From 989840c0947c8a9f53303c57a99b4dd556c862f0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 26 Aug 2024 00:09:58 +0200 Subject: [PATCH] Fixes #5763 --- data/txt/sha256sums.txt | 6 +++--- lib/controller/checks.py | 5 +++-- lib/core/option.py | 1 + lib/core/settings.py | 2 +- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index e7c258ca2b4..6fecf23c927 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -159,7 +159,7 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/ 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 extra/vulnserver/__init__.py 2ffe028b8b21306b6f528e62b214f43172fcf5bb59d317a13ba78e70155677ce extra/vulnserver/vulnserver.py f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35 lib/controller/action.py -5d62d04edd432834df809707450a42778768ccc3c909eef6c6738ee780ffa884 lib/controller/checks.py +062c02a876644fc9bb4be37b545a325c600ee0b62f898f9723676043303659d4 lib/controller/checks.py 34120f3ea85f4d69211642a263f963f08c97c20d47fd2ca082c23a5336d393f8 lib/controller/controller.py 46d70b69cc7af0849242da5094a644568d7662a256a63e88ae485985b6dccf12 lib/controller/handler.py 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/controller/__init__.py @@ -180,14 +180,14 @@ e8f6f1df8814b7b03c3eba22901837555083f66c99ee93b943911de785736bfa lib/core/dicts 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730 lib/core/__init__.py fce3fd4b161ec1c6e9d5bf1dca5bc4083e07d616ed2c14b798e96b60ec67c2b2 lib/core/log.py 4caebf27d203673b8ad32394937397319f606c4e1f1e1a2a221402d39c644b40 lib/core/optiondict.py -b3d2be01406c3bae1cf46e1b8c0f773264b61a037e6a92e5c0ba190a82afc869 lib/core/option.py +1171119f6289ab981e5912e73801fe1862c7c012bc1da577df5c6497f348a85e lib/core/option.py d2d81ee7520b55571923461a2bdfaa68dda74a89846761338408ab0acf08d3a5 lib/core/patch.py bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353 lib/core/profiling.py 4ccce0d53f467166d4084c9ef53a07f54cc352e75f785454a31c8a820511a84e lib/core/readlineng.py 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355 lib/core/replication.py bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726 lib/core/revision.py eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96 lib/core/session.py -628778cf90fe41976f3507038386f3cad3b941e6c9425d7f6a06c4d8e599313d lib/core/settings.py +4e70d55c341b29a8e502ea76e03cd28d7ceca4de1e781095784da364bffd29b2 lib/core/settings.py 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4 lib/core/shell.py e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8 lib/core/subprocessng.py 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd lib/core/target.py diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 186a0fd2767..f25fb8a817a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -581,7 +581,7 @@ def genCmpPayload(): if injectable: if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): - if all((falseCode, trueCode)) and falseCode != trueCode: + if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode: suggestion = conf.code = trueCode infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code) @@ -1050,9 +1050,10 @@ def heuristicCheckSqlInjection(place, parameter): payload = "%s%s%s" % (prefix, randStr, suffix) payload = agent.payload(place, parameter, newValue=payload) - page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) + page, _, code = Request.queryPage(payload, place, content=True, raise404=False) kb.heuristicPage = page + kb.heuristicCode = code kb.heuristicMode = False parseFilePaths(page) diff --git a/lib/core/option.py b/lib/core/option.py index ec672622dae..537d93f8a6d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2090,6 +2090,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.headersFp = {} kb.heuristicDbms = None kb.heuristicExtendedDbms = None + kb.heuristicCode = None kb.heuristicMode = False kb.heuristicPage = False kb.heuristicTest = None diff --git a/lib/core/settings.py b/lib/core/settings.py index e843d45eb3f..059a05d64e4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.8.8.3" +VERSION = "1.8.8.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)