Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 97b7dc5

Browse files
stamparmstamparm
committed
Patch for #4419 
1 parent c5a5717 commit 97b7dc5

2 files changed

Lines changed: 22 additions & 1 deletion

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.11.1"
21+
VERSION = "1.4.11.2"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/inject.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
from lib.core.agent import agent
1414
from lib.core.bigarray import BigArray
15+
from lib.core.common import applyFunctionRecursively
1516
from lib.core.common import Backend
1617
from lib.core.common import calculateDeltaSeconds
1718
from lib.core.common import cleanQuery
@@ -505,6 +506,26 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
505506
warnMsg += "or switch '--hex'" if hasattr(queries[Backend.getIdentifiedDbms()], "hex") else ""
506507
singleTimeWarnMessage(warnMsg)
507508

509+
# Dirty patch (MSSQL --binary-fields with 0x31003200...)
510+
if Backend.isDbms(DBMS.MSSQL) and conf.binaryFields:
511+
def _(value):
512+
if isinstance(value, six.text_type):
513+
if value.startswith(u"0x"):
514+
value = value[2:]
515+
if value and len(value) % 4 == 0:
516+
candidate = ""
517+
for i in xrange(len(value)):
518+
if i % 4 < 2:
519+
candidate += value[i]
520+
elif value[i] != '0':
521+
candidate = None
522+
break
523+
if candidate:
524+
value = candidate
525+
return value
526+
527+
value = applyFunctionRecursively(value, _)
528+
508529
# Dirty patch (safe-encoded unicode characters)
509530
if isinstance(value, six.text_type) and "\\x" in value:
510531
try:

0 commit comments

Comments
 (0)