PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Minor drei update

Browse Source
This commit is contained in:
Miroslav Stampar
2019-05-02 12:39:16 +02:00
parent 7d9cd0c079
commit 2791ea51ea
15 changed files with 84 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/dbms/mysql/syntax.py
View File

@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
import binascii
from lib.core.common import getBytes
from lib.core.common import getOrds
from lib.core.common import getUnicode
from plugins.generic.syntax import Syntax as GenericSyntax
@@ -15,11 +16,16 @@ class Syntax(GenericSyntax):
@staticmethod
def escape(expression, quote=True):
"""
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT 0x6162636465666768 FROM foobar'
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 0x6162636465666768 FROM foobar"
True
>>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CONVERT(0x61626364c3ab666768 USING utf8) FROM foobar"
True
"""
def escaper(value):
return "0x%s" % getUnicode(binascii.hexlify(getBytes(value)))
if all(_ < 128 for _ in getOrds(value)):
return "0x%s" % getUnicode(binascii.hexlify(getBytes(value)))
else:
return "CONVERT(0x%s USING utf8)" % getUnicode(binascii.hexlify(getBytes(value)))
return Syntax._escape(expression, quote, escaper)