From 762037e78db12fa1c209ccea01d11919c166d72d Mon Sep 17 00:00:00 2001 From: potato-20 <164017049+potato-20@users.noreply.github.com> Date: Thu, 4 Jun 2026 22:58:32 +0530 Subject: [PATCH 01/23] Fix ineffective chardet MINIMUM_THRESHOLD patch (#6024) --- data/txt/sha256sums.txt | 2 +- lib/core/patch.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9204a51a7e..4f1ad9dee5 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -182,7 +182,7 @@ ccd3b414727ef75f5d533f9518198b61322781f3ee53a86643763e029b2874c0 lib/core/dump. 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py 67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d lib/core/optiondict.py d197388e8e2aabe19f2529bfcac780e18e22a905d01319080d7afe4cb2b1c4c9 lib/core/option.py -789320dcb3f93137d3065080ee98429280bf10b20b66a1c08d3fcc1747b30d94 lib/core/patch.py +c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch.py 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py diff --git a/lib/core/patch.py b/lib/core/patch.py index 55ac8d3f1d..35fde34978 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -85,7 +85,7 @@ def _(self, *args): _http_client.LineAndFileWrapper.readline = _ # to prevent too much "guessing" in case of binary data retrieval - thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90 + thirdparty.chardet.universaldetector.UniversalDetector.MINIMUM_THRESHOLD = 0.90 match = re.search(r" --method[= ](\w+)", " ".join(sys.argv)) if match and match.group(1).upper() != PLACE.POST: From d373eeaea583cebf5f39fd1497aa85885a793ff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 19:40:58 +0200 Subject: [PATCH 02/23] Fixing shitty concat2concatws tamper script --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- tamper/concat2concatws.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 4f1ad9dee5..8eab15c5d4 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -3fea7262bc40f5a7cf31ae81c1f2d1a12361d7b7e1d45411d6617475bd691608 lib/core/settings.py +d4b1e774a78d8b4f71701dbacc25ab78adfa4bed785588a1946ae6230685f4ae lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -508,7 +508,7 @@ c7892bff56b2b85dfdf9f24c783c569edac57a3fd5a254cf4554987a374206c9 tamper/charenc d0d8f2df2c29d81315a867ecb6baa9ca430e8f98d04f4df3879f2bcd697fac16 tamper/commalesslimit.py 1aee4e920b8ffa4a79b2ac9a42e2d7de13434970b3d1e0c6911c26bdd0c7b4e7 tamper/commalessmid.py ff8d05da2c5a123a231671c97ee80bb77b6631d7e5356d836cfe15ef212b73e5 tamper/commentbeforeparentheses.py -66cad47087c78a5658445f8a00f2e1cd533a6d7c57aec2d1eb1fe486956aa3ea tamper/concat2concatws.py +27f74b1c007713f753e0278bc056b09cd715c364847977962d6a198ecefa14ff tamper/concat2concatws.py b5a5ba94a78cf83b35cdb0b08d9d69dbf1f33c07cc5152c560ae5aee54a4c066 tamper/decentities.py 1d6bcc5ffe235840370cd9738b5e8067f8b24e8c0e2bb629d330a7e5c379328a tamper/dunion.py 99c59e6fd7cafc9238c53e037eff457823854eef7cb0c5ea05941e0223229209 tamper/equaltolike.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 62b7a4d680..5e0094b40a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.12" +VERSION = "1.10.6.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 1aeca3098e..fdfb1a49b7 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -6,6 +6,7 @@ """ import os +import re from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS @@ -35,6 +36,6 @@ def tamper(payload, **kwargs): """ if payload: - payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),") + payload = re.sub(r"(?i)(? Date: Thu, 4 Jun 2026 19:50:06 +0200 Subject: [PATCH 03/23] Fixing versioned tamper scripts --- data/txt/sha256sums.txt | 10 +++++----- lib/core/settings.py | 2 +- tamper/halfversionedmorekeywords.py | 6 +++--- tamper/space2morehash.py | 2 +- tamper/versionedkeywords.py | 2 +- tamper/versionedmorekeywords.py | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 8eab15c5d4..6d969ad9b6 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -d4b1e774a78d8b4f71701dbacc25ab78adfa4bed785588a1946ae6230685f4ae lib/core/settings.py +c584533e179c2286803f8fef0ac1272f6c33d3853a1bd2931183b98e0530f504 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -515,7 +515,7 @@ b5a5ba94a78cf83b35cdb0b08d9d69dbf1f33c07cc5152c560ae5aee54a4c066 tamper/decenti b3940e8d029150a81f17a2da1141928c31b6abb9ade3672d093051e310439995 tamper/equaltorlike.py d528e74ae7c9fc0cd45369046d835a8f1e6f9252eeef6d84d9978d7e329ab35f tamper/escapequotes.py 0694f202a4f57e0a5c4d5aa72eee121b6f344d4e03692d9e267e2212abed719c tamper/greatest.py -26e57bc7c118168f20a5fc80d2d2fdbef05c027328c5c55cbbe92047ee8123da tamper/halfversionedmorekeywords.py +89c2606da517d063f5a898a33d5bfd8737eef837552fc1127cea512ab82d0ea5 tamper/halfversionedmorekeywords.py f0a7b635061385a3bf399cc51faf4d5e10694266aaa21fba557ca655c00a09bc tamper/hex2char.py 9096cbf2283137d592408325347f46866fd139966c946f8ba1ea61826472d0bb tamper/hexentities.py 3e518ace6940d54e8844c83781756e85d5670c53dfac0a092c4ee36cd5111885 tamper/htmlencode.py @@ -547,7 +547,7 @@ e11f10ab09c2a7f44ca2a42b35f9db30d1d3715981bd830ea4e00968be51931b tamper/schemas 715b56e60e8f7bf0a1198b356a32374797a8c2e1ba1f888794626205d63c63d5 tamper/space2dash.py 21c43aafe994e798335e6756fbed15f430629beb49042b56d47f232022044a65 tamper/space2hash.py 329fa6e9bb27e1770ccc1c42c3b3ddc8e57a970959d8482ff102d7bfee546a49 tamper/space2morecomment.py -c088e7061a1a4676bc7714f64005ac275fae349f3dc665f2d565f56ecae7619f tamper/space2morehash.py +ffa3e0e2b7b0d6461f4c38bd2314d33f7bbefa2cd4e78c4858551bcfa24b3b33 tamper/space2morehash.py f823e5afbd5ab8e3fb478d984528c7f675561cf2b4eb6634a5bc11756097a01f tamper/space2mssqlblank.py 0d3b1336a5ca15de0ce5617c153f91ff8715c34cf886a71cb8df5ae887df301d tamper/space2mssqlhash.py 528723c9cea1d91dac22cb44cab6f8f0174f98c3c547b42017589d9a19a314e1 tamper/space2mysqlblank.py @@ -561,8 +561,8 @@ c442ec7bb6676bdc58447fa54c719a9322b1728ba96c2358081a73fa8a4612ff tamper/unional 9ebf67b9ce10b338edc3e804111abe56158fa0a69e53aacdd0ffa0e0b6af1f70 tamper/unmagicquotes.py 67a83f8b6e99e9bb3344ad6f403e1d784cf9d3f3b7e8e40053cf3181fabe47fa tamper/uppercase.py 3e54d7f98ca75181e6b16aa306d5a5f5f0dce857d5b3e6ce5a07d501f5d915aa tamper/varnish.py -7d469ee594390cbc10378f83af403bba249240eab00f0ad5a5fe0e3fa1fcbf0d tamper/versionedkeywords.py -dcb7a5584390f1604adff075c94139dd23711f2f516b68683ec4208dd0a00fda tamper/versionedmorekeywords.py +7afc4d262b97773e67dcfa3e253a9a060dc964750f01d739636d17ee069f1512 tamper/versionedkeywords.py +0694e721b07b8242245688be5c7951a3a22f512ed73776a998885e4b1bc82bc7 tamper/versionedmorekeywords.py ce1b6bf8f296de27014d6f21aa8b3df9469d418740cd31c93d1f5e36d6c509cf tamper/xforwardedfor.py 55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 5e0094b40a..5ea175c08b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.13" +VERSION = "1.10.6.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index cb8dc946f7..28c56d82c7 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -35,8 +35,8 @@ def tamper(payload, **kwargs): * Used during the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html - >>> tamper("value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa") - "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa" + >>> tamper("1' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa") + "1'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa" """ def process(match): @@ -49,7 +49,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) retVal = retVal.replace(" /*!0", "/*!0") return retVal diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index d6365f9b77..073d0800a2 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -54,7 +54,7 @@ def process(match): retVal = "" if payload: - payload = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, payload) + payload = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, payload) for i in xrange(len(payload)): if payload[i].isspace(): diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 7ab7093319..3ee8e1aca7 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -46,7 +46,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index aea7d50e59..e53d0235ac 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -47,7 +47,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal From 06b74f9390ef4c859902f5274c831fa76e2087c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 19:52:38 +0200 Subject: [PATCH 04/23] Minor update of random tamper scripts --- data/txt/sha256sums.txt | 6 +++--- lib/core/settings.py | 2 +- tamper/randomcase.py | 2 +- tamper/randomcomments.py | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 6d969ad9b6..a56d4b506f 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -c584533e179c2286803f8fef0ac1272f6c33d3853a1bd2931183b98e0530f504 lib/core/settings.py +e7fedad87e6ac1d64f55236136ad6c316f107b1497921871a96337e3ab31a8d0 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -538,8 +538,8 @@ b17748d63b763a7bfd2188f44145345507ce71e1b46f29d747132da5c56d7ed0 tamper/overlon dea9ab017cc4bde6f61f95a4f400ecba441525ff2d2dba886a2bf3ecdc1af605 tamper/percentage.py 5437bc272398173c997d7b156dac1606dcde30421923bfc8f744d3668441d79e tamper/plus2concat.py 3cec7391b8b586474455ef4b089a27c67406ba02f91698647bb113c291f38692 tamper/plus2fnconcat.py -007a21d189bfedd48d4ca2704fb7ea709ea72f4b206e38a7fe40446a12b0a6e3 tamper/randomcase.py -27dfb51abe8f97a833309c2a42c31a63c0eda4711d122639c5ea31e5b5a9021a tamper/randomcomments.py +f5e2cccbe669b732c0b8aaa56c16522fd579168ff61a92d31f94c6970070dfe0 tamper/randomcase.py +5a7047f97c1e6a29e37c13607d92776f1b0eebce96f7e4d6926f459e73abb382 tamper/randomcomments.py e11f10ab09c2a7f44ca2a42b35f9db30d1d3715981bd830ea4e00968be51931b tamper/schemasplit.py 21fae428f0393ab287503cc99997fba33c9a001a19f6dd203bbcc420a62a4b90 tamper/scientific.py 7a71736657ca2b27a01f5f988a5c938d67a0f7e9558caba9041bd17b2cef9813 tamper/sleep2getlock.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 5ea175c08b..5314d8c7ba 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.14" +VERSION = "1.10.6.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 24cf7876ff..9535444cc3 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -61,6 +61,6 @@ def tamper(payload, **kwargs): if len(_) > 1 and _ not in (_.lower(), _.upper()): break - retVal = retVal.replace(word, _) + retVal = re.sub(r"\b%s\b" % word, _, retVal) return retVal diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index a4a185f79a..5e25d07321 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -45,6 +45,6 @@ def tamper(payload, **kwargs): index = randomRange(1, len(word) - 1) _ = word[:index] + "/**/" + word[index:] - retVal = retVal.replace(word, _) + retVal = re.sub(r"\b%s\b" % word, _, retVal) return retVal From f564db0d56ec16778a4dc12f9f3182220982b046 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 19:54:53 +0200 Subject: [PATCH 05/23] Minor correction of quote mechanism in tamper scripts --- data/txt/sha256sums.txt | 14 +++++++------- lib/core/settings.py | 2 +- tamper/space2comment.py | 4 ++-- tamper/space2morecomment.py | 4 ++-- tamper/space2mssqlblank.py | 4 ++-- tamper/space2mysqlblank.py | 4 ++-- tamper/space2plus.py | 4 ++-- tamper/space2randomblank.py | 4 ++-- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index a56d4b506f..0289a04a91 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -e7fedad87e6ac1d64f55236136ad6c316f107b1497921871a96337e3ab31a8d0 lib/core/settings.py +78e313a1ce6abe320486d241d03577083a3e68af0c51f99f2eff8c43ba600bf4 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -543,17 +543,17 @@ f5e2cccbe669b732c0b8aaa56c16522fd579168ff61a92d31f94c6970070dfe0 tamper/randomc e11f10ab09c2a7f44ca2a42b35f9db30d1d3715981bd830ea4e00968be51931b tamper/schemasplit.py 21fae428f0393ab287503cc99997fba33c9a001a19f6dd203bbcc420a62a4b90 tamper/scientific.py 7a71736657ca2b27a01f5f988a5c938d67a0f7e9558caba9041bd17b2cef9813 tamper/sleep2getlock.py -856de1573ba9b08f6f33e28ca5a96341697762afa163835dcd4772ba6e1dadc6 tamper/space2comment.py +7e23241588e21e17e2d167f696ebaa82b441338370e654357bbf29ee5393cb87 tamper/space2comment.py 715b56e60e8f7bf0a1198b356a32374797a8c2e1ba1f888794626205d63c63d5 tamper/space2dash.py 21c43aafe994e798335e6756fbed15f430629beb49042b56d47f232022044a65 tamper/space2hash.py -329fa6e9bb27e1770ccc1c42c3b3ddc8e57a970959d8482ff102d7bfee546a49 tamper/space2morecomment.py +e390a99ea7c8de562a489c11c245c8b778b58090f636d231ce06a22829eaddb5 tamper/space2morecomment.py ffa3e0e2b7b0d6461f4c38bd2314d33f7bbefa2cd4e78c4858551bcfa24b3b33 tamper/space2morehash.py -f823e5afbd5ab8e3fb478d984528c7f675561cf2b4eb6634a5bc11756097a01f tamper/space2mssqlblank.py +45994faf85d0329efae3a6d34cc978dde5802f5f34614c52575e38e36c98b7d2 tamper/space2mssqlblank.py 0d3b1336a5ca15de0ce5617c153f91ff8715c34cf886a71cb8df5ae887df301d tamper/space2mssqlhash.py -528723c9cea1d91dac22cb44cab6f8f0174f98c3c547b42017589d9a19a314e1 tamper/space2mysqlblank.py +05ea031d1de1073cf0efd336ec70814403169e4123709447854129a0d4032e24 tamper/space2mysqlblank.py 466bb10955155a042fe4ec3b3df6b98193fba1187a376179e0d4dbc068215d91 tamper/space2mysqldash.py -4ea418f8b226b0ab369f3a8e726b7df0bc4701a2d93585de70e13febe5f438b7 tamper/space2plus.py -b3b79bbcf48ba943af57978e32b928d567f28ed4e45651f15f9fe898e00c0331 tamper/space2randomblank.py +ef090bed1c71b5d6cd6422748799236dbdadbc70593a7b8ccb26ad07c7a76946 tamper/space2plus.py +93d1cf1f6fb977356c4c8dc2d7784d4564b8da3d9f16e8253f957f80af2491f3 tamper/space2randomblank.py 6769cbe7b42265ff257a49e17e894bc19ff805802e19f27d57c07a212de70a11 tamper/sp_password.py 8e52309b893770bce57215fd3bf42d53d7f0d164690b4121b598126cbaaf6bc3 tamper/substring2leftright.py d4b29c9a47961430dd0a24c22f8fe2968374ca5b0611e8b2837481c8d77672bf tamper/symboliclogical.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 5314d8c7ba..05e9210484 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.15" +VERSION = "1.10.6.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 818e118526..016b17cc6c 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -43,10 +43,10 @@ def tamper(payload, **kwargs): retVal += "/**/" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py index df823e7066..9db2791c9f 100644 --- a/tamper/space2morecomment.py +++ b/tamper/space2morecomment.py @@ -40,10 +40,10 @@ def tamper(payload, **kwargs): retVal += "/**_**/" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 0413f44741..1754e630b0 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -67,10 +67,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == '#' or payload[i:i + 3] == '-- ': diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index a0891989ca..ec5b7ffe5d 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -57,10 +57,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2plus.py b/tamper/space2plus.py index a6ec73fc09..1856b7718f 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -38,10 +38,10 @@ def tamper(payload, **kwargs): retVal += "+" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index cbf162ffcd..ac86ffc476 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -52,10 +52,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == ' ' and not doublequote and not quote: From 2c356ed22a692e1d47a135bdaf6bf3b2822c8d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:00:38 +0200 Subject: [PATCH 06/23] Minor fix of space2 tamper scripts --- data/txt/sha256sums.txt | 12 ++++++------ lib/core/settings.py | 2 +- tamper/space2dash.py | 22 ++++++++++++++++------ tamper/space2hash.py | 22 ++++++++++++++++------ tamper/space2morehash.py | 22 ++++++++++++++++------ tamper/space2mssqlhash.py | 20 +++++++++++++++----- tamper/space2mysqldash.py | 20 +++++++++++++++----- 7 files changed, 85 insertions(+), 35 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 0289a04a91..d670619669 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -78e313a1ce6abe320486d241d03577083a3e68af0c51f99f2eff8c43ba600bf4 lib/core/settings.py +fd9252af9bb49e13cd9be15fe4d9668224b422827b8549a76e9d99c2ec4eb68c lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -544,14 +544,14 @@ e11f10ab09c2a7f44ca2a42b35f9db30d1d3715981bd830ea4e00968be51931b tamper/schemas 21fae428f0393ab287503cc99997fba33c9a001a19f6dd203bbcc420a62a4b90 tamper/scientific.py 7a71736657ca2b27a01f5f988a5c938d67a0f7e9558caba9041bd17b2cef9813 tamper/sleep2getlock.py 7e23241588e21e17e2d167f696ebaa82b441338370e654357bbf29ee5393cb87 tamper/space2comment.py -715b56e60e8f7bf0a1198b356a32374797a8c2e1ba1f888794626205d63c63d5 tamper/space2dash.py -21c43aafe994e798335e6756fbed15f430629beb49042b56d47f232022044a65 tamper/space2hash.py +68b541ef75925f8e88a93129d3da259e0bbf7254febf637275382964a2763789 tamper/space2dash.py +181b201f230aa6104c1a184091e292f8529b0bb1b0c5c1b69ded33c248c2d1e3 tamper/space2hash.py e390a99ea7c8de562a489c11c245c8b778b58090f636d231ce06a22829eaddb5 tamper/space2morecomment.py -ffa3e0e2b7b0d6461f4c38bd2314d33f7bbefa2cd4e78c4858551bcfa24b3b33 tamper/space2morehash.py +cd972178ac4464c6692939c347a03a8c1f3f5dae9d3ef83ae82328fa542b7f49 tamper/space2morehash.py 45994faf85d0329efae3a6d34cc978dde5802f5f34614c52575e38e36c98b7d2 tamper/space2mssqlblank.py -0d3b1336a5ca15de0ce5617c153f91ff8715c34cf886a71cb8df5ae887df301d tamper/space2mssqlhash.py +7fbaceff3722a32c65f3e3857a61188f05f9ea241f6393670dbb14f7081b542c tamper/space2mssqlhash.py 05ea031d1de1073cf0efd336ec70814403169e4123709447854129a0d4032e24 tamper/space2mysqlblank.py -466bb10955155a042fe4ec3b3df6b98193fba1187a376179e0d4dbc068215d91 tamper/space2mysqldash.py +0a3bc5380bddbfddfd32ce0a353f1abf57894f03262503c4f6e88748ae4a7f58 tamper/space2mysqldash.py ef090bed1c71b5d6cd6422748799236dbdadbc70593a7b8ccb26ad07c7a76946 tamper/space2plus.py 93d1cf1f6fb977356c4c8dc2d7784d4564b8da3d9f16e8253f957f80af2491f3 tamper/space2randomblank.py 6769cbe7b42265ff257a49e17e894bc19ff805802e19f27d57c07a212de70a11 tamper/sp_password.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 05e9210484..a54b632787 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.16" +VERSION = "1.10.6.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/space2dash.py b/tamper/space2dash.py index b865e60fcf..88ccea33d6 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -34,13 +34,23 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "--%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "--%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2hash.py b/tamper/space2hash.py index 4a8d6916dc..cf7ac3323d 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -42,13 +42,23 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "%%23%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index 073d0800a2..a079a2eced 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -56,13 +56,23 @@ def process(match): if payload: payload = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, payload) + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "%%23%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index 49ac43a0a5..befd6966ee 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -28,12 +28,22 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - retVal += "%23%0A" - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + retVal += "%23%0A" + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index e5fb85aafa..4002349321 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -35,12 +35,22 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - retVal += "--%0A" - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + retVal += "--%0A" + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] From 2f4ff0d43029d4d197c65241c74352b1e0be2bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:06:07 +0200 Subject: [PATCH 07/23] Minor patches to tamper scripts --- data/txt/sha256sums.txt | 8 ++++---- lib/core/settings.py | 2 +- tamper/if2case.py | 30 +++++++++++++++++------------- tamper/ifnull2casewhenisnull.py | 30 +++++++++++++++++------------- tamper/ifnull2ifisnull.py | 30 +++++++++++++++++------------- 5 files changed, 56 insertions(+), 44 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index d670619669..042ef999e7 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -fd9252af9bb49e13cd9be15fe4d9668224b422827b8549a76e9d99c2ec4eb68c lib/core/settings.py +1190bfd8052d2acb7216451e015da54fb482e24478499a447ae756140fdcbed8 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -519,9 +519,9 @@ d528e74ae7c9fc0cd45369046d835a8f1e6f9252eeef6d84d9978d7e329ab35f tamper/escapeq f0a7b635061385a3bf399cc51faf4d5e10694266aaa21fba557ca655c00a09bc tamper/hex2char.py 9096cbf2283137d592408325347f46866fd139966c946f8ba1ea61826472d0bb tamper/hexentities.py 3e518ace6940d54e8844c83781756e85d5670c53dfac0a092c4ee36cd5111885 tamper/htmlencode.py -04028ea55034ef5c82167db35cb1276d3d5c717f6b22507b791342ccf82722ad tamper/if2case.py -365085e79d296791464ec3f041a26554b19ba4865c4a727e258e9586b0bcfbe7 tamper/ifnull2casewhenisnull.py -e73e3723d4b61515d7ad2c0fe6e9a9dcaeeac6a93ed6149f44d59e4e41543226 tamper/ifnull2ifisnull.py +d05dafb86e82807e75bb8f54dcd6afbb4a08ba3b83b35562fee7f7022a75dbd7 tamper/if2case.py +55092820a856f583cf1b661001b60216886d172cb7d0008920bf4ab3df88aff0 tamper/ifnull2casewhenisnull.py +eeda2b2fd54a4aa5fcf5630f8bfae43e0a38a840ae908e2f6b0878959067413c tamper/ifnull2ifisnull.py 94fe273bee7df27c9b4f1ee043779d06e4553169d9aec30c301d469275883dd1 tamper/informationschemacomment.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 tamper/__init__.py 017c91ba64c669382aa88ce627f925b00101a81c1a37a23dba09bfa2bfaf42ae tamper/least.py diff --git a/lib/core/settings.py b/lib/core/settings.py index a54b632787..e8bae95157 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.17" +VERSION = "1.10.6.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/if2case.py b/tamper/if2case.py index e43c4f8f21..f3c01ddb1c 100644 --- a/tamper/if2case.py +++ b/tamper/if2case.py @@ -36,26 +36,30 @@ def tamper(payload, **kwargs): 'SELECT CASE WHEN (1=1) THEN (SELECT "foo") ELSE (NULL) END' """ - if payload and payload.find("IF") > -1: + if payload and payload.find("IF(") > -1: payload = payload.replace("()", REPLACEMENT_MARKER) while payload.find("IF(") > -1: index = payload.find("IF(") depth = 1 commas, end = [], None + quote, doublequote = False, False for i in xrange(index + len("IF("), len(payload)): - if depth == 1 and payload[i] == ',': - commas.append(i) - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + commas.append(i) + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if len(commas) == 2 and end: a = payload[index + len("IF("):commas[0]].strip("()") diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index 36c8eb9462..9d94e46714 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -33,25 +33,29 @@ def tamper(payload, **kwargs): 'CASE WHEN ISNULL(1) THEN (2) ELSE (1) END' """ - if payload and payload.find("IFNULL") > -1: + if payload and payload.find("IFNULL(") > -1: while payload.find("IFNULL(") > -1: index = payload.find("IFNULL(") depth = 1 comma, end = None, None + quote, doublequote = False, False for i in xrange(index + len("IFNULL("), len(payload)): - if depth == 1 and payload[i] == ',': - comma = i - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + comma = i + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if comma and end: _ = payload[index + len("IFNULL("):comma] diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index a6399f290d..3ede6ac358 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -33,25 +33,29 @@ def tamper(payload, **kwargs): 'IF(ISNULL(1),2,1)' """ - if payload and payload.find("IFNULL") > -1: + if payload and payload.find("IFNULL(") > -1: while payload.find("IFNULL(") > -1: index = payload.find("IFNULL(") depth = 1 comma, end = None, None + quote, doublequote = False, False for i in xrange(index + len("IFNULL("), len(payload)): - if depth == 1 and payload[i] == ',': - comma = i - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + comma = i + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if comma and end: _ = payload[index + len("IFNULL("):comma] From 0d4aff7e1ad500dadb8b2ecad8632e60fd6c6b04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:18:12 +0200 Subject: [PATCH 08/23] Fixing MySQL stacked file reading --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/mysql/filesystem.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 042ef999e7..ebad847a68 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -1190bfd8052d2acb7216451e015da54fb482e24478499a447ae756140fdcbed8 lib/core/settings.py +4e61f2c9dfbb8ba277d55a33d4ef193e355539259e1a1bd4e835f7855d95a465 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -399,7 +399,7 @@ a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/m 57f263084438e9b2ec2e62909fc51871e9eefb1a9156bbe87908592c5274b639 plugins/dbms/mssqlserver/takeover.py 275ffb2a63c179a5b1673866fcd4020d7f30a68e6d7736e7e21094e2a3234578 plugins/dbms/mysql/connector.py 51590c30177adf8c435e4d6d4be070f6708d81793f70577d9317daa4ef2485ba plugins/dbms/mysql/enumeration.py -9523715aa823ecfc7a914afabf5fe3091583c93a23ccc270c61a78b007b7a652 plugins/dbms/mysql/filesystem.py +5114ca85e5aac6eaebf2ca2cf6b944250329d2d5c36a36015ac34599c9437838 plugins/dbms/mysql/filesystem.py b5708a7e3179896f0242f6188642d0f613371b2f621ad8ebb0a53c934dd36259 plugins/dbms/mysql/fingerprint.py e2289734859246e6c1a150d12914a711901d10140659beded7aa14f22d11bca3 plugins/dbms/mysql/__init__.py 02a37c42e8a87496858fd6f9d77a5ab9375ea63a004c5393e3d02ca72bc55f19 plugins/dbms/mysql/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index e8bae95157..5885f16b44 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.18" +VERSION = "1.10.6.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index acde3cc35c..f8c83be25e 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -79,7 +79,7 @@ def stackedReadFile(self, remoteFile): if length > chunkSize: result = [] - for i in xrange(1, length, chunkSize): + for i in xrange(1, length + 1, chunkSize): chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) result.append(chunk) else: From a20f9308445c7b2b430359650ea8b474f5e15886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:21:34 +0200 Subject: [PATCH 09/23] Fixing MsSQL stacked file write --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index ebad847a68..c3a1704a13 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -4e61f2c9dfbb8ba277d55a33d4ef193e355539259e1a1bd4e835f7855d95a465 lib/core/settings.py +9fdad19c69b18508bb2b20270f49826292995a080d37ee3c3b5a38f263c463f4 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -392,7 +392,7 @@ ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e plugins/dbms/m 236fd244f0bbc3976b389429a8176feda6c243267564c2a0eff6fc2458c1b3f9 plugins/dbms/monetdb/takeover.py 6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51 plugins/dbms/mssqlserver/connector.py 52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7 plugins/dbms/mssqlserver/enumeration.py -838ed364ce46ae37fb5b02f47d2767f7d49595f81caf4bc51c1e25fd18e4aa65 plugins/dbms/mssqlserver/filesystem.py +e7e5504465c2f2d891afd4eb8847858ce7560f2963155a771e32dd0b35f823e4 plugins/dbms/mssqlserver/filesystem.py 38ade085f9f1b227eda8c89f78e3ce869e8f430c98bef0cc7cbd2c7dcd60c24e plugins/dbms/mssqlserver/fingerprint.py 1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4 plugins/dbms/mssqlserver/__init__.py a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/mssqlserver/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 5885f16b44..baf781af75 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.19" +VERSION = "1.10.6.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 416cf2d28f..218e16f0da 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -336,6 +336,7 @@ def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType): # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5581 vbs = codecs.decode(vbs, "rot13") vbs = vbs.replace(" ", "") + vbs = vbs % (randFilePath, remoteFile) encodedFileContent = encodeBase64(localFileContent, binary=False) logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath) From 6d1382f4486436f86171a2f62377611ec9e85c41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:38:31 +0200 Subject: [PATCH 10/23] Minor patch for MaxDB and Sybase enumeration --- data/txt/sha256sums.txt | 6 +++--- lib/core/settings.py | 2 +- plugins/dbms/maxdb/enumeration.py | 11 ++++++----- plugins/dbms/sybase/enumeration.py | 11 ++++++----- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index c3a1704a13..1d410f849f 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -9fdad19c69b18508bb2b20270f49826292995a080d37ee3c3b5a38f263c463f4 lib/core/settings.py +e7cfea318fcc39b2f7271138df268ebc939da1c166be1180bb7ee560f47332ed lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -363,7 +363,7 @@ d4a7721fa80465ac30679ba79e7a448aa94b2efa1dbf4119766bc7084d7e87e4 plugins/dbms/i 1ce793ee91c4de6eb7839adc379652d55ef54f162a9a030b948c54d55dc93c14 plugins/dbms/informix/takeover.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 plugins/dbms/__init__.py 3869c8a1d6ddd4dbfe432217bb269398ecd658aaa7af87432e8fa3d4d4294bbc plugins/dbms/maxdb/connector.py -3d0fef588c8972fc1aeab0c58d800cd128b557a48d8666c36c5b6dbc9617d19d plugins/dbms/maxdb/enumeration.py +fee0735986508dbbe2524d8c758694cea0d9b258547ee2a940ea139b0f6210b4 plugins/dbms/maxdb/enumeration.py e67ecd7a1faf1ef9e263c387526f4cdeefd58e07532750b4ebffccc852fab4d2 plugins/dbms/maxdb/filesystem.py 78d04c8a298f9525c9f0f392fa542c86d5629b0e35dd9383960a238ee937fb93 plugins/dbms/maxdb/fingerprint.py 10db7520bc988344e10fe1621aa79796d7e262c53da2896a6b46fcf9ee6f5ba4 plugins/dbms/maxdb/__init__.py @@ -454,7 +454,7 @@ f5b28fe6ff99de3716e7e2cd2304784a4c49b1df7a292381dae0964fb9ef80f3 plugins/dbms/s 351a9accf1af8f7d18680b71d9c591afbe2dec8643c774e2a3c67cc56474a409 plugins/dbms/sqlite/syntax.py e56033f9a9a1ef904a6cdbc0d71f02f93e8931a46fe050d465a87e38eb92df67 plugins/dbms/sqlite/takeover.py b801f9ed84dd26532a4719d1bf033dfde38ecaccbdea9e6f5fd6b3395b67430d plugins/dbms/sybase/connector.py -8173165097ac6720258cf8a5ccf97600d5aa94378182ad0e1ccaa4cfcfa0c038 plugins/dbms/sybase/enumeration.py +397836e1d3cff87627f92633b4852bbbb143ca4306fe99ab577b25b7aa69c9cb plugins/dbms/sybase/enumeration.py 73b41e33381cd8b13c21959006ef1c6006540d00d53b3ccb1a7915578b860f23 plugins/dbms/sybase/filesystem.py 49ec03fe92dab994ee7f75713144b71df48469dca9eb8f9654d54cdcb227ea2c plugins/dbms/sybase/fingerprint.py 0d234ddd3f66b5153feb422fc1d75937b432d96b5e5f8df2301ddcadf6c722b2 plugins/dbms/sybase/__init__.py diff --git a/lib/core/settings.py b/lib/core/settings.py index baf781af75..2e68d8c6fa 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.20" +VERSION = "1.10.6.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index ab791f6e74..be85e648d7 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -197,9 +197,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod return {conf.db: kb.data.cachedColumns[conf.db]} if dumpMode and colList: - table = {} - table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) continue infoMsg = "fetching columns " @@ -219,8 +219,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod for columnname, datatype, length in _zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]): columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length) - table[tbl] = columns - kb.data.cachedColumns[conf.db] = table + if conf.db not in kb.data.cachedColumns: + kb.data.cachedColumns[conf.db] = {} + kb.data.cachedColumns[conf.db][tbl] = columns return kb.data.cachedColumns diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index afc4bba1a7..cc984bce97 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -265,9 +265,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod return {conf.db: kb.data.cachedColumns[conf.db]} if dumpMode and colList: - table = {} - table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) continue infoMsg = "fetching columns " @@ -286,8 +286,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod for name, type_ in filterPairValues(_zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])): columns[name] = SYBASE_TYPES.get(int(type_) if hasattr(type_, "isdigit") and type_.isdigit() else type_, type_) - table[safeSQLIdentificatorNaming(tbl, True)] = columns - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns break From 46ba1d1bf10c9cc5b91ee43335fc847aa6f3818f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:39:59 +0200 Subject: [PATCH 11/23] Fixing stacked writing for PgSQL --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/postgresql/filesystem.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 1d410f849f..a878f0b52d 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -e7cfea318fcc39b2f7271138df268ebc939da1c166be1180bb7ee560f47332ed lib/core/settings.py +da73ddb39eb59012230739eba1a5ccbd32d6c4ef8ae23d2e847c12e50d6705bd lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -413,7 +413,7 @@ a5ec593a2e57d658e3448dd108781a3761484c41c0f67f6a3db59d9def57d71a plugins/dbms/o a74fc203fbcc1c4a0656f40ed51274c53620be095e83b3933b5d2e23c6cea577 plugins/dbms/oracle/takeover.py cc55a6bb81c182fca0482acd77ff065c441944ed7a7ef28736e4dff35d9dce5b plugins/dbms/postgresql/connector.py 81a6554971126121465060fd671d361043383e2930102e753c1ad5a1bea0abf6 plugins/dbms/postgresql/enumeration.py -cd6e7b03623f9cecd8151ddaac111072edb79e16588da8e7b3c37e9d233b290b plugins/dbms/postgresql/filesystem.py +bdb13225f822227c32051a296918b3ed423a0644ce0c962db13a0dc0e9636395 plugins/dbms/postgresql/filesystem.py 56a3c0b692187aef120fedb639e10cecf02fbf46e9625d327a0cd4ae07c6724e plugins/dbms/postgresql/fingerprint.py 9c14f8ad202051f3f7b72147bae891abb9aa848a6645aa614a051314ac91891a plugins/dbms/postgresql/__init__.py 4fce63dd766a35b7273351df2de706c37a0392479578705853b4333c119f2270 plugins/dbms/postgresql/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e68d8c6fa..018491fb36 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.21" +VERSION = "1.10.6.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index d0298f2b62..01d8631d1c 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -65,7 +65,7 @@ def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): for sqlQuery in sqlQueries: inject.goStacked(sqlQuery) - inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName)) + inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT ARRAY_TO_STRING(ARRAY_AGG(%s), '') FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName)) inject.goStacked("DELETE FROM %s" % self.fileTblName) self.page += 1 From 4f425792e33cd44b777b251414ce09933a1bee87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:47:10 +0200 Subject: [PATCH 12/23] Fixing Java-based connectors --- data/txt/sha256sums.txt | 6 +++--- lib/core/settings.py | 2 +- plugins/dbms/cache/connector.py | 5 +++-- plugins/dbms/hsqldb/connector.py | 5 +++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index a878f0b52d..e60e4225fc 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -da73ddb39eb59012230739eba1a5ccbd32d6c4ef8ae23d2e847c12e50d6705bd lib/core/settings.py +b882f773b9c95c628b78ff232ef75c2f26b4303f0db9a4283aa8f0a616114988 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -277,7 +277,7 @@ c07f786b06dc694fa6e300f69b3e838dc9c917cf8120306f1c23e834193d3694 plugins/dbms/a b55d9c944cf390cd496bd5e302aa5815c9c327d5bb400dc9426107c91a40846d plugins/dbms/altibase/__init__.py 859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e plugins/dbms/altibase/syntax.py 2c3bb750d3c1fb1547ec59eb392d66df37735bd74cca4d2c745141ea577cce1e plugins/dbms/altibase/takeover.py -c03bf2d0584327f83956209f4f4697661b908b32b6fe5a1f9f2e06560870b084 plugins/dbms/cache/connector.py +584e1ecd6ab812b52a0e959d1e061895411109f145fb81faf435a2c568f91c53 plugins/dbms/cache/connector.py 49b591c1b1dc7927f59924447ad8ec5cb9d97a74ad4b34b43051253876c27cdc plugins/dbms/cache/enumeration.py 672dc9b3d291aa4f5d6c4cbe364e92b92e19ee6de86f6d9b9a4dda7d5611b409 plugins/dbms/cache/filesystem.py ef270e87f7fc2556f900c156a4886f995a185ff920df9d2cd954db54ee1f0b77 plugins/dbms/cache/fingerprint.py @@ -347,7 +347,7 @@ c14d73712d9d6fcfa6b580d72075d51901c472bdd7e1bc956973363ad1fca4d8 plugins/dbms/h 742d4a29f8875c8dabe58523b5e3b27c66e29a964342ec6acd19a71714b46bb1 plugins/dbms/h2/__init__.py 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/h2/syntax.py c994c855cf0d30cf0fa559a1d9afc22c3e31a14ba2634f11a1a393c7f6ec4b95 plugins/dbms/h2/takeover.py -eedf40aa079cfaae5616b213ff994f796b726fcfb99c567db51cdf2cd75aacc7 plugins/dbms/hsqldb/connector.py +cda313311ae5041eb8129db7cff8f9d9d42296313929cf72938e962d6ec46466 plugins/dbms/hsqldb/connector.py 03c8dd263a4d175f3b55e9cbcaa2823862abf858bab5363771792d8fd49d77a1 plugins/dbms/hsqldb/enumeration.py 2e64d477331cb7da88757d081abf2885d025b51874f6b16bde83d82f1430bc35 plugins/dbms/hsqldb/filesystem.py b5b86da64fc24453a3354523a786a2047b99cd200eae7015eef180655be5cff5 plugins/dbms/hsqldb/fingerprint.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 018491fb36..397ee49762 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.22" +VERSION = "1.10.6.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/cache/connector.py b/plugins/dbms/cache/connector.py index 2f2d3c5102..67a661e4a4 100644 --- a/plugins/dbms/cache/connector.py +++ b/plugins/dbms/cache/connector.py @@ -37,8 +37,9 @@ def connect(self): jar = readInput(msg) checkFile(jar) args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) + if not jpype.isJVMStarted(): + jvm_path = jpype.getDefaultJVMPath() + jpype.startJVM(jvm_path, args) except Exception as ex: raise SqlmapConnectionException(getSafeExString(ex)) diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index 429337d20b..95630b76e6 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -37,8 +37,9 @@ def connect(self): jar = readInput(msg) checkFile(jar) args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) + if not jpype.isJVMStarted(): + jvm_path = jpype.getDefaultJVMPath() + jpype.startJVM(jvm_path, args) except Exception as ex: raise SqlmapConnectionException(getSafeExString(ex)) From 244d2831983b4426c482777fb5e9b4b52e506039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:49:50 +0200 Subject: [PATCH 13/23] Minor patch for stacked file writing in HSQLDB --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/hsqldb/filesystem.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index e60e4225fc..856558fb92 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -b882f773b9c95c628b78ff232ef75c2f26b4303f0db9a4283aa8f0a616114988 lib/core/settings.py +453c290d9326f91fa8607d13aa73c0de0a871f4d5d325ca6211e5e954f058daf lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -349,7 +349,7 @@ c14d73712d9d6fcfa6b580d72075d51901c472bdd7e1bc956973363ad1fca4d8 plugins/dbms/h c994c855cf0d30cf0fa559a1d9afc22c3e31a14ba2634f11a1a393c7f6ec4b95 plugins/dbms/h2/takeover.py cda313311ae5041eb8129db7cff8f9d9d42296313929cf72938e962d6ec46466 plugins/dbms/hsqldb/connector.py 03c8dd263a4d175f3b55e9cbcaa2823862abf858bab5363771792d8fd49d77a1 plugins/dbms/hsqldb/enumeration.py -2e64d477331cb7da88757d081abf2885d025b51874f6b16bde83d82f1430bc35 plugins/dbms/hsqldb/filesystem.py +efce2b895a68cfeb78bd59803d8d4b543c478b090a57a1edd11bcaa67d125368 plugins/dbms/hsqldb/filesystem.py b5b86da64fc24453a3354523a786a2047b99cd200eae7015eef180655be5cff5 plugins/dbms/hsqldb/fingerprint.py 321a8efe7b65cbdf69ff4a8c1509bd97ed5f0edd335a3742e3d19bca2813e24a plugins/dbms/hsqldb/__init__.py 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/hsqldb/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 397ee49762..ecab373f76 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.23" +VERSION = "1.10.6.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index d5e7854841..869279e7e4 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -47,7 +47,7 @@ def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=Fals logger.debug(debugMsg) # Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures - invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (func_name, remoteFile, fcEncodedStr, max_bytes) + invokeQuery = "CALL %s('%s', X'%s')" % (func_name, remoteFile, fcEncodedStr) inject.goStacked(invokeQuery) logger.debug("cleaning up the database management system") From 3d0932c21701b9780069fde137998995944c2583 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:51:21 +0200 Subject: [PATCH 14/23] Minor patch for MsSQL stacked file reading --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 856558fb92..c0b17f3064 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -453c290d9326f91fa8607d13aa73c0de0a871f4d5d325ca6211e5e954f058daf lib/core/settings.py +7f3a69024646d9b91b278cff6523d498f03853383bb72db78abca6dcbe925608 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -392,7 +392,7 @@ ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e plugins/dbms/m 236fd244f0bbc3976b389429a8176feda6c243267564c2a0eff6fc2458c1b3f9 plugins/dbms/monetdb/takeover.py 6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51 plugins/dbms/mssqlserver/connector.py 52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7 plugins/dbms/mssqlserver/enumeration.py -e7e5504465c2f2d891afd4eb8847858ce7560f2963155a771e32dd0b35f823e4 plugins/dbms/mssqlserver/filesystem.py +67cd70b64aed27af467682ceae8e20992b6765d2374d5762efb5a4585b8a6f79 plugins/dbms/mssqlserver/filesystem.py 38ade085f9f1b227eda8c89f78e3ce869e8f430c98bef0cc7cbd2c7dcd60c24e plugins/dbms/mssqlserver/fingerprint.py 1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4 plugins/dbms/mssqlserver/__init__.py a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/mssqlserver/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index ecab373f76..723a34d41d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.24" +VERSION = "1.10.6.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 218e16f0da..870f51e65b 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -119,7 +119,7 @@ def stackedReadFile(self, remoteFile): DECLARE @firstint INT DECLARE @secondint INT - SET @tempint = CONVERT(INT, (SELECT ASCII(SUBSTRING(%s, @counter, 1)) FROM %s)) + SET @tempint = CONVERT(INT, (SELECT TOP 1 ASCII(SUBSTRING(%s, @counter, 1)) FROM %s)) SET @firstint = floor(@tempint/16) SET @secondint = @tempint - (@firstint * 16) SET @hexstr = @hexstr + SUBSTRING(@charset, @firstint+1, 1) + SUBSTRING(@charset, @secondint+1, 1) From b3f3405775a5bc21500c24ddecfaf088811c9fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 20:54:07 +0200 Subject: [PATCH 15/23] Minor patch for Oracle's readFile --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/oracle/filesystem.py | 29 ++++++++++++++--------------- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index c0b17f3064..9b3ab0dde8 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -7f3a69024646d9b91b278cff6523d498f03853383bb72db78abca6dcbe925608 lib/core/settings.py +71b300a11450d5ee75ba2197a1b81e8321cc277c43c48a509ee1fa8bbae78144 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -406,7 +406,7 @@ e2289734859246e6c1a150d12914a711901d10140659beded7aa14f22d11bca3 plugins/dbms/m 1e6a7c6cc77772a4051d88604774ba5cc9e06b1180f7dba9809d0739bc65cf37 plugins/dbms/mysql/takeover.py af1b89286e8d918e1d749db7cce87a1eae2b038c120fb799cc8ee766eb6b03e1 plugins/dbms/oracle/connector.py 5965da4e8020291beb6f35a5e11a6477edb749bdeba668225aea57af9754a4b3 plugins/dbms/oracle/enumeration.py -94132121cd085e314e9fe63d2ac174e0e26acd4ed17cdce46f93ab36c71967d9 plugins/dbms/oracle/filesystem.py +b8812b1e1a7c68283de3dd264bbeef1fed91eaada720fcfe088f3a62fd9fc614 plugins/dbms/oracle/filesystem.py 0b2dd004b9c9c41dbdd6e93f536f31a2a0b62c2815eb8099299cd692b0dd08a1 plugins/dbms/oracle/fingerprint.py fd0bfc194540bd83843e4b45f431ad7e9c8fd4a01959f15f2a5e30dcfa6acf60 plugins/dbms/oracle/__init__.py a5ec593a2e57d658e3448dd108781a3761484c41c0f67f6a3db59d9def57d71a plugins/dbms/oracle/syntax.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 723a34d41d..97e59e500c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.25" +VERSION = "1.10.6.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 197b9bddc9..258a79147c 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -31,25 +31,24 @@ def readFile(self, remoteFile): payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) - for remoteFile in remoteFile.split(','): - if not kb.bruteMode: - infoMsg = "fetching file: '%s'" % remoteFile - logger.info(infoMsg) + if not kb.bruteMode: + infoMsg = "fetching file: '%s'" % remoteFile + logger.info(infoMsg) - kb.fileReadMode = True - fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) - kb.fileReadMode = False + kb.fileReadMode = True + fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) + kb.fileReadMode = False - if not isNoneValue(fileContent): - fileContent = decodeDbmsHexValue(fileContent, True) + if not isNoneValue(fileContent): + fileContent = decodeDbmsHexValue(fileContent, True) - if fileContent.strip(): - localFilePath = dataToOutFile(remoteFile, fileContent) - localFilePaths.append(localFilePath) + if fileContent.strip(): + localFilePath = dataToOutFile(remoteFile, fileContent) + localFilePaths.append(localFilePath) - elif not kb.bruteMode: - errMsg = "no data retrieved" - logger.error(errMsg) + elif not kb.bruteMode: + errMsg = "no data retrieved" + logger.error(errMsg) return localFilePaths From 8d91c65bdbb67a3320301de199fd3f0b224500af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:06:07 +0200 Subject: [PATCH 16/23] Minor patch for --parse-errors logic --- data/txt/sha256sums.txt | 4 ++-- lib/core/common.py | 4 +--- lib/core/settings.py | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9b3ab0dde8..04517167fe 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -167,7 +167,7 @@ d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f lib/controller 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/controller/__init__.py 9e694e4864d865c5da745aaf9d35da885eff697a9a0f7b37c3e85d47b4378f64 lib/core/agent.py b13462712ec5ac07541dba98631ddcda279d210b838f363d15ac97a1413b67a2 lib/core/bigarray.py -9abf4df5ef34cfaf188249483a3e95a486212fd4504eb322dcb07a17b2fff16b lib/core/common.py +2a9d87359d4b7d4fa8a818e4ee8f7a6fd3d3cf46feae17d21e7a3370c5cee5d2 lib/core/common.py a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e lib/core/compat.py 461f2666d500f9a91210fec558e6ee68af61c752de5498490bc96c11b32a6b0a lib/core/convert.py c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.py @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -71b300a11450d5ee75ba2197a1b81e8321cc277c43c48a509ee1fa8bbae78144 lib/core/settings.py +861da48146d071307a1898b05d41bce4cf0d603ed15b4e65b16c4968480ea0a6 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py diff --git a/lib/core/common.py b/lib/core/common.py index 4baadd4da9..798de5a216 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2884,9 +2884,6 @@ def extractErrorMessage(page): retVal = None if isinstance(page, six.string_types): - if wasLastResponseDBMSError(): - page = re.sub(r"<[^>]+>", "", page) - for regex in ERROR_PARSING_REGEXES: match = re.search(regex, page, re.IGNORECASE) @@ -2897,6 +2894,7 @@ def extractErrorMessage(page): break if not retVal and wasLastResponseDBMSError(): + page = re.sub(r"<[^>]+>", "", page) match = re.search(r"[^\n]*SQL[^\n:]*:[^\n]*", page, re.IGNORECASE) if match: diff --git a/lib/core/settings.py b/lib/core/settings.py index 97e59e500c..343a425e88 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.26" +VERSION = "1.10.6.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 10282a399345d6e50f93ec82ac3f6f3a5928676d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:20:16 +0200 Subject: [PATCH 17/23] Fixing Set-Cookie handling in redirection responses --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 04517167fe..d447d8a224 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -861da48146d071307a1898b05d41bce4cf0d603ed15b4e65b16c4968480ea0a6 lib/core/settings.py +b01f984afcb49f0003cbe68b0ca4d6e6b4b5392cd55deedb33c47d07b940a53c lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -220,7 +220,7 @@ aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e lib/request/in ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4 lib/request/methodrequest.py 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568 lib/request/pkihandler.py b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e lib/request/rangehandler.py -47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30 lib/request/redirecthandler.py +f3783c485352ea9293de26309217b26ce26ace92749fc402f4f73850762055f8 lib/request/redirecthandler.py 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb lib/request/templates.py 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457 lib/takeover/abstraction.py d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab lib/takeover/icmpsh.