From c714ac64218cd61ddbcb5fe28d06ce3947a71649 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 9 Apr 2011 23:13:16 +0000
Subject: [PATCH] added support for handling binary data values (no more
 garbish chars)

---
 lib/core/common.py             | 3 +++
 lib/request/inject.py          | 6 +++++-
 plugins/generic/enumeration.py | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 6bb3d0cf5..409e5d8ff 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2524,4 +2524,7 @@ def getSafeHexEncodedBinaryData(value):
     retVal = value
     if isinstance(value, basestring):
         retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%x' % ord(y)), value, unicode())
+    elif isinstance(value, list):
+        for i in xrange(len(value)):
+            retVal[i] = getSafeHexEncodedBinaryData(value[i])
     return retVal
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 5ca1ee1c7..f4c6f9297 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -17,6 +17,7 @@ from lib.core.common import cleanQuery
 from lib.core.common import dataToSessionFile
 from lib.core.common import expandAsteriskForColumns
 from lib.core.common import getPublicTypeMembers
+from lib.core.common import getSafeHexEncodedBinaryData
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
@@ -387,7 +388,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
 
     return data
 
-def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False):
+def getValue(expression, blind=True, inband=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeHexEncode=True):
     """
     Called each time sqlmap inject a SQL query on the SQL injection
     affected parameter. It can call a function to retrieve the output
@@ -493,6 +494,9 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
         elif value == [None]:
             value = None
 
+    if safeHexEncode:
+        value = getSafeHexEncodedBinaryData(value)
+
     return value
 
 def goStacked(expression, silent=False):
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index eec7aac84..b7f2b533b 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -252,7 +252,7 @@ class Enumeration:
                 retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.password' % randStr], blind=False)
                 if retVal:
                     for user, password in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr]):
-                        password = "0x%s" % strToHex(password)
+                        #password = "0x%s" % strToHex(password)
                         if not kb.data.cachedUsersPasswords.has_key(user):
                             kb.data.cachedUsersPasswords[user] = [password]
                         else: