Another update for an Issue sqlmapproject#362

stamparm · stamparm · commit 069c6acabd38 · 2013-01-20T22:47:26.000+01:00
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -180,7 +180,14 @@ def validateChar(idx, value):
             value are not equal there will be a deliberate delay).
             """
 
-            forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
+            if CHAR_INFERENCE_MARK not in payload:
+                forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
+            else:
+                # e.g.: ... > '%c' -> ... > ORD(..)
+                markingValue = "'%s'" % CHAR_INFERENCE_MARK
+                unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value))
+                forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
+
             result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
             incrementCounter(kb.technique)
 
diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py
@@ -22,4 +22,4 @@ def escaper(value):
         if isDBMSVersionAtLeast('2.1'):
             retVal = Syntax._escape(expression, quote, escaper)
 
-        return retVal
+        return retVal
diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py
@@ -24,4 +24,4 @@ def escaper(value):
         if isDBMSVersionAtLeast('3'):
             retVal = Syntax._escape(expression, quote, escaper)
 
-        return retVal
+        return retVal
