From 96b9950f960d833cec75091b986dfdc0e6e78a71 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 5 Sep 2017 13:13:08 +0200
Subject: [PATCH] Fixes #2684

---
 lib/core/convert.py                    |  4 ++--
 lib/core/settings.py                   |  2 +-
 lib/takeover/web.py                    |  2 +-
 lib/takeover/xp_cmdshell.py            |  2 +-
 plugins/dbms/mssqlserver/filesystem.py |  2 +-
 plugins/generic/users.py               |  2 +-
 txt/checksum.md5                       | 12 ++++++------
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index 31834fb6f..c40db8ec6 100755
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -110,7 +110,7 @@ def hexdecode(value):
     value = value.lower()
     return (value[2:] if value.startswith("0x") else value).decode("hex")
 
-def hexencode(value):
+def hexencode(value, encoding=None):
     """
     Encodes string value from plain to hex format
 
@@ -118,7 +118,7 @@ def hexencode(value):
     '666f6f626172'
     """
 
-    return unicodeencode(value, conf.charset or UNICODE_ENCODING).encode("hex")
+    return unicodeencode(value, encoding).encode("hex")
 
 def unicodeencode(value, encoding=None):
     """
diff --git a/lib/core/settings.py b/lib/core/settings.py
index c7ac1c011..4ba808059 100755
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.9.5"
+VERSION = "1.1.9.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index d19724ca6..5dab222f4 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -144,7 +144,7 @@ class Web:
                 randInt = randomInt()
                 query += "OR %d=%d " % (randInt, randInt)
 
-        query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery))
+        query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery, conf.charset))
         query = agent.prefixQuery(query)
         query = agent.suffixQuery(query)
         payload = agent.payload(newValue=query)
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 6c9fd6928..dabad3b60 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -163,7 +163,7 @@ class XP_cmdshell:
         # Obfuscate the command to execute, also useful to bypass filters
         # on single-quotes
         self._randStr = randomStr(lowercase=True)
-        self._cmd = "0x%s" % hexencode(cmd)
+        self._cmd = "0x%s" % hexencode(cmd, conf.charset)
         self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr
         self._forgedCmd += "SET @%s=%s;" % (self._randStr, self._cmd)
 
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
index 9d1edf9b8..88fcb4df4 100644
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -46,7 +46,7 @@ class Filesystem(GenericFilesystem):
             scrString = ""
 
             for lineChar in fileContent[fileLine:fileLine + lineLen]:
-                strLineChar = hexencode(lineChar)
+                strLineChar = hexencode(lineChar, conf.charset)
 
                 if not scrString:
                     scrString = "e %x %s" % (lineAddr, strLineChar)
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index a6c8be7c7..deb0a4795 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -235,7 +235,7 @@ class Users:
 
                 if retVal:
                     for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
-                        password = "0x%s" % hexencode(password).upper()
+                        password = "0x%s" % hexencode(password, conf.charset).upper()
 
                         if user not in kb.data.cachedUsersPasswords:
                             kb.data.cachedUsersPasswords[user] = [password]
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 50a8dd5cc..5bc11d1a1 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -28,7 +28,7 @@ a66093c734c7f94ecdf94d882c2d8b89  lib/controller/controller.py
 9f1adb993f66da030a4168571978e6fa  lib/core/agent.py
 6cc95a117fbd34ef31b9aa25520f0e31  lib/core/bigarray.py
 55e0317b8bacce94bd6edb1a644e6b4d  lib/core/common.py
-8fb2c878ffa7e965f1c8ad9beb08d162  lib/core/convert.py
+9edefb92b0b9cad862543fcd587aaa66  lib/core/convert.py
 a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 7936d78b1a7f1f008ff92bf2f88574ba  lib/core/datatype.py
 36c85e9ef109c5b4af3ca9bb1065ef1f  lib/core/decorators.py
@@ -46,7 +46,7 @@ c5f09788ee8ff9c9d12a052986875bc6  lib/core/option.py
 d8e9250f3775119df07e9070eddccd16  lib/core/replication.py
 785f86e3f963fa3798f84286a4e83ff2  lib/core/revision.py
 40c80b28b3a5819b737a5a17d4565ae9  lib/core/session.py
-a0b1a886a56435e4d65f515e0c1b41ab  lib/core/settings.py
+bf779ecbf40936813aa9d4602dd855ba  lib/core/settings.py
 d91291997d2bd2f6028aaf371bf1d3b6  lib/core/shell.py
 2ad85c130cc5f2b3701ea85c2f6bbf20  lib/core/subprocessng.py
 1576b63db3261e2afd5459189abf967b  lib/core/target.py
@@ -85,8 +85,8 @@ c6bc7961a186baabe0a9f5b7e0d8974b  lib/takeover/icmpsh.py
 c90c993b020a6ae0f0e497fd84f37466  lib/takeover/metasploit.py
 ac541a0d38e4ecb4e41e97799a7235f4  lib/takeover/registry.py
 ff1af7f85fdf4f2a5369f2927d149824  lib/takeover/udf.py
-261c03b06ad74eb0b594c8ade5039bdc  lib/takeover/web.py
-604b087dc52dbcb4c3938ad1bf63829c  lib/takeover/xp_cmdshell.py
+8ecd543e41709ff48e0ff7bed0f2a5a9  lib/takeover/web.py
+9aa222e644db8d129b65ff2f119fc7f5  lib/takeover/xp_cmdshell.py
 201e7e69f9161dfa3aa10d83f690a488  lib/techniques/blind/inference.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/blind/__init__.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/dns/__init__.py
@@ -161,7 +161,7 @@ e6036f5b2e39aec37ba036a8cf0efd6f  plugins/dbms/maxdb/syntax.py
 0be362015605e26551e5d79cc83ed466  plugins/dbms/maxdb/takeover.py
 9b3a681ff4087824fb43e23679057fa3  plugins/dbms/mssqlserver/connector.py
 b8de437eaa3e05c3db666968b7d142e4  plugins/dbms/mssqlserver/enumeration.py
-5de6074ee2f7dc5b04b70307d36dbe1d  plugins/dbms/mssqlserver/filesystem.py
+2129d6c7af5b40a58fe71f8bb49eb80b  plugins/dbms/mssqlserver/filesystem.py
 5207943c31e166a70d5fc7cec8b5ef18  plugins/dbms/mssqlserver/fingerprint.py
 40bd890988f9acd3942255d687445371  plugins/dbms/mssqlserver/__init__.py
 400ce654ff6bc57a40fb291322a18282  plugins/dbms/mssqlserver/syntax.py
@@ -213,7 +213,7 @@ f700954549ad8ebf77f5187262fb9af0  plugins/generic/connector.py
 070f58c52e2a04e7a9896b42b2d17dc2  plugins/generic/search.py
 562cfa80a15d5f7f1d52e10c5736d7e2  plugins/generic/syntax.py
 fca9946e960942cc9b22ef26e12b8b3a  plugins/generic/takeover.py
-f97b84b8dcbe80b2d86bc26829aed23b  plugins/generic/users.py
+841c785748c22ad0f5e7af2f5cf7fd6e  plugins/generic/users.py
 310efc965c862cfbd7b0da5150a5ad36  plugins/__init__.py
 b04db3e861edde1f9dd0a3850d5b96c8  shell/backdoor.asp_
 158bfa168128393dde8d6ed11fe9a1b8  shell/backdoor.aspx_