Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 919f75d

Browse files
committed
Improvement and fix for pivotDumpTable mechanism
1 parent d7973c3 commit 919f75d

2 files changed

Lines changed: 5 additions & 10 deletions

File tree

lib/utils/pivotdumptable.py

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
from lib.core.exception import sqlmapNoneDataException
2424
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
2525
from lib.core.settings import MAX_INT
26+
from lib.core.unescaper import unescaper
2627
from lib.request import inject
2728

2829
def pivotDumpTable(table, colList, count=None, blind=True):
@@ -101,23 +102,17 @@ def pivotDumpTable(table, colList, count=None, blind=True):
101102

102103
for column in colList:
103104
def _(pivotValue):
104-
# Correction for pivotValues with unrecognized/problematic chars
105-
for char in (INFERENCE_UNKNOWN_CHAR, '\''):
106-
if pivotValue and char in pivotValue and pivotValue[0] != char:
107-
pivotValue = pivotValue.split(char)[0]
108-
pivotValue = pivotValue[:-1] + decodeIntToUnicode(ord(pivotValue[-1]) + 1)
109-
break
110105
if column == colList[0]:
111-
query = dumpNode.query % (column, table, column, pivotValue)
106+
query = dumpNode.query.replace("'%s'", "%s") % (column, table, column, unescaper.unescape(pivotValue, False))
112107
else:
113-
query = dumpNode.query2 % (column, table, colList[0], pivotValue)
108+
query = dumpNode.query2.replace("'%s'", "%s") % (column, table, colList[0], unescaper.unescape(pivotValue, False))
114109

115110
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
116111

117112
value = _(pivotValue)
118113
if column == colList[0]:
119114
if isNoneValue(value):
120-
for pivotValue in filter(None, (" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], chr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, chr(ord(pivotValue[0]) + 1))):
115+
for pivotValue in filter(None, (" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], unichr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, unichr(ord(pivotValue[0]) + 1))):
121116
value = _(pivotValue)
122117
if not isNoneValue(value):
123118
break

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -472,7 +472,7 @@
472472
<substring query="SUBSTR((%s),%d,%d)"/>
473473
<users>
474474
<inband query="SELECT username FROM domain.users"/>
475-
<blind query="SELECT MIN(username) FROM domain.users WHERE username > '%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
475+
<blind query="SELECT MIN(username) FROM domain.users WHERE username>'%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
476476
</users>
477477
<columns>
478478
<inband query="SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s"/>

0 commit comments

Comments
 (0)