PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

More general approach for PostgreSQL concatenation operator precedence problem (Issue #219)

Browse Source
This commit is contained in:
Miroslav Stampar
2012-10-25 10:41:16 +02:00
parent afd82b92dd
commit ba55bed008
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/dbms/postgresql/syntax.py
View File

@@ -14,6 +14,11 @@ class Syntax(GenericSyntax):
@staticmethod
def unescape(expression, quote=True):
"""
Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
"""
if quote:
while True:
index = expression.find("'")
@@ -28,11 +33,11 @@ class Syntax(GenericSyntax):
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
unescaped = "||".join("CHR(%d)" % (ord(expression[i])) for i in xrange(firstIndex, lastIndex)) # Postgres CHR() function already accepts Unicode code point of character(s)
unescaped = "(%s)" % "||".join("CHR(%d)" % (ord(expression[i])) for i in xrange(firstIndex, lastIndex)) # Postgres CHR() function already accepts Unicode code point of character(s)
expression = expression.replace(old, unescaped)
else:
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression)
return expression