mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Another update related to the #1539
This commit is contained in:
parent
c1e3431877
commit
94639d11a3
|
@ -37,6 +37,7 @@ from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
|
||||||
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
|
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
|
||||||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||||
|
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
|
||||||
from lib.core.settings import GENERIC_SQL_COMMENT
|
from lib.core.settings import GENERIC_SQL_COMMENT
|
||||||
from lib.core.settings import PAYLOAD_DELIMITER
|
from lib.core.settings import PAYLOAD_DELIMITER
|
||||||
from lib.core.settings import REPLACEMENT_MARKER
|
from lib.core.settings import REPLACEMENT_MARKER
|
||||||
|
@ -400,7 +401,10 @@ class Agent(object):
|
||||||
nulledCastedField = field
|
nulledCastedField = field
|
||||||
else:
|
else:
|
||||||
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
|
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
|
||||||
nulledCastedField = rootQuery.cast.query % field
|
if Backend.isDbms(DBMS.MYSQL):
|
||||||
|
nulledCastedField = rootQuery.cast.query.replace(")", " CHARACTER SET %s)") % (field, DEFAULT_MYSQL_CHARACTER_SET)
|
||||||
|
else:
|
||||||
|
nulledCastedField = rootQuery.cast.query % field
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
|
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
|
||||||
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
|
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -224,6 +224,10 @@ HOST_ALIASES = ("host",)
|
||||||
|
|
||||||
HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
|
HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
|
||||||
|
|
||||||
|
# Default character set used in MySQL
|
||||||
|
# Reference: http://pieroxy.net/blog/2013/05/28/mysql_charset_hell.html
|
||||||
|
DEFAULT_MYSQL_CHARACTER_SET = "latin1"
|
||||||
|
|
||||||
# Names that can't be used to name files on Windows OS
|
# Names that can't be used to name files on Windows OS
|
||||||
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
|
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
import threading
|
import threading
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from extra.safe2bin.safe2bin import safechardecode
|
||||||
from extra.safe2bin.safe2bin import safecharencode
|
from extra.safe2bin.safe2bin import safecharencode
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
|
@ -18,6 +19,7 @@ from lib.core.common import decodeIntToUnicode
|
||||||
from lib.core.common import filterControlChars
|
from lib.core.common import filterControlChars
|
||||||
from lib.core.common import getCharset
|
from lib.core.common import getCharset
|
||||||
from lib.core.common import getCounter
|
from lib.core.common import getCounter
|
||||||
|
from lib.core.common import getUnicode
|
||||||
from lib.core.common import goGoodSamaritan
|
from lib.core.common import goGoodSamaritan
|
||||||
from lib.core.common import getPartRun
|
from lib.core.common import getPartRun
|
||||||
from lib.core.common import hashDBRetrieve
|
from lib.core.common import hashDBRetrieve
|
||||||
|
@ -35,6 +37,7 @@ from lib.core.enums import DBMS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.exception import SqlmapThreadException
|
from lib.core.exception import SqlmapThreadException
|
||||||
from lib.core.settings import CHAR_INFERENCE_MARK
|
from lib.core.settings import CHAR_INFERENCE_MARK
|
||||||
|
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
|
||||||
from lib.core.settings import INFERENCE_BLANK_BREAK
|
from lib.core.settings import INFERENCE_BLANK_BREAK
|
||||||
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
||||||
from lib.core.settings import INFERENCE_GREATER_CHAR
|
from lib.core.settings import INFERENCE_GREATER_CHAR
|
||||||
|
@ -589,6 +592,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
raise KeyboardInterrupt
|
raise KeyboardInterrupt
|
||||||
|
|
||||||
_ = finalValue or partialValue
|
_ = finalValue or partialValue
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MYSQL) and safechardecode(_) != _:
|
||||||
|
_ = getUnicode(safechardecode(_).encode(DEFAULT_MYSQL_CHARACTER_SET))
|
||||||
|
|
||||||
return getCounter(kb.technique), safecharencode(_) if kb.safeCharEncode else _
|
return getCounter(kb.technique), safecharencode(_) if kb.safeCharEncode else _
|
||||||
|
|
||||||
def queryOutputLength(expression, payload):
|
def queryOutputLength(expression, payload):
|
||||||
|
|
|
@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
import binascii
|
import binascii
|
||||||
|
|
||||||
from lib.core.convert import utf8encode
|
from lib.core.convert import utf8encode
|
||||||
|
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
|
||||||
from plugins.generic.syntax import Syntax as GenericSyntax
|
from plugins.generic.syntax import Syntax as GenericSyntax
|
||||||
|
|
||||||
class Syntax(GenericSyntax):
|
class Syntax(GenericSyntax):
|
||||||
|
@ -26,7 +27,7 @@ class Syntax(GenericSyntax):
|
||||||
try:
|
try:
|
||||||
retVal = "0x%s" % binascii.hexlify(value)
|
retVal = "0x%s" % binascii.hexlify(value)
|
||||||
except UnicodeEncodeError:
|
except UnicodeEncodeError:
|
||||||
retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))
|
retVal = "CONVERT(0x%s USING %s)" % ("".join("%.2x" % ord(_) for _ in utf8encode(value)), DEFAULT_MYSQL_CHARACTER_SET)
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
return Syntax._escape(expression, quote, escaper)
|
return Syntax._escape(expression, quote, escaper)
|
||||||
|
|
|
@ -31,6 +31,7 @@ class Enumeration(Custom, Databases, Entries, Search, Users):
|
||||||
kb.data.banner = None
|
kb.data.banner = None
|
||||||
kb.data.hostname = ""
|
kb.data.hostname = ""
|
||||||
kb.data.processChar = None
|
kb.data.processChar = None
|
||||||
|
kb.data.characterSet = None
|
||||||
|
|
||||||
Custom.__init__(self)
|
Custom.__init__(self)
|
||||||
Databases.__init__(self)
|
Databases.__init__(self)
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<root>
|
<root>
|
||||||
<!-- MySQL -->
|
<!-- MySQL -->
|
||||||
<dbms value="MySQL">
|
<dbms value="MySQL">
|
||||||
<cast query="CAST(%s AS CHAR CHARACTER SET latin1)"/>
|
<cast query="CAST(%s AS CHAR)"/>
|
||||||
<length query="CHAR_LENGTH(%s)"/>
|
<length query="CHAR_LENGTH(%s)"/>
|
||||||
<isnull query="IFNULL(%s,' ')"/>
|
<isnull query="IFNULL(%s,' ')"/>
|
||||||
<delimiter query=","/>
|
<delimiter query=","/>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user