Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fb23bee

Browse files
committed
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
1 parent 4fdb6ac commit fb23bee

5 files changed

Lines changed: 15 additions & 2 deletions

File tree

lib/core/agent.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ def nullAndCastField(self, field):
288288
if field.startswith("(CASE"):
289289
nulledCastedField = field
290290
else:
291-
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
291+
nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
292292
if Backend.isDbms(DBMS.ACCESS):
293293
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
294294
else:

lib/core/enums.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,7 @@ class HTTPHEADER:
9595
USER_AGENT = "User-Agent"
9696

9797
class WARNFLAGS:
98+
NO_CAST = 'noCast'
9899
RANDOM_AGENT = 'randomAgent'
99100
DATA_TO_STDOUT = 'dataToStdout'
100101
THREADS = 'threads'

lib/parse/cmdline.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,6 +552,9 @@ def cmdLineParser():
552552
parser.add_option("--group-concat", dest="groupConcat", action="store_true",
553553
default=False, help=SUPPRESS_HELP)
554554

555+
parser.add_option("--no-cast", dest="noCast", action="store_true",
556+
default=False, help=SUPPRESS_HELP)
557+
555558
parser.add_option_group(target)
556559
parser.add_option_group(request)
557560
parser.add_option_group(optimization)

lib/techniques/inband/union/use.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
See the file 'doc/COPYING' for copying permission
88
"""
99

10+
import logging
1011
import re
1112
import time
1213

@@ -24,13 +25,15 @@
2425
from lib.core.common import listToStrValue
2526
from lib.core.common import parseUnionPage
2627
from lib.core.common import removeReflectiveValues
28+
from lib.core.common import singleTimeLogMessage
2729
from lib.core.convert import safecharencode
2830
from lib.core.data import conf
2931
from lib.core.data import kb
3032
from lib.core.data import logger
3133
from lib.core.data import queries
3234
from lib.core.enums import DBMS
3335
from lib.core.enums import PAYLOAD
36+
from lib.core.enums import WARNFLAGS
3437
from lib.core.exception import sqlmapConnectionException
3538
from lib.core.exception import sqlmapSyntaxException
3639
from lib.core.settings import FROM_TABLE
@@ -84,6 +87,11 @@ def __oneShotUnionUse(expression, unpack=True):
8487
warnMsg = "possible server trimmed output detected (due to its length): "
8588
warnMsg += trimmed
8689
logger.warn(warnMsg)
90+
elif Backend.isDbms(DBMS.MYSQL):
91+
warnMsg = "if the problem persists with 'None' values please try to use "
92+
warnMsg += "hidden switch --no-cast (fixing problems with some collation "
93+
warnMsg += "issues)"
94+
singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.NO_CAST)
8795

8896
return output
8997

sqlmap.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,8 @@ def main():
6161
"""
6262
Main function of sqlmap when running from command line.
6363
"""
64-
64+
import random
65+
random.seed(456)
6566
paths.SQLMAP_ROOT_PATH = modulePath()
6667
setPaths()
6768
banner()

0 commit comments

Comments
 (0)