From eadaf680de6a9f910f514291a106ec7b3ad0687d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 Jan 2011 15:25:48 +0000 Subject: [PATCH] fuck yea --- lib/core/common.py | 12 +++++++++++- lib/techniques/blind/inference.py | 9 +++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 751bfb8ea..4714747bb 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -21,6 +21,7 @@ import urlparse import ntpath import posixpath import httplib +import struct from ConfigParser import DEFAULTSECT from ConfigParser import RawConfigParser @@ -1518,7 +1519,7 @@ def getUnicode(value, encoding=None): if isinstance(value, unicode): return value elif isinstance(value, basestring): - return unicode(value, encoding or conf.dataEncoding, errors='replace') + return unicode(value, encoding or conf.dataEncoding) else: return unicode(value) # encoding ignored for non-basestring instances @@ -2130,3 +2131,12 @@ def openFile(filename, mode='r'): mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") errMsg += "and that it's not locked by another process." raise sqlmapFilePathException, errMsg + +def decodeIntToUnicode(value): + """ + Decodes inferenced integer value with usage of current page encoding + """ + try: + return struct.pack('>H', value).decode(kb.pageEncoding) + except: + return '?' diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index bbca3bcd5..477642468 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -14,6 +14,7 @@ import traceback from lib.core.agent import agent from lib.core.common import dataToSessionFile from lib.core.common import dataToStdout +from lib.core.common import decodeIntToUnicode from lib.core.common import filterControlChars from lib.core.common import getCharset from lib.core.common import getIdentifiedDBMS @@ -168,7 +169,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) if result: - return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0]) + return chr(charTbl[0]) if charTbl[0] < 128 else decodeIntToUnicode(charTbl[0]) else: return None @@ -182,7 +183,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if CHAR_INFERENCE_MARK not in payload: forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) else: - forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue)) + forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else decodeIntToUnicode(posValue)) queriesCount[0] += 1 result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) @@ -225,7 +226,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None else: retVal = minValue + 1 if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload): - return chr(retVal) if retVal < 128 else unichr(retVal) + return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal) else: return None else: @@ -241,7 +242,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) if result: - return chr(retVal) if retVal < 128 else unichr(retVal) + return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal) return None