Skip to content

Commit 18013bc

Browse files
stamparmstamparm
committed
1 parent 0517979 commit 18013bc

File tree

2 files changed

+32
-28
lines changed

2 files changed

+32
-28
lines changed

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from thirdparty.six import unichr as _unichr
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.5.10.12"
23+
VERSION = "1.5.10.13"
2424
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2525
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2626
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/techniques/union/use.py

Lines changed: 31 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -98,33 +98,37 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
9898
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
9999

100100
if kb.jsonAggMode:
101-
if Backend.isDbms(DBMS.MSSQL):
102-
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
103-
if output:
104-
try:
105-
retVal = ""
106-
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
107-
for row in json.loads(output):
108-
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
109-
except:
110-
pass
111-
else:
112-
retVal = getUnicode(retVal)
113-
elif Backend.isDbms(DBMS.PGSQL):
114-
output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
115-
if output:
116-
retVal = output
117-
else:
118-
output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
119-
if output:
120-
try:
121-
retVal = ""
122-
for row in json.loads(output):
123-
retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
124-
except:
125-
pass
126-
else:
127-
retVal = getUnicode(retVal)
101+
for _page in (page or "", (page or "").replace('\\"', '"')):
102+
if Backend.isDbms(DBMS.MSSQL):
103+
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
104+
if output:
105+
try:
106+
retVal = ""
107+
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
108+
for row in json.loads(output):
109+
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
110+
except:
111+
pass
112+
else:
113+
retVal = getUnicode(retVal)
114+
elif Backend.isDbms(DBMS.PGSQL):
115+
output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
116+
if output:
117+
retVal = output
118+
else:
119+
output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
120+
if output:
121+
try:
122+
retVal = ""
123+
for row in json.loads(output):
124+
retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
125+
except:
126+
pass
127+
else:
128+
retVal = getUnicode(retVal)
129+
130+
if retVal:
131+
break
128132
else:
129133
# Parse the returned page to get the exact UNION-based
130134
# SQL injection output

0 commit comments

Comments
 (0)