New upstream version 1.5.8

cbe30d3f · Nong Hoang Tu · 0baf9d5a · cbe30d3f · cbe30d3f · cbe30d3f
Commit cbe30d3f authored Aug 09, 2021 by Nong Hoang Tu
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -1209,7 +1209,7 @@
        </users>
        <passwords>
            <inband query="SELECT USER_NAME,PASSWORD FROM SYSTEM_.SYS_USERS_" condition="USER_NAME"/>
-            <blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
+            <blind query="SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s' LIMIT %d,1" count="SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'"/>
        </passwords>
        <privileges>
            <inband query="SELECT USER_NAME,PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID" condition="USER_NAME"/>

--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -435,7 +435,7 @@ def checkSqlInjection(place, parameter, value):
                        origValue = origValue.split(kb.customInjectionMark)[0]
                        origValue = re.search(r"(\w*)\Z", origValue).group(1)

-                    # Threat the parameter original value according to the
+                    # Treat the parameter original value according to the
                    # test's <where> tag
                    if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
                        if kb.tamperFunctions:

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.7.0"
+VERSION = "1.5.8.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -166,6 +166,6 @@ def update():
            infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads"
        else:
            infoMsg = "for Linux platform it's recommended "
-            infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt install git')"
+            infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')"

        logger.info(infoMsg)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1275,7 +1275,7 @@ class Connect(object):

            while True:
                try:
-                    compile(getBytes(conf.evalCode.replace(';', '\n')), "", "exec")
+                    compile(getBytes(re.sub(r"\s*;\s*", "\n", conf.evalCode)), "", "exec")
                except SyntaxError as ex:
                    if ex.text:
                        original = replacement = ex.text.strip()

--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -125,7 +125,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER
                last = None

-                for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []):
+                for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []):
                    if '=' in part:
                        part = part.strip()
                        key, value = part.split('=', 1)

--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@@ -724,7 +724,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
            errMsg += "List of supported adapters: %s" % ', '.join(sorted(list(server_names.keys())))
        else:
            errMsg = "Server support for adapter '%s' is not installed on this system " % adapter
-            errMsg += "(Note: you can try to install it with 'sudo apt install python-%s' or 'sudo pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter)
+            errMsg += "(Note: you can try to install it with 'apt install python-%s' or 'pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter)
        logger.critical(errMsg)

 def _client(url, options=None):

--- a/lib/utils/safe2bin.py
+++ b/lib/utils/safe2bin.py
@@ -10,7 +10,9 @@ import re
 import string
 import sys

-if sys.version_info >= (3, 0):
+PY3 = sys.version_info >= (3, 0)
+
+if PY3:
    xrange = range
    text_type = str
    string_types = (str,)
@@ -92,7 +94,7 @@ def safechardecode(value, binary=False):

        if binary:
            if isinstance(retVal, text_type):
-                retVal = retVal.encode("utf8")
+                retVal = retVal.encode("utf8", errors="surrogatepass" if PY3 else "strict")

    elif isinstance(value, (list, tuple)):
        for i in xrange(len(value)):

--- a/lib/utils/sqlalchemy.py
+++ b/lib/utils/sqlalchemy.py
@@ -35,6 +35,7 @@ from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapMissingDependence
 from plugins.generic.connector import Connector as GenericConnector
+from thirdparty import six

 def getSafeExString(ex, encoding=None):  # Cross-referenced function
    raise NotImplementedError
@@ -88,7 +89,7 @@ class SQLAlchemy(GenericConnector):

            self.printConnected()
        else:
-            raise SqlmapMissingDependence("SQLAlchemy not available")
+            raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')" % ('3' if six.PY3 else ""))

    def fetchall(self):
        try:

--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -45,9 +45,9 @@ class Fingerprint(GenericFingerprint):
        # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/

        versions = (
-            (80000, 80028),  # MySQL 8.0
+            (80000, 80029),  # MySQL 8.0
            (60000, 60014),  # MySQL 6.0
-            (50700, 50736),  # MySQL 5.7
+            (50700, 50737),  # MySQL 5.7
            (50600, 50652),  # MySQL 5.6
            (50500, 50563),  # MySQL 5.5
            (50400, 50404),  # MySQL 5.4

--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -158,7 +158,7 @@ class Miscellaneous(object):
                udfDict = {"master..new_xp_cmdshell": {}}

            if udfDict is None:
-                udfDict = self.sysUdfs
+                udfDict = getattr(self, "sysUdfs", {})

            for udf, inpRet in udfDict.items():
                message = "do you want to remove UDF '%s'? [Y/n] " % udf

--- a/sqlmapapi.yaml
+++ b/sqlmapapi.yaml
+openapi: 3.0.1
+info:
+  title: sqlmapapi OpenAPI/Swagger specification
+  version: '0.1'
+paths:
+  /version:
+    get:
+      description: Fetch server version
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  version:
+                    type: string
+                    example: "1.5.7.7#dev"
+                  success:
+                    type: boolean
+                    example: true
+  /task/new:
+    get:
+      description: Create a new task
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  taskid:
+                    type: string
+                    example: "fad44d6beef72285"
+                  success:
+                    type: boolean
+                    example: true
+  /scan/{taskid}/start:
+    post:
+      description: Launch a scan
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                url:
+                  type: string
+            examples:
+              '0':
+                value: '{"url":"http://testphp.vulnweb.com/artists.php?artist=1"}'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  engineid:
+                    type: integer
+                    example: 19720
+                  success:
+                    type: boolean
+                    example: true
+  /scan/{taskid}/stop:
+    get:
+      description: Stop a scan
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    example: true
+  /scan/{taskid}/status:
+    get:
+      description: Fetch status of a scan
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  status:
+                    type: string
+                    example: terminated
+                  returncode:
+                    type: integer
+                    example: 0
+                  success:
+                    type: boolean
+                    example: true
+  /scan/{taskid}/list:
+    get:
+      description: List options for a given task ID
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    example: true
+                  options:
+                    type: array
+                    items:
+                      type: object
+  /scan/{taskid}/data:
+    get:
+      description: Retrieve the scan resulting data
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  data:
+                    type: array
+                    items:
+                      type: object
+                  success:
+                    type: boolean
+                    example: true
+                  error:
+                    type: array
+                    items:
+                      type: object
+  /scan/{taskid}/log:
+    get:
+      description: Retrieve the log messages
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  log:
+                    type: array
+                    items:
+                      type: object
+                  success:
+                    type: boolean
+                    example: true
+  /scan/{taskid}/kill:
+    get:
+      description: Kill a scan
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    example: true
+  /task/{taskid}/delete:
+    get:
+      description: Delete an existing task
+      parameters:
+        - in: path
+          name: taskid
+          required: true
+          schema:
+            type: string
+          description: Scan task ID
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    example: true