Making those --string tips (containing escaped characters) decodable by sqlmap

stamparm · stamparm · commit 6f529542e3ea · 2012-07-31T11:32:53.000+02:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -365,7 +365,7 @@ def genCmpPayload():
                                 candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
                                 if candidates:
                                     conf.string = random.sample(candidates, 1)[0]
-                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=%s)" % (place, parameter, title, repr(conf.string).lstrip('u'))
+                                    infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
                                     logger.info(infoMsg)
 
                                     injectable = True
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1375,6 +1375,9 @@ class _(unicode): pass
     if conf.oDir:
         paths.SQLMAP_OUTPUT_PATH = conf.oDir
 
+    if conf.string:
+        conf.string = conf.string.decode("unicode_escape")
+
     threadData = getCurrentThreadData()
     threadData.reset()
 
