most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)

2025-06-05 05:33:16 +03:00 · 2011-05-22 19:14:36 +00:00 · 2011-05-22 19:14:36 +00:00 · fb23beef6f
commit fb23beef6f
parent 4fdb6ac9b9
5 changed files with 15 additions and 2 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -288,7 +288,7 @@ class Agent:
        if field.startswith("(CASE"):
            nulledCastedField = field
        else:
-            nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
+            nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
            if Backend.isDbms(DBMS.ACCESS):
                nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
            else:
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -95,6 +95,7 @@ class HTTPHEADER:
    USER_AGENT = "User-Agent"
 class WARNFLAGS:
    NO_CAST = 'noCast'
    RANDOM_AGENT = 'randomAgent'
    DATA_TO_STDOUT = 'dataToStdout'
    THREADS = 'threads'
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -552,6 +552,9 @@ def cmdLineParser():
        parser.add_option("--group-concat", dest="groupConcat", action="store_true",
                           default=False, help=SUPPRESS_HELP)
        parser.add_option("--no-cast", dest="noCast", action="store_true",
                           default=False, help=SUPPRESS_HELP)
        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -7,6 +7,7 @@ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """
 import logging
 import re
 import time
@ -24,6 +25,7 @@ from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import removeReflectiveValues
 from lib.core.common import singleTimeLogMessage
 from lib.core.convert import safecharencode
 from lib.core.data import conf
 from lib.core.data import kb
@ -31,6 +33,7 @@ from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.enums import WARNFLAGS
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import FROM_TABLE
@ -84,6 +87,11 @@ def __oneShotUnionUse(expression, unpack=True):
            warnMsg = "possible server trimmed output detected (due to its length): "
            warnMsg += trimmed
            logger.warn(warnMsg)
        elif Backend.isDbms(DBMS.MYSQL):
            warnMsg = "if the problem persists with 'None' values please try to use  "
            warnMsg += "hidden switch --no-cast (fixing problems with some collation "
            warnMsg += "issues)"
            singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.NO_CAST)
    return output
--- a/sqlmap.py
+++ b/sqlmap.py
@ -61,7 +61,8 @@ def main():
    """
    Main function of sqlmap when running from command line.
    """
-
+    import random
    random.seed(456)
    paths.SQLMAP_ROOT_PATH = modulePath()
    setPaths()
    banner()