Fix for an Issue sqlmapproject#110

stamparm · stamparm · commit 95e0d46e3e71 · 2012-07-21T09:15:54.000+02:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -313,7 +313,8 @@ def nullAndCastField(self, field):
 
         rootQuery = queries[Backend.getIdentifiedDbms()]
 
-        if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
+        if field.startswith("(CASE") or field.startswith("(IIF") or\
+          conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'):
             nulledCastedField = field
         else:
             nulledCastedField = rootQuery.cast.query % field
diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py
@@ -5,6 +5,9 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+import binascii
+import re
+
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.exception import sqlmapSyntaxException
 from plugins.generic.syntax import Syntax as GenericSyntax
@@ -15,36 +18,16 @@ def __init__(self):
 
     @staticmethod
     def unescape(expression, quote=True):
+        unescaped = expression
+
         if isDBMSVersionAtLeast('3'):
             if quote:
-                expression = expression.replace("'", "''")
-                while True:
-                    index = expression.find("''")
-                    if index == -1:
-                        break
-
-                    firstIndex = index + 2
-                    index = expression[firstIndex:].find("''")
-
-                    if index == -1:
-                        raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
-
-                    lastIndex = firstIndex + index
-                    old = "''%s''" % expression[firstIndex:lastIndex]
-                    unescaped = ""
-
-                    for i in xrange(firstIndex, lastIndex):
-                        unescaped += "X'%x'" % ord(expression[i])
-                        if i < lastIndex - 1:
-                            unescaped += "||"
-
-                    #unescaped += ")"
-                    expression = expression.replace(old, unescaped)
-                expression = expression.replace("''", "'")
+                for item in re.findall(r"'[^']+'", expression, re.S):
+                    unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'")))
             else:
-                expression = "||".join("X'%x" % ord(c) for c in expression)
+                unescaped = "X'%s'" % binascii.hexlify(expression)
 
-        return expression
+        return unescaped
 
     @staticmethod
     def escape(expression):
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -306,6 +306,7 @@
     <!-- SQLite -->
     <dbms value="SQLite">
         <cast query="CAST(%s AS VARCHAR(8000))" dbms_version="&gt;=3.0"/>
+        <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->
         <length query="LENGTH(%s)"/>
         <isnull query="IFNULL(%s,' ')" dbms_version="&gt;=3.0"/>
         <delimiter query="||"/>
