mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Couple of important patches
This commit is contained in:
Miroslav Stampar
parent
fddc818764
commit
c1f98d07c1
|
|
@ -3,7 +3,8 @@
|
||||||
<root>
|
<root>
|
||||||
<!-- MySQL -->
|
<!-- MySQL -->
|
||||||
<dbms value="MySQL">
|
<dbms value="MySQL">
|
||||||
<cast query="CAST(%s AS CHAR)"/>
|
<!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html -->
|
||||||
|
<cast query="CAST(%s AS NCHAR)"/>
|
||||||
<length query="CHAR_LENGTH(%s)"/>
|
<length query="CHAR_LENGTH(%s)"/>
|
||||||
<isnull query="IFNULL(%s,' ')"/>
|
<isnull query="IFNULL(%s,' ')"/>
|
||||||
<delimiter query=","/>
|
<delimiter query=","/>
|
||||||
|
|
@ -242,6 +243,9 @@
|
||||||
<concatenate query="%s||%s"/>
|
<concatenate query="%s||%s"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<hex query="RAWTOHEX(%s)"/>
|
<hex query="RAWTOHEX(%s)"/>
|
||||||
|
<!--
|
||||||
|
NOTE: ASCIISTR (https://www.techonthenet.com/oracle/functions/asciistr.php)
|
||||||
|
-->
|
||||||
<inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/>
|
<inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/>
|
||||||
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
||||||
<current_user query="SELECT USER FROM DUAL"/>
|
<current_user query="SELECT USER FROM DUAL"/>
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,9 @@ import sys
|
||||||
import threading
|
import threading
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
if sys.version_info >= (3, 0):
|
PY3 = sys.version_info >= (3, 0)
|
||||||
|
|
||||||
|
if PY3:
|
||||||
from http.client import INTERNAL_SERVER_ERROR
|
from http.client import INTERNAL_SERVER_ERROR
|
||||||
from http.client import NOT_FOUND
|
from http.client import NOT_FOUND
|
||||||
from http.client import OK
|
from http.client import OK
|
||||||
|
|
@ -169,7 +171,7 @@ class ReqHandler(BaseHTTPRequestHandler):
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
else:
|
else:
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
self.wfile.write(output.encode("utf8"))
|
self.wfile.write(output.encode("utf8") if PY3 else output)
|
||||||
else:
|
else:
|
||||||
self.send_response(NOT_FOUND)
|
self.send_response(NOT_FOUND)
|
||||||
self.send_header("Connection", "close")
|
self.send_header("Connection", "close")
|
||||||
|
|
|
||||||
|
|
@ -3617,16 +3617,20 @@ def decodeIntToUnicode(value):
|
||||||
try:
|
try:
|
||||||
if value > 255:
|
if value > 255:
|
||||||
_ = "%x" % value
|
_ = "%x" % value
|
||||||
|
|
||||||
if len(_) % 2 == 1:
|
if len(_) % 2 == 1:
|
||||||
_ = "0%s" % _
|
_ = "0%s" % _
|
||||||
|
|
||||||
raw = decodeHex(_)
|
raw = decodeHex(_)
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.MYSQL):
|
if Backend.isDbms(DBMS.MYSQL):
|
||||||
|
# Reference: https://dev.mysql.com/doc/refman/8.0/en/string-functions.html#function_ord
|
||||||
# Note: https://github.com/sqlmapproject/sqlmap/issues/1531
|
# Note: https://github.com/sqlmapproject/sqlmap/issues/1531
|
||||||
retVal = getUnicode(raw, conf.encoding or UNICODE_ENCODING)
|
retVal = getUnicode(raw, conf.encoding or UNICODE_ENCODING)
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
retVal = getUnicode(raw, "UTF-16-BE") # References: https://docs.microsoft.com/en-us/sql/relational-databases/collations/collation-and-unicode-support?view=sql-server-2017 and https://stackoverflow.com/a/14488478
|
# Reference: https://docs.microsoft.com/en-us/sql/relational-databases/collations/collation-and-unicode-support?view=sql-server-2017 and https://stackoverflow.com/a/14488478
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE):
|
retVal = getUnicode(raw, "UTF-16-BE")
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): # Note: cases with Unicode code points (e.g. http://www.postgresqltutorial.com/postgresql-ascii/)
|
||||||
retVal = _unichr(value)
|
retVal = _unichr(value)
|
||||||
else:
|
else:
|
||||||
retVal = getUnicode(raw, conf.encoding)
|
retVal = getUnicode(raw, conf.encoding)
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.11.114"
|
VERSION = "1.3.11.115"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,8 @@ def vulnTest():
|
||||||
"""
|
"""
|
||||||
|
|
||||||
TESTS = (
|
TESTS = (
|
||||||
|
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'",)),
|
||||||
|
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape", (u": '\u0161u\u0107uraj'",)),
|
||||||
("--list-tampers", ("between", "MySQL", "xforwardedfor")),
|
("--list-tampers", ("between", "MySQL", "xforwardedfor")),
|
||||||
("-r <request> --flush-session -v 5", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar")),
|
("-r <request> --flush-session -v 5", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar")),
|
||||||
("-l <log> --flush-session --skip-waf -v 3 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell")),
|
("-l <log> --flush-session --skip-waf -v 3 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell")),
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,10 @@ See the file 'LICENSE' for copying permission
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
|
||||||
|
from lib.core.common import Backend
|
||||||
from lib.core.convert import getBytes
|
from lib.core.convert import getBytes
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
from lib.core.enums import DBMS
|
||||||
from lib.core.exception import SqlmapUndefinedMethod
|
from lib.core.exception import SqlmapUndefinedMethod
|
||||||
|
|
||||||
class Syntax(object):
|
class Syntax(object):
|
||||||
|
|
@ -31,7 +33,7 @@ class Syntax(object):
|
||||||
|
|
||||||
if replacement != original:
|
if replacement != original:
|
||||||
retVal = retVal.replace(item, replacement)
|
retVal = retVal.replace(item, replacement)
|
||||||
elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal:
|
elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):
|
||||||
retVal = retVal.replace("'%s'" % original, "n'%s'" % original)
|
retVal = retVal.replace("'%s'" % original, "n'%s'" % original)
|
||||||
else:
|
else:
|
||||||
retVal = escaper(expression)
|
retVal = escaper(expression)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user