sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

added support for handling binary data values (no more garbish chars)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-04-09 23:13:16 +00:00
parent 4ad73f9263
commit c714ac6421
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/common.py
View File

@ -2524,4 +2524,7 @@ def getSafeHexEncodedBinaryData(value):
retVal = value
if isinstance(value, basestring):
retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%x' % ord(y)), value, unicode())
elif isinstance(value, list):
for i in xrange(len(value)):
retVal[i] = getSafeHexEncodedBinaryData(value[i])
return retVal

6
lib/request/inject.py
View File

@ -17,6 +17,7 @@ from lib.core.common import cleanQuery
from lib.core.common import dataToSessionFile
from lib.core.common import expandAsteriskForColumns
from lib.core.common import getPublicTypeMembers
from lib.core.common import getSafeHexEncodedBinaryData
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@ -387,7 +388,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
return data
def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False):
def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeHexEncode=True):
"""
Called each time sqlmap inject a SQL query on the SQL injection
affected parameter. It can call a function to retrieve the output
@ -493,6 +494,9 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
elif value == [None]:
value = None
if safeHexEncode:
value = getSafeHexEncodedBinaryData(value)
return value
def goStacked(expression, silent=False):

2
plugins/generic/enumeration.py
View File

@ -252,7 +252,7 @@ class Enumeration:
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=False)
if retVal:
for user, password in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr]):
password = "0x%s" % strToHex(password)
#password = "0x%s" % strToHex(password)
if not kb.data.cachedUsersPasswords.has_key(user):
kb.data.cachedUsersPasswords[user] = [password]
else: