mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 05:01:32 +03:00 
			
		
		
		
	Fix for an Issue #110
This commit is contained in:
		
							parent
							
								
									5bf8600be3
								
							
						
					
					
						commit
						95e0d46e3e
					
				|  | @ -313,7 +313,8 @@ class Agent: | |||
| 
 | ||||
|         rootQuery = queries[Backend.getIdentifiedDbms()] | ||||
| 
 | ||||
|         if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast: | ||||
|         if field.startswith("(CASE") or field.startswith("(IIF") or\ | ||||
|           conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'): | ||||
|             nulledCastedField = field | ||||
|         else: | ||||
|             nulledCastedField = rootQuery.cast.query % field | ||||
|  |  | |||
|  | @ -5,6 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) | |||
| See the file 'doc/COPYING' for copying permission | ||||
| """ | ||||
| 
 | ||||
| import binascii | ||||
| import re | ||||
| 
 | ||||
| from lib.core.common import isDBMSVersionAtLeast | ||||
| from lib.core.exception import sqlmapSyntaxException | ||||
| from plugins.generic.syntax import Syntax as GenericSyntax | ||||
|  | @ -15,36 +18,16 @@ class Syntax(GenericSyntax): | |||
| 
 | ||||
|     @staticmethod | ||||
|     def unescape(expression, quote=True): | ||||
|         unescaped = expression | ||||
| 
 | ||||
|         if isDBMSVersionAtLeast('3'): | ||||
|             if quote: | ||||
|                 expression = expression.replace("'", "''") | ||||
|                 while True: | ||||
|                     index = expression.find("''") | ||||
|                     if index == -1: | ||||
|                         break | ||||
| 
 | ||||
|                     firstIndex = index + 2 | ||||
|                     index = expression[firstIndex:].find("''") | ||||
| 
 | ||||
|                     if index == -1: | ||||
|                         raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'") | ||||
| 
 | ||||
|                     lastIndex = firstIndex + index | ||||
|                     old = "''%s''" % expression[firstIndex:lastIndex] | ||||
|                     unescaped = "" | ||||
| 
 | ||||
|                     for i in xrange(firstIndex, lastIndex): | ||||
|                         unescaped += "X'%x'" % ord(expression[i]) | ||||
|                         if i < lastIndex - 1: | ||||
|                             unescaped += "||" | ||||
| 
 | ||||
|                     #unescaped += ")" | ||||
|                     expression = expression.replace(old, unescaped) | ||||
|                 expression = expression.replace("''", "'") | ||||
|                 for item in re.findall(r"'[^']+'", expression, re.S): | ||||
|                     unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'"))) | ||||
|             else: | ||||
|                 expression = "||".join("X'%x" % ord(c) for c in expression) | ||||
|                 unescaped = "X'%s'" % binascii.hexlify(expression) | ||||
| 
 | ||||
|         return expression | ||||
|         return unescaped | ||||
| 
 | ||||
|     @staticmethod | ||||
|     def escape(expression): | ||||
|  |  | |||
|  | @ -306,6 +306,7 @@ | |||
|     <!-- SQLite --> | ||||
|     <dbms value="SQLite"> | ||||
|         <cast query="CAST(%s AS VARCHAR(8000))" dbms_version=">=3.0"/> | ||||
|         <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) --> | ||||
|         <length query="LENGTH(%s)"/> | ||||
|         <isnull query="IFNULL(%s,' ')" dbms_version=">=3.0"/> | ||||
|         <delimiter query="||"/> | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user