upgrade/fixes for direct DBMS access

2025-12-10 09:49:06 +00:00 · 2012-02-07 10:46:55 +00:00
parent af71e3c563
commit f7bf1fbe94
9 changed files with 33 additions and 27 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -84,6 +84,7 @@ from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import DBMS_DICT
 from lib.core.settings import DESCRIPTION
 from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
+from lib.core.settings import NULL
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
@@ -1088,9 +1089,9 @@ def parsePasswordHash(password):
    blank = " " * 8

    if not password or password == " ":
-        password = "NULL"
+        password = NULL

-    if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password):
+    if Backend.isDbms(DBMS.MSSQL) and password != NULL and isHexEncodedString(password):
        hexPassword = password
        password = "%s\n" % hexPassword
        password += "%sheader: %s\n" % (blank, hexPassword[:6])
@@ -2047,7 +2048,7 @@ def getPartRun():
    # Return the INI tag to consider for common outputs (e.g. 'Databases')
    return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal

-def getUnicode(value, encoding=None, system=False):
+def getUnicode(value, encoding=None, system=False, noneToNull=False):
    """
    Return the unicode representation of the supplied value:

@@ -2059,6 +2060,13 @@ def getUnicode(value, encoding=None, system=False):
    u'1'
    """

+    if noneToNull and value is None:
+        return NULL
+
+    if isinstance(value, (list, tuple)):
+        value = list(getUnicode(_, encoding, system, noneToNull) for _ in value)
+        return value
+
    if not system:
        if isinstance(value, unicode):
            return value
@@ -2917,7 +2925,7 @@ def isNullValue(value):
    Returns whether the value contains explicit 'NULL' value
    """

-    return isinstance(value, basestring) and value.upper() == "NULL"
+    return isinstance(value, basestring) and value.upper() == NULL

 def expandMnemonics(mnemonics, parser, args):
    """
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -29,6 +29,7 @@ from lib.core.enums import DBMS
 from lib.core.exception import sqlmapValueException
 from lib.core.replication import Replication
 from lib.core.settings import BUFFERED_LOG_SIZE
+from lib.core.settings import NULL
 from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
 from lib.core.settings import UNICODE_ENCODING

@@ -455,7 +456,7 @@ class Dump:
                        value = getUnicode(info["values"][i])

                        if re.search("^[\ *]*$", value):
-                            value = "NULL"
+                            value = NULL

                    values.append(value)
                    maxlength = int(info["length"])
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -86,6 +86,7 @@ from lib.core.settings import DEFAULT_PAGE_ENCODING
 from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
 from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
 from lib.core.settings import IS_WIN
+from lib.core.settings import NULL
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
 from lib.core.settings import SITE
@@ -1474,7 +1475,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.testQueryCount = 0
    kb.threadContinue = True
    kb.threadException = False
-    kb.uChar = "NULL"
+    kb.uChar = NULL
    kb.xpCmdshellAvailable = False

    kb.chars = AttribDict()
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -239,6 +239,9 @@ SQL_STATEMENTS = {
                             "rollback ",       ),
                     }

+# string representation for NULL value
+NULL = "NULL"
+
 # Regular expressions used for parsing error messages (--parse-errors)
 ERROR_PARSING_REGEXES = (   
                          r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",