Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b9cc127

Browse files
bdamelebdamele
committed
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2 parents 70230f3 + c75560b commit b9cc127

2 files changed

Lines changed: 17 additions & 3 deletions

File tree

lib/core/common.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2590,7 +2590,10 @@ def decodeIntToUnicode(value):
25902590
try:
25912591
# http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_ord
25922592
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
2593-
retVal = getUnicode(hexdecode(hex(value)))
2593+
_ = "%x" % value
2594+
if len(_) % 2 == 1:
2595+
_ = "0%s" % _
2596+
retVal = getUnicode(hexdecode(_))
25942597
elif value > 255:
25952598
retVal = unichr(value)
25962599
else:

plugins/generic/custom.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,9 @@
99

1010
from lib.core.common import Backend
1111
from lib.core.common import dataToStdout
12+
from lib.core.common import getPublicTypeMembers
1213
from lib.core.common import getSQLSnippet
14+
from lib.core.common import getTechniqueData
1315
from lib.core.common import isTechniqueAvailable
1416
from lib.core.convert import utf8decode
1517
from lib.core.data import conf
@@ -39,14 +41,23 @@ def sqlQuery(self, query):
3941
sqlType = sqlTitle
4042
break
4143

42-
if 'OPENROWSET' not in query.upper() and (not sqlType or 'SELECT' in sqlType):
44+
stacked = isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)
45+
46+
if not stacked:
47+
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
48+
_ = getTechniqueData(technique)
49+
if _ and "stacked" in _["title"].lower():
50+
stacked = True
51+
break
52+
53+
if "OPENROWSET" not in query.upper() and (not sqlType or "SELECT" in sqlType):
4354
infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
4455
logger.info(infoMsg)
4556

4657
output = inject.getValue(query, fromUser=True)
4758

4859
return output
49-
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
60+
elif not stacked and not conf.direct:
5061
warnMsg = "execution of custom SQL queries is only "
5162
warnMsg += "available when stacked queries are supported"
5263
logger.warn(warnMsg)

0 commit comments

Comments
 (0)