safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)

lib/core/convert.py

@@ -22,6 +22,7 @@ import urllib
 
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.settings import HEX_ENCODED_CHAR_REGEX
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import URLENCODE_CHAR_LIMIT
 from lib.core.settings import URLENCODE_FAILSAFE_CHARS
@@ -145,11 +146,39 @@ def safecharencode(value):
     """
 
     retVal = value
+
     if isinstance(value, basestring):
         retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode())
         for char in "\t\n\r\x0b\x0c":
             retVal = retVal.replace(char, repr(char).strip('\''))
+
     elif isinstance(value, list):
         for i in xrange(len(value)):
             retVal[i] = safecharencode(value[i])
+
+    return retVal
+
+def safechardecode(value):
+    """
+    Reverse function to safecharencode
+    """
+
+    retVal = value
+    if isinstance(value, basestring):
+        for char in "\t\n\r\x0b\x0c":
+            retVal = retVal.replace(repr(char).strip('\''), char)
+
+        regex = re.compile(HEX_ENCODED_CHAR_REGEX)
+
+        while True:
+            match = regex.search(retVal)
+            if match:
+                retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\')))
+            else:
+                break
+
+    elif isinstance(value, list):
+        for i in xrange(len(value)):
+            retVal[i] = safechardecode(value[i])
+
     return retVal

lib/core/replication.py

@@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.convert import safechardecode
 from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapValueException
 
@@ -63,8 +64,9 @@ class Replication:
             """
             This function is used for inserting row(s) into current table.
             """
+
             if len(values) == len(self.columns):
-                self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), values)
+                self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
             else:
                 errMsg = "wrong number of columns used in replicating insert"
                 raise sqlmapValueException, errMsg

lib/core/settings.py

@@ -304,3 +304,6 @@ MAX_INT = sys.maxint
 
 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
+
+# Regex used for recognition of hex encoded characters
+HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\[0-9A-Fa-f]{2})"