Skip to content

Commit 94639d1

Browse files
stamparmstamparm
committed
Another update related to the sqlmapproject#1539 
1 parent c1e3431 commit 94639d1

6 files changed

Lines changed: 20 additions & 3 deletions

File tree

lib/core/agent.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
3838
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
3939
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
40+
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
4041
from lib.core.settings import GENERIC_SQL_COMMENT
4142
from lib.core.settings import PAYLOAD_DELIMITER
4243
from lib.core.settings import REPLACEMENT_MARKER
@@ -400,7 +401,10 @@ def nullAndCastField(self, field):
400401
nulledCastedField = field
401402
else:
402403
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
403-
nulledCastedField = rootQuery.cast.query % field
404+
if Backend.isDbms(DBMS.MYSQL):
405+
nulledCastedField = rootQuery.cast.query.replace(")", " CHARACTER SET %s)") % (field, DEFAULT_MYSQL_CHARACTER_SET)
406+
else:
407+
nulledCastedField = rootQuery.cast.query % field
404408
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
405409
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
406410
else:

lib/core/settings.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,6 +224,10 @@
224224

225225
HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
226226

227+
# Default character set used in MySQL
228+
# Reference: http://pieroxy.net/blog/2013/05/28/mysql_charset_hell.html
229+
DEFAULT_MYSQL_CHARACTER_SET = "latin1"
230+
227231
# Names that can't be used to name files on Windows OS
228232
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
229233

lib/techniques/blind/inference.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import threading
99
import time
1010

11+
from extra.safe2bin.safe2bin import safechardecode
1112
from extra.safe2bin.safe2bin import safecharencode
1213
from lib.core.agent import agent
1314
from lib.core.common import Backend
@@ -18,6 +19,7 @@
1819
from lib.core.common import filterControlChars
1920
from lib.core.common import getCharset
2021
from lib.core.common import getCounter
22+
from lib.core.common import getUnicode
2123
from lib.core.common import goGoodSamaritan
2224
from lib.core.common import getPartRun
2325
from lib.core.common import hashDBRetrieve
@@ -35,6 +37,7 @@
3537
from lib.core.enums import PAYLOAD
3638
from lib.core.exception import SqlmapThreadException
3739
from lib.core.settings import CHAR_INFERENCE_MARK
40+
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
3841
from lib.core.settings import INFERENCE_BLANK_BREAK
3942
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
4043
from lib.core.settings import INFERENCE_GREATER_CHAR
@@ -589,6 +592,10 @@ def blindThread():
589592
raise KeyboardInterrupt
590593

591594
_ = finalValue or partialValue
595+
596+
if Backend.isDbms(DBMS.MYSQL) and safechardecode(_) != _:
597+
_ = getUnicode(safechardecode(_).encode(DEFAULT_MYSQL_CHARACTER_SET))
598+
592599
return getCounter(kb.technique), safecharencode(_) if kb.safeCharEncode else _
593600

594601
def queryOutputLength(expression, payload):

plugins/dbms/mysql/syntax.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import binascii
99

1010
from lib.core.convert import utf8encode
11+
from lib.core.settings import DEFAULT_MYSQL_CHARACTER_SET
1112
from plugins.generic.syntax import Syntax as GenericSyntax
1213

1314
class Syntax(GenericSyntax):
@@ -26,7 +27,7 @@ def escaper(value):
2627
try:
2728
retVal = "0x%s" % binascii.hexlify(value)
2829
except UnicodeEncodeError:
29-
retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))
30+
retVal = "CONVERT(0x%s USING %s)" % ("".join("%.2x" % ord(_) for _ in utf8encode(value)), DEFAULT_MYSQL_CHARACTER_SET)
3031
return retVal
3132

3233
return Syntax._escape(expression, quote, escaper)

plugins/generic/enumeration.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ def __init__(self):
3131
kb.data.banner = None
3232
kb.data.hostname = ""
3333
kb.data.processChar = None
34+
kb.data.characterSet = None
3435

3536
Custom.__init__(self)
3637
Databases.__init__(self)

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
<root>
44
<!-- MySQL -->
55
<dbms value="MySQL">
6-
<cast query="CAST(%s AS CHAR CHARACTER SET latin1)"/>
6+
<cast query="CAST(%s AS CHAR)"/>
77
<length query="CHAR_LENGTH(%s)"/>
88
<isnull query="IFNULL(%s,' ')"/>
99
<delimiter query=","/>

0 commit comments

Comments
 (0)