From 95e0d46e3e710b70b45a481b3c736da839eefda1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 21 Jul 2012 09:15:54 +0200 Subject: [PATCH] Fix for an Issue #110 --- lib/core/agent.py | 3 ++- plugins/dbms/sqlite/syntax.py | 35 +++++++++-------------------------- xml/queries.xml | 1 + 3 files changed, 12 insertions(+), 27 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 3f7f18552..bd6404456 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -313,7 +313,8 @@ class Agent: rootQuery = queries[Backend.getIdentifiedDbms()] - if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast: + if field.startswith("(CASE") or field.startswith("(IIF") or\ + conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'): nulledCastedField = field else: nulledCastedField = rootQuery.cast.query % field diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py index 9524100c0..794ac25fc 100644 --- a/plugins/dbms/sqlite/syntax.py +++ b/plugins/dbms/sqlite/syntax.py @@ -5,6 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import binascii +import re + from lib.core.common import isDBMSVersionAtLeast from lib.core.exception import sqlmapSyntaxException from plugins.generic.syntax import Syntax as GenericSyntax @@ -15,36 +18,16 @@ class Syntax(GenericSyntax): @staticmethod def unescape(expression, quote=True): + unescaped = expression + if isDBMSVersionAtLeast('3'): if quote: - expression = expression.replace("'", "''") - while True: - index = expression.find("''") - if index == -1: - break - - firstIndex = index + 2 - index = expression[firstIndex:].find("''") - - if index == -1: - raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'") - - lastIndex = firstIndex + index - old = "''%s''" % expression[firstIndex:lastIndex] - unescaped = "" - - for i in xrange(firstIndex, lastIndex): - unescaped += "X'%x'" % ord(expression[i]) - if i < lastIndex - 1: - unescaped += "||" - - #unescaped += ")" - expression = expression.replace(old, unescaped) - expression = expression.replace("''", "'") + for item in re.findall(r"'[^']+'", expression, re.S): + unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'"))) else: - expression = "||".join("X'%x" % ord(c) for c in expression) + unescaped = "X'%s'" % binascii.hexlify(expression) - return expression + return unescaped @staticmethod def escape(expression): diff --git a/xml/queries.xml b/xml/queries.xml index e78c7a77c..241f5aafb 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -306,6 +306,7 @@ +