most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)

stamparm · stamparm · commit fb23beef6fc3 · 2011-05-22T19:14:36.000Z
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -288,7 +288,7 @@ def nullAndCastField(self, field):
         if field.startswith("(CASE"):
             nulledCastedField = field
         else:
-            nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
+            nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
             if Backend.isDbms(DBMS.ACCESS):
                 nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
             else:
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -95,6 +95,7 @@ class HTTPHEADER:
     USER_AGENT = "User-Agent"
 
 class WARNFLAGS:
+    NO_CAST = 'noCast'
     RANDOM_AGENT = 'randomAgent'
     DATA_TO_STDOUT = 'dataToStdout'
     THREADS = 'threads'
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -552,6 +552,9 @@ def cmdLineParser():
         parser.add_option("--group-concat", dest="groupConcat", action="store_true",
                            default=False, help=SUPPRESS_HELP)
 
+        parser.add_option("--no-cast", dest="noCast", action="store_true",
+                           default=False, help=SUPPRESS_HELP)
+
         parser.add_option_group(target)
         parser.add_option_group(request)
         parser.add_option_group(optimization)
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
@@ -7,6 +7,7 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+import logging
 import re
 import time
 
@@ -24,13 +25,15 @@
 from lib.core.common import listToStrValue
 from lib.core.common import parseUnionPage
 from lib.core.common import removeReflectiveValues
+from lib.core.common import singleTimeLogMessage
 from lib.core.convert import safecharencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
+from lib.core.enums import WARNFLAGS
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import FROM_TABLE
@@ -84,6 +87,11 @@ def __oneShotUnionUse(expression, unpack=True):
             warnMsg = "possible server trimmed output detected (due to its length): "
             warnMsg += trimmed
             logger.warn(warnMsg)
+        elif Backend.isDbms(DBMS.MYSQL):
+            warnMsg = "if the problem persists with 'None' values please try to use  "
+            warnMsg += "hidden switch --no-cast (fixing problems with some collation "
+            warnMsg += "issues)"
+            singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.NO_CAST)
 
     return output
 
diff --git a/sqlmap.py b/sqlmap.py
@@ -61,7 +61,8 @@ def main():
     """
     Main function of sqlmap when running from command line.
     """
-
+    import random
+    random.seed(456)
     paths.SQLMAP_ROOT_PATH = modulePath()
     setPaths()
     banner()
