mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Fix for an Issue #110
This commit is contained in:
parent
5bf8600be3
commit
95e0d46e3e
|
@ -313,7 +313,8 @@ class Agent:
|
|||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()]
|
||||
|
||||
if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
|
||||
if field.startswith("(CASE") or field.startswith("(IIF") or\
|
||||
conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'):
|
||||
nulledCastedField = field
|
||||
else:
|
||||
nulledCastedField = rootQuery.cast.query % field
|
||||
|
|
|
@ -5,6 +5,9 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import binascii
|
||||
import re
|
||||
|
||||
from lib.core.common import isDBMSVersionAtLeast
|
||||
from lib.core.exception import sqlmapSyntaxException
|
||||
from plugins.generic.syntax import Syntax as GenericSyntax
|
||||
|
@ -15,36 +18,16 @@ class Syntax(GenericSyntax):
|
|||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
unescaped = expression
|
||||
|
||||
if isDBMSVersionAtLeast('3'):
|
||||
if quote:
|
||||
expression = expression.replace("'", "''")
|
||||
while True:
|
||||
index = expression.find("''")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index + 2
|
||||
index = expression[firstIndex:].find("''")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
|
||||
|
||||
lastIndex = firstIndex + index
|
||||
old = "''%s''" % expression[firstIndex:lastIndex]
|
||||
unescaped = ""
|
||||
|
||||
for i in xrange(firstIndex, lastIndex):
|
||||
unescaped += "X'%x'" % ord(expression[i])
|
||||
if i < lastIndex - 1:
|
||||
unescaped += "||"
|
||||
|
||||
#unescaped += ")"
|
||||
expression = expression.replace(old, unescaped)
|
||||
expression = expression.replace("''", "'")
|
||||
for item in re.findall(r"'[^']+'", expression, re.S):
|
||||
unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'")))
|
||||
else:
|
||||
expression = "||".join("X'%x" % ord(c) for c in expression)
|
||||
unescaped = "X'%s'" % binascii.hexlify(expression)
|
||||
|
||||
return expression
|
||||
return unescaped
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
|
|
|
@ -306,6 +306,7 @@
|
|||
<!-- SQLite -->
|
||||
<dbms value="SQLite">
|
||||
<cast query="CAST(%s AS VARCHAR(8000))" dbms_version=">=3.0"/>
|
||||
<!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->
|
||||
<length query="LENGTH(%s)"/>
|
||||
<isnull query="IFNULL(%s,' ')" dbms_version=">=3.0"/>
|
||||
<delimiter query="||"/>
|
||||
|
|
Loading…
Reference in New Issue
Block a user