PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-26 16:19:04 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #5995

Browse Source
This commit is contained in:
Miroslav Stampar
2025-12-23 00:01:41 +01:00
parent d89a0bb9df
commit c62dd8511e
3 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.9.12.4"
VERSION = "1.9.12.5"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

19
lib/techniques/union/use.py
View File

@@ -107,12 +107,23 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
for _page in (page or "", (page or "").replace('\\"', '"')):
if Backend.isDbms(DBMS.MSSQL):
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
if output:
try:
retVal = ""
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
for row in json.loads(output):
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
retVal = None
output_decoded = htmlUnescape(output)
json_data = json.loads(output_decoded, object_pairs_hook=OrderedDict)
if not isinstance(json_data, list):
json_data = [json_data]
if json_data and isinstance(json_data[0], dict):
fields = list(json_data[0].keys())
if fields:
retVal = ""
for row in json_data:
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop)
except:
retVal = None
else: