diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 75becba54..5c78d133d 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -cc85a81cf0cadda64bd459c091f6a7640a154285b5b8ecbaebe5920babeaff31 lib/core/settings.py +7c88194b2da2d68dfd2fffede71bbb0131a4882a83cdbd53ddc800d7f1981dbb lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -240,7 +240,7 @@ d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd lib/techniques 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/__init__.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/union/__init__.py dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20 lib/techniques/union/test.py -4a866eefe165a541218eb71926a49f65ac13505b88857624b3759970c5069451 lib/techniques/union/use.py +9c57e5467c295e10356f457d7a95a652602e6ef09566ab1346fa23519fdf1b3b lib/techniques/union/use.py e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763 lib/utils/api.py af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brute.py 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55 lib/utils/crawler.py diff --git a/lib/core/settings.py b/lib/core/settings.py index df1123dc5..704bd5254 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.12.4" +VERSION = "1.9.12.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index eab12ab52..c5bc83234 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -107,12 +107,23 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): for _page in (page or "", (page or "").replace('\\"', '"')): if Backend.isDbms(DBMS.MSSQL): output = extractRegexResult(r"%s(?P.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload)) + if output: try: - retVal = "" - fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P[^}]+)}", output)) - for row in json.loads(output): - retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop) + retVal = None + output_decoded = htmlUnescape(output) + json_data = json.loads(output_decoded, object_pairs_hook=OrderedDict) + + if not isinstance(json_data, list): + json_data = [json_data] + + if json_data and isinstance(json_data[0], dict): + fields = list(json_data[0].keys()) + + if fields: + retVal = "" + for row in json_data: + retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop) except: retVal = None else: