sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

another update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-10 10:56:55 +00:00
parent d5e7a8d305
commit e98b81fe32
2 changed files with 24 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/dbms/firebird/syntax.py
View File

@ -7,7 +7,6 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.data import kb
from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isDBMSVersionAtLeast
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import sqlmapSyntaxException

49
plugins/dbms/sqlite/syntax.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.common import isDBMSVersionAtLeast
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import sqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
@ -17,36 +18,34 @@ class Syntax(GenericSyntax):
@staticmethod @staticmethod
def unescape(expression, quote=True): def unescape(expression, quote=True):
# The following is not supported on SQLite 2 if isDBMSVersionAtLeast('3'):
return expression if quote:
expression = expression.replace("'", "''")
while True:
index = expression.find("''")
if index == -1:
break
if quote: firstIndex = index + 2
expression = expression.replace("'", "''") index = expression[firstIndex:].find("''")
while True:
index = expression.find("''")
if index == -1:
break
firstIndex = index + 2 if index == -1:
index = expression[firstIndex:].find("''") raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
if index == -1: lastIndex = firstIndex + index
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'") old = "''%s''" % expression[firstIndex:lastIndex]
unescaped = ""
lastIndex = firstIndex + index for i in range(firstIndex, lastIndex):
old = "''%s''" % expression[firstIndex:lastIndex] unescaped += "X'%x'" % ord(expression[i])
unescaped = "" if i < lastIndex - 1:
unescaped += "||"
for i in range(firstIndex, lastIndex): #unescaped += ")"
unescaped += "X'%x'" % ord(expression[i]) expression = expression.replace(old, unescaped)
if i < lastIndex - 1: expression = expression.replace("''", "'")
unescaped += "||" else:
expression = "||".join("X'%x" % ord(c) for c in expression)
#unescaped += ")"
expression = expression.replace(old, unescaped)
expression = expression.replace("''", "'")
else:
expression = "||".join("X'%x" % ord(c) for c in expression)
return expression return expression