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value)) retVal = "CONVERT(0x%s USING %s)" % ("".join("%.2x" % ord(_) for _ in utf8encode(value)), DEFAULT_MYSQL_CHARACTER_SET)
return retVal return retVal
return Syntax._escape(expression, quote, escaper) return Syntax._escape(expression, quote, escaper)

1
plugins/generic/enumeration.py
View File

@ -31,6 +31,7 @@ class Enumeration(Custom, Databases, Entries, Search, Users):
kb.data.banner = None kb.data.banner = None
kb.data.hostname = "" kb.data.hostname = ""
kb.data.processChar = None kb.data.processChar = None
kb.data.characterSet = None
Custom.__init__(self) Custom.__init__(self)
Databases.__init__(self) Databases.__init__(self)

2
xml/queries.xml
View File

@ -3,7 +3,7 @@
<root> <root>
<!-- MySQL --> <!-- MySQL -->
<dbms value="MySQL"> <dbms value="MySQL">
<cast query="CAST(%s AS CHAR CHARACTER SET latin1)"/> <cast query="CAST(%s AS CHAR)"/>
<length query="CHAR_LENGTH(%s)"/> <length query="CHAR_LENGTH(%s)"/>
<isnull query="IFNULL(%s,' ')"/> <isnull query="IFNULL(%s,' ')"/>
<delimiter query=","/> <delimiter query=","/>