most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)

2024-11-22 01:26:42 +03:00 · 2011-05-22 19:14:36 +00:00 · 2011-05-22 19:14:36 +00:00 · fb23beef6f
commit fb23beef6f
parent 4fdb6ac9b9
5 changed files with 15 additions and 2 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -288,7 +288,7 @@ class Agent:
        if field.startswith("(CASE"):
            nulledCastedField = field
        else:
-            nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
+            nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
            if Backend.isDbms(DBMS.ACCESS):
                nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
            else:
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -95,6 +95,7 @@ class HTTPHEADER:
    USER_AGENT = "User-Agent"

 class WARNFLAGS:
+    NO_CAST = 'noCast'
    RANDOM_AGENT = 'randomAgent'
    DATA_TO_STDOUT = 'dataToStdout'
    THREADS = 'threads'
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -552,6 +552,9 @@ def cmdLineParser():
        parser.add_option("--group-concat", dest="groupConcat", action="store_true",
                           default=False, help=SUPPRESS_HELP)

+        parser.add_option("--no-cast", dest="noCast", action="store_true",
+                           default=False, help=SUPPRESS_HELP)
+
        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -7,6 +7,7 @@ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

+import logging
 import re
 import time

@ -24,6 +25,7 @@ from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import removeReflectiveValues
+from lib.core.common import singleTimeLogMessage
 from lib.core.convert import safecharencode
 from lib.core.data import conf
 from lib.core.data import kb
@ -31,6 +33,7 @@ from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
+from lib.core.enums import WARNFLAGS
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import FROM_TABLE
@ -84,6 +87,11 @@ def __oneShotUnionUse(expression, unpack=True):
            warnMsg = "possible server trimmed output detected (due to its length): "
            warnMsg += trimmed
            logger.warn(warnMsg)
+        elif Backend.isDbms(DBMS.MYSQL):
+            warnMsg = "if the problem persists with 'None' values please try to use  "
+            warnMsg += "hidden switch --no-cast (fixing problems with some collation "
+            warnMsg += "issues)"
+            singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.NO_CAST)

    return output

--- a/sqlmap.py
+++ b/sqlmap.py
@ -61,7 +61,8 @@ def main():
    """
    Main function of sqlmap when running from command line.
    """
-
+    import random
+    random.seed(456)
    paths.SQLMAP_ROOT_PATH = modulePath()
    setPaths()
    banner()