Minor patch (e.g. --sql-query=SELECT 'a','b','c')

sqlmapproject · Nov 15, 2024 · 8b3425c · 8b3425c
1 parent 87cd590
commit 8b3425c
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -188,7 +188,7 @@ bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353  lib/core/profi
 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355  lib/core/replication.py
 bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726  lib/core/revision.py
 eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96  lib/core/session.py
-f9b5c2156613960f23c4460ce714e4fd105d4a21eaad0c02fca330286f866b48  lib/core/settings.py
+43bcfd3c7edeaf35e7186ac106abaca93cd19f3e941aa7978dd213b0d30bfda0  lib/core/settings.py
 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4  lib/core/shell.py
 e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8  lib/core/subprocessng.py
 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd  lib/core/target.py
@@ -460,7 +460,7 @@ acc41465f146d2611fca5a84bd8896bc0ccd2b032b8938357aea3e5b173a5a10  plugins/dbms/v
 3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49  plugins/dbms/virtuoso/syntax.py
 7ac6006e0fc6da229c37fbce39a1406022e5fcc4cac5209814fa20818b8c031a  plugins/dbms/virtuoso/takeover.py
 e6dfaab13d9f98ccffdc70dd46800ca2d61519731d10a267bc82f9fb82cd504d  plugins/generic/connector.py
-664be8bb4157452f2e40c4f98a359e26b559d7ef4f4148564cb8533b5ebf7d54  plugins/generic/custom.py
+4e150d82261308071180fe3595c2dbd777c1a3c58a6b71352df11f96db0b846e  plugins/generic/custom.py
 3d118a7ddb1604a9f86826118cfbae4ab0b83f6e9bef9c6d1c7e77d3da6acf67  plugins/generic/databases.py
 96924a13d7bf0ed8056dc70f10593e9253750a3d83e9a9c9656c3d1527eda344  plugins/generic/entries.py
 a734d74599761cd1cf7d49c88deeb121ea57d80c2f0447e361a4e3a737154c0e  plugins/generic/enumeration.py

diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.8.11.4"
+VERSION = "1.8.11.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
@@ -13,7 +13,9 @@
 from lib.core.common import Backend
 from lib.core.common import dataToStdout
 from lib.core.common import getSQLSnippet
+from lib.core.common import isListLike
 from lib.core.common import isStackingAvailable
+from lib.core.common import joinValue
 from lib.core.convert import getUnicode
 from lib.core.data import conf
 from lib.core.data import logger
@@ -41,6 +43,7 @@ def sqlQuery(self, query):
         sqlType = None
         query = query.rstrip(';')
 
+
         try:
             for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
                 for sqlStatement in sqlStatements:
@@ -61,6 +64,11 @@ def sqlQuery(self, query):
 
                 output = inject.getValue(query, fromUser=True)
 
+                if "SELECT" in sqlType and isListLike(output):
+                    for i in xrange(len(output)):
+                        if isListLike(output[i]):
+                            output[i] = joinValue(output[i])
+
                 return output
             elif not isStackingAvailable() and not conf.direct:
                 warnMsg = "execution of non-query SQL statements is only "