diff --git a/lib/core/common.py b/lib/core/common.py index 9c768a183..b239776b5 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1125,15 +1125,10 @@ def expandAsteriskForColumns(expression): infoMsg += "sqlmap will retrieve the column names itself" logger.info(infoMsg) - dbTbl = asterisk.group(1) - - if dbTbl and ".." in dbTbl: - dbTbl = dbTbl.replace('..', '.dbo.') - - if dbTbl and "." in dbTbl: - conf.db, conf.tbl = dbTbl.split(".", 1) - else: - conf.tbl = dbTbl + _ = asterisk.group(1).replace("..", ".") + conf.db, conf.tbl = _.split(".", 1) if '.' in _ else (None, _) + conf.db = safeSQLIdentificatorNaming(conf.db) + conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True) columnsDict = conf.dbmsHandler.getColumns(onlyColNames=True) diff --git a/lib/core/dump.py b/lib/core/dump.py index 13eac6abd..4af99a742 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -478,13 +478,16 @@ class Dump(object): blank = " " * (maxlength - len(value)) self._write("| %s%s" % (value, blank), newline=False, console=console) - # TODO: this is related to issue #8, but it is not yet working - #mimetype = magic.from_buffer(value, mime=True) - - #if mimetype.startswith("application") or mimetype.startswith("image"): - # singleFP = open("%s%s%s" % (dumpDbPath, os.sep, "%s-%d.bin" % (column, randomInt(8))), "wb") - # singleFP.write(value.encode("utf8")) - # singleFP.close() + if len(value) > 10 and r'\x' in value: + mimetype = magic.from_buffer(value, mime=True) + if mimetype.startswith("application") or mimetype.startswith("image"): + with open("%s%s%s" % (dumpDbPath, os.sep, "%s-%d.bin" % (column, randomInt(8))), "wb") as f: + import pdb + pdb.set_trace() + from extra.safe2bin.safe2bin import safechardecode + _ = _.encode(UNICODE_ENCODING) + _ = safechardecode(value) + f.write(_) if conf.dumpFormat == DUMP_FORMAT.CSV: if field == fields: