PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

Another patch for #5798

Browse Source
This commit is contained in:
Miroslav Stampar
2024-11-06 12:51:23 +01:00
parent 282eea3743
commit 7bf9e3e7b4
3 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/union/use.py
View File

@@ -37,6 +37,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.common import unArrayizeValue
from lib.core.common import wasLastResponseDBMSError
from lib.core.compat import xrange
from lib.core.convert import decodeBase64
from lib.core.convert import getUnicode
from lib.core.convert import htmlUnescape
from lib.core.data import conf
@@ -126,6 +127,9 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
try:
retVal = ""
for row in json.loads(output):
# NOTE: for cases with automatic MySQL Base64 encoding of JSON array values, like: ["base64:type15:MQ=="]
for match in re.finditer(r"base64:type\d+:([^ ]+)", row):
row = row.replace(match.group(0), decodeBase64(match.group(1), binary=False))
retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
except:
retVal = None
@@ -254,7 +258,7 @@ def unionUse(expression, unpack=True, dump=False):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.MSSQL, DBMS.SQLITE) and expressionFields and not any((conf.binaryFields, conf.limitStart, conf.limitStop, conf.forcePartial, conf.disableJson)):
match = re.search(r"SELECT\s*(.+?)\bFROM", expression, re.I)
if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT)\(", expression):
if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT|EXISTS)\(", expression):
kb.jsonAggMode = True
if Backend.isDbms(DBMS.MYSQL):
query = expression.replace(expressionFields, "CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')" % (kb.chars.start, kb.chars.delimiter, expressionFields, kb.chars.stop), 1)