Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5b15746

Browse files
stamparmstamparm
committed
Minor patch
1 parent 2c19d16 commit 5b15746

3 files changed

Lines changed: 7 additions & 4 deletions

File tree

lib/controller/checks.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@
9797
from lib.core.settings import UPPER_RATIO_BOUND
9898
from lib.core.settings import URI_HTTP_HEADER
9999
from lib.core.threads import getCurrentThreadData
100+
from lib.core.unescaper import unescaper
100101
from lib.request.connect import Connect as Request
101102
from lib.request.comparison import comparison
102103
from lib.request.inject import checkBooleanExpression
@@ -879,12 +880,13 @@ def heuristicCheckDbms(injection):
879880
kb.injection = injection
880881

881882
for dbms in getPublicTypeMembers(DBMS, True):
882-
if conf.noEscape and dbms not in FROM_DUMMY_TABLE:
883-
continue
884-
885883
randStr1, randStr2 = randomStr(), randomStr()
884+
886885
Backend.forceDbms(dbms)
887886

887+
if (randStr1 in unescaper.escape("'%s'" % randStr1)) and dbms not in FROM_DUMMY_TABLE:
888+
continue
889+
888890
if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)):
889891
if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):
890892
retVal = dbms

lib/core/dicts.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@
208208
DBMS.MCKOI: (MCKOI_ALIASES, None, None, None),
209209
}
210210

211+
# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/
211212
FROM_DUMMY_TABLE = {
212213
DBMS.ORACLE: " FROM DUAL",
213214
DBMS.ACCESS: " FROM MSysAccessObjects",

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.1.37"
21+
VERSION = "1.4.1.38"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)