Fixes #3581

2025-05-13 12:13:47 +03:00 · 2019-04-15 13:15:21 +02:00 · 2019-04-15 13:15:21 +02:00 · dcb8025f30
commit dcb8025f30
parent 4b0edeb199
2 changed files with 17 additions and 15 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -3622,21 +3622,23 @@ def decodeStringEscape(value):
    retVal = value
    if value and '\\' in value:
-        if isinstance(value, unicode):
+        charset = "\\%s" % string.whitespace.replace(" ", "")
-            retVal = retVal.encode(UNICODE_ENCODING)
+        for _ in charset:
            retVal = retVal.replace(repr(_).strip("'"), _)
-        try:
+    return retVal
            retVal = codecs.escape_decode(retVal)[0]
        except:
            try:
                retVal = retVal.decode("string_escape")
            except:
                charset = string.whitespace.replace(" ", "")
                for _ in charset:
                    retVal = retVal.replace(repr(_).strip("'"), _)
-        if isinstance(value, unicode):
+def encodeStringEscape(value):
-            retVal = getUnicode(retVal)
+    """
    Encodes escaped string values (e.g. "\t" -> "\\t")
    """
    retVal = value
    if value:
        charset = "\\%s" % string.whitespace.replace(" ", "")
        for _ in charset:
            retVal = retVal.replace(_, repr(_).strip("'"))
    return retVal
@ -3656,7 +3658,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
                return value
            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True))
-            regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string_escape")))
+            regex = _(filterStringValue(payload, r"[A-Za-z0-9]", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX)))
            if regex != payload:
                if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.4.9"
+VERSION = "1.3.4.10"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)