Commit cbe30d3f authored by Nong Hoang Tu's avatar Nong Hoang Tu
Browse files

New upstream version 1.5.8

parent 0baf9d5a
Pipeline #3558 failed with stages
......@@ -1209,7 +1209,7 @@
</users>
<passwords>
<inband query="SELECT USER_NAME,PASSWORD FROM SYSTEM_.SYS_USERS_" condition="USER_NAME"/>
<blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
<blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s' LIMIT %d,1" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
</passwords>
<privileges>
<inband query="SELECT USER_NAME,PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID" condition="USER_NAME"/>
......
......@@ -435,7 +435,7 @@ def checkSqlInjection(place, parameter, value):
origValue = origValue.split(kb.customInjectionMark)[0]
origValue = re.search(r"(\w*)\Z", origValue).group(1)
# Threat the parameter original value according to the
# Treat the parameter original value according to the
# test's <where> tag
if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
if kb.tamperFunctions:
......
......@@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.7.0"
VERSION = "1.5.8.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
......
......@@ -166,6 +166,6 @@ def update():
infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
else:
infoMsg = "for Linux platform it's recommended "
infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt install git')"
infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')"
logger.info(infoMsg)
......@@ -1275,7 +1275,7 @@ class Connect(object):
while True:
try:
compile(getBytes(conf.evalCode.replace(';', '\n')), "", "exec")
compile(getBytes(re.sub(r"\s*;\s*", "\n", conf.evalCode)), "", "exec")
except SyntaxError as ex:
if ex.text:
original = replacement = ex.text.strip()
......
......@@ -125,7 +125,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
last = None
for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []):
for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []):
if '=' in part:
part = part.strip()
key, value = part.split('=', 1)
......
......@@ -724,7 +724,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
errMsg += "List of supported adapters: %s" % ', '.join(sorted(list(server_names.keys())))
else:
errMsg = "Server support for adapter '%s' is not installed on this system " % adapter
errMsg += "(Note: you can try to install it with 'sudo apt install python-%s' or 'sudo pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter)
errMsg += "(Note: you can try to install it with 'apt install python-%s' or 'pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter)
logger.critical(errMsg)
def _client(url, options=None):
......
......@@ -10,7 +10,9 @@ import re
import string
import sys
if sys.version_info >= (3, 0):
PY3 = sys.version_info >= (3, 0)
if PY3:
xrange = range
text_type = str
string_types = (str,)
......@@ -92,7 +94,7 @@ def safechardecode(value, binary=False):
if binary:
if isinstance(retVal, text_type):
retVal = retVal.encode("utf8")
retVal = retVal.encode("utf8", errors="surrogatepass" if PY3 else "strict")
elif isinstance(value, (list, tuple)):
for i in xrange(len(value)):
......
......@@ -35,6 +35,7 @@ from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapFilePathException
from lib.core.exception import SqlmapMissingDependence
from plugins.generic.connector import Connector as GenericConnector
from thirdparty import six
def getSafeExString(ex, encoding=None): # Cross-referenced function
raise NotImplementedError
......@@ -88,7 +89,7 @@ class SQLAlchemy(GenericConnector):
self.printConnected()
else:
raise SqlmapMissingDependence("SQLAlchemy not available")
raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')" % ('3' if six.PY3 else ""))
def fetchall(self):
try:
......
......@@ -45,9 +45,9 @@ class Fingerprint(GenericFingerprint):
# Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
versions = (
(80000, 80028), # MySQL 8.0
(80000, 80029), # MySQL 8.0
(60000, 60014), # MySQL 6.0
(50700, 50736), # MySQL 5.7
(50700, 50737), # MySQL 5.7
(50600, 50652), # MySQL 5.6
(50500, 50563), # MySQL 5.5
(50400, 50404), # MySQL 5.4
......
......@@ -158,7 +158,7 @@ class Miscellaneous(object):
udfDict = {"master..new_xp_cmdshell": {}}
if udfDict is None:
udfDict = self.sysUdfs
udfDict = getattr(self, "sysUdfs", {})
for udf, inpRet in udfDict.items():
message = "do you want to remove UDF '%s'? [Y/n] " % udf
......
openapi: 3.0.1
info:
title: sqlmapapi OpenAPI/Swagger specification
version: '0.1'
paths:
/version:
get:
description: Fetch server version
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "1.5.7.7#dev"
success:
type: boolean
example: true
/task/new:
get:
description: Create a new task
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
taskid:
type: string
example: "fad44d6beef72285"
success:
type: boolean
example: true
/scan/{taskid}/start:
post:
description: Launch a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
requestBody:
content:
application/json:
schema:
type: object
properties:
url:
type: string
examples:
'0':
value: '{"url":"http://testphp.vulnweb.com/artists.php?artist=1"}'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
engineid:
type: integer
example: 19720
success:
type: boolean
example: true
/scan/{taskid}/stop:
get:
description: Stop a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
/scan/{taskid}/status:
get:
description: Fetch status of a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: terminated
returncode:
type: integer
example: 0
success:
type: boolean
example: true
/scan/{taskid}/list:
get:
description: List options for a given task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
options:
type: array
items:
type: object
/scan/{taskid}/data:
get:
description: Retrieve the scan resulting data
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
type: object
success:
type: boolean
example: true
error:
type: array
items:
type: object
/scan/{taskid}/log:
get:
description: Retrieve the log messages
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
log:
type: array
items:
type: object
success:
type: boolean
example: true
/scan/{taskid}/kill:
get:
description: Kill a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
/task/{taskid}/delete:
get:
description: Delete an existing task
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment