Fix for an Issue #110

2024-11-25 02:53:46 +03:00 · 2012-07-21 09:15:54 +02:00 · 2012-07-21 09:15:54 +02:00 · 95e0d46e3e
commit 95e0d46e3e
parent 5bf8600be3
3 changed files with 12 additions and 27 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -313,7 +313,8 @@ class Agent:

        rootQuery = queries[Backend.getIdentifiedDbms()]

-        if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
+        if field.startswith("(CASE") or field.startswith("(IIF") or\
+          conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'):
            nulledCastedField = field
        else:
            nulledCastedField = rootQuery.cast.query % field
--- a/plugins/dbms/sqlite/syntax.py
+++ b/plugins/dbms/sqlite/syntax.py
@ -5,6 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import binascii
+import re
+
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.exception import sqlmapSyntaxException
 from plugins.generic.syntax import Syntax as GenericSyntax
@ -15,36 +18,16 @@ class Syntax(GenericSyntax):

    @staticmethod
    def unescape(expression, quote=True):
+        unescaped = expression
+
        if isDBMSVersionAtLeast('3'):
            if quote:
-                expression = expression.replace("'", "''")
-                while True:
-                    index = expression.find("''")
-                    if index == -1:
-                        break
-
-                    firstIndex = index + 2
-                    index = expression[firstIndex:].find("''")
-
-                    if index == -1:
-                        raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
-
-                    lastIndex = firstIndex + index
-                    old = "''%s''" % expression[firstIndex:lastIndex]
-                    unescaped = ""
-
-                    for i in xrange(firstIndex, lastIndex):
-                        unescaped += "X'%x'" % ord(expression[i])
-                        if i < lastIndex - 1:
-                            unescaped += "||"
-
-                    #unescaped += ")"
-                    expression = expression.replace(old, unescaped)
-                expression = expression.replace("''", "'")
+                for item in re.findall(r"'[^']+'", expression, re.S):
+                    unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'")))
            else:
-                expression = "||".join("X'%x" % ord(c) for c in expression)
+                unescaped = "X'%s'" % binascii.hexlify(expression)

-        return expression
+        return unescaped

    @staticmethod
    def escape(expression):
--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -306,6 +306,7 @@
    <!-- SQLite -->
    <dbms value="SQLite">
        <cast query="CAST(%s AS VARCHAR(8000))" dbms_version="&gt;=3.0"/>
+        <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->
        <length query="LENGTH(%s)"/>
        <isnull query="IFNULL(%s,' ')" dbms_version="&gt;=3.0"/>
        <delimiter query="||"/>