From cc8209d6486039fa30d0a3796c40c1b7d813b01e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 16 Sep 2019 19:29:38 +0200 Subject: [PATCH] Patch related to the #3927 --- lib/core/agent.py | 6 +++--- lib/core/common.py | 2 +- lib/core/convert.py | 14 +++++++------- lib/core/settings.py | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 15fc96910..e702bc525 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import base64 import re from lib.core.common import Backend @@ -51,6 +50,7 @@ from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import REPLACEMENT_MARKER from lib.core.settings import SINGLE_QUOTE_MARKER from lib.core.settings import SLEEP_TIME_MARKER +from lib.core.settings import UNICODE_ENCODING from lib.core.unescaper import unescaper from thirdparty import six @@ -171,8 +171,8 @@ class Agent(object): if re.sub(r" \(.+", "", parameter) in conf.base64Parameter: # TODO: support for POST_HINT - newValue = encodeBase64(newValue, binary=False) - origValue = encodeBase64(origValue, binary=False) + newValue = encodeBase64(newValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING) + origValue = encodeBase64(origValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING) if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER): _ = "%s%s" % (origValue, kb.customInjectionMark) diff --git a/lib/core/common.py b/lib/core/common.py index 7da5064b8..40df6f83f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -623,7 +623,7 @@ def paramToDict(place, parameters=None): if parameter in (conf.base64Parameter or []): try: oldValue = value - value = decodeBase64(value, binary=False) + value = decodeBase64(value, binary=False, encoding=conf.encoding or UNICODE_ENCODING) parameters = re.sub(r"\b%s(\b|\Z)" % re.escape(oldValue), value, parameters) except: errMsg = "parameter '%s' does not contain " % parameter diff --git a/lib/core/convert.py b/lib/core/convert.py index 746908a95..d7f911019 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -184,7 +184,7 @@ def encodeHex(value, binary=True): return retVal -def decodeBase64(value, binary=True): +def decodeBase64(value, binary=True, encoding=None): """ Returns a decoded representation of provided Base64 value @@ -197,11 +197,11 @@ def decodeBase64(value, binary=True): retVal = base64.b64decode(value) if not binary: - retVal = getText(retVal) + retVal = getText(retVal, encoding) return retVal -def encodeBase64(value, binary=True): +def encodeBase64(value, binary=True, encoding=None): """ Returns a decoded representation of provided Base64 value @@ -212,12 +212,12 @@ def encodeBase64(value, binary=True): """ if isinstance(value, six.text_type): - value = value.encode(UNICODE_ENCODING) + value = value.encode(encoding or UNICODE_ENCODING) retVal = base64.b64encode(value) if not binary: - retVal = getText(retVal) + retVal = getText(retVal, encoding) return retVal @@ -305,7 +305,7 @@ def getUnicode(value, encoding=None, noneToNull=False): except UnicodeDecodeError: return six.text_type(str(value), errors="ignore") # encoding ignored for non-basestring instances -def getText(value): +def getText(value, encoding=None): """ Returns textual value of a given value (Note: not necessary Unicode on Python2) @@ -318,7 +318,7 @@ def getText(value): retVal = value if isinstance(value, six.binary_type): - retVal = getUnicode(value) + retVal = getUnicode(value, encoding) if six.PY2: try: diff --git a/lib/core/settings.py b/lib/core/settings.py index d8afe5599..1917d6795 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.9.17" +VERSION = "1.3.9.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)