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 343a425e88..dc52e82bd4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.27" +VERSION = "1.10.6.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index a51b6dd809..0deb039256 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -136,7 +136,7 @@ def http_error_302(self, req, fp, code, msg, headers): delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER last = None - for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []): + for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE].split(';')[0]] if HTTP_HEADER.SET_COOKIE in headers else []): if '=' in part: part = part.strip() key, value = part.split('=', 1) From 249d2a6cbb856f9f9974c88ba6ac978b0a4ad8bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:25:20 +0200 Subject: [PATCH 18/23] Fixing mime-type recognition in dumped values --- data/txt/sha256sums.txt | 4 ++-- lib/core/dump.py | 2 +- lib/core/settings.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index d447d8a224..8fe6a42a54 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -175,7 +175,7 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data. 70fb2528e580b22564899595b0dff6b1bc257c6a99d2022ce3996a3d04e68e4e lib/core/decorators.py 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d lib/core/defaults.py 2f44a1bfe6f18aafe64147b99e69aa93cf438c0e7befe59f4e2aee9065c8b7b6 lib/core/dicts.py -ccd3b414727ef75f5d533f9518198b61322781f3ee53a86643763e029b2874c0 lib/core/dump.py +b37d3b745f82fe93eb3608683e87305b767e04f7cbf93dbb13ff33452c67d90a lib/core/dump.py 23e33f0b457e2a7114c9171ba9b42e1751b71ee3f384bba7fad39e4490adb803 lib/core/enums.py 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4 lib/core/exception.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/core/__init__.py @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -b01f984afcb49f0003cbe68b0ca4d6e6b4b5392cd55deedb33c47d07b940a53c lib/core/settings.py +63f72d10d0b148bae60d669a12df6577845e73087f82d000decb92f0fe4d4e93 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py diff --git a/lib/core/dump.py b/lib/core/dump.py index 26d5056908..1172526f30 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -623,7 +623,7 @@ def dbTableValues(self, tableValues): if len(value) > MIN_BINARY_DISK_DUMP_SIZE and r'\x' in value: try: - mimetype = getText(magic.from_buffer(value, mime=True)) + mimetype = getText(magic.from_buffer(getBytes(value), mime=True)) if any(mimetype.startswith(_) for _ in ("application", "image")): if not os.path.isdir(dumpDbPath): os.makedirs(dumpDbPath) diff --git a/lib/core/settings.py b/lib/core/settings.py index dc52e82bd4..6368f538dc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.28" +VERSION = "1.10.6.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 195c4bec34cfa6079d3b08de05b1e5302a7c473a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:28:54 +0200 Subject: [PATCH 19/23] Further improving Set-Cookie logic in redirections --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 8 +++++++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 8fe6a42a54..4d169999d3 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -63f72d10d0b148bae60d669a12df6577845e73087f82d000decb92f0fe4d4e93 lib/core/settings.py +39ab39f89872540387d9b6c2287ccdb5a67de484bd940f057786314cf9c2688c lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -220,7 +220,7 @@ aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e lib/request/in ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4 lib/request/methodrequest.py 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568 lib/request/pkihandler.py b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e lib/request/rangehandler.py -f3783c485352ea9293de26309217b26ce26ace92749fc402f4f73850762055f8 lib/request/redirecthandler.py +673fbe28e3031a9be6f1d5b9ee8af4985dd9f69458ca1264e2eb3c3eec8d8c3d lib/request/redirecthandler.py 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb lib/request/templates.py 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457 lib/takeover/abstraction.py d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab lib/takeover/icmpsh.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 6368f538dc..37c7573330 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.29" +VERSION = "1.10.6.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 0deb039256..0c1e9d0869 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -136,7 +136,7 @@ def http_error_302(self, req, fp, code, msg, headers): delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER last = None - for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE].split(';')[0]] if HTTP_HEADER.SET_COOKIE in headers else []): + for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter): if '=' in part: part = part.strip() key, value = part.split('=', 1) @@ -145,6 +145,12 @@ def http_error_302(self, req, fp, code, msg, headers): elif last: cookies[last] += "%s%s" % (delimiter, part) + if HTTP_HEADER.SET_COOKIE in headers: + for match in re.finditer(r"(?:^|,\s*)([^=;,]+)=([^;,]+)", headers[HTTP_HEADER.SET_COOKIE]): + key = match.group(1).strip() + if key.lower() not in ("expires", "path", "domain", "max-age", "secure", "httponly", "samesite"): + cookies[key] = match.group(2).strip() + req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) try: From b67ea8f294fb78d7c62409b3aa28dfbdbba4c27b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:32:06 +0200 Subject: [PATCH 20/23] Minor fix --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/utils/brute.py | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 4d169999d3..3026416674 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -39ab39f89872540387d9b6c2287ccdb5a67de484bd940f057786314cf9c2688c lib/core/settings.py +6e1f8c9c82327f2da8c4c8db535fc09cbf4dbae88b33eeeff2a267694c99cadf lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -242,7 +242,7 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d lib/techniques 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b lib/techniques/union/test.py a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0 lib/techniques/union/use.py f64f2e9df844061ff0b7b97907ac959e6e03c0eda4cbb273145985b90adc081d lib/utils/api.py -ea5e14f8c9d74b0fb17026b14e3fb70ee90e4046e51ab2c16652d86b3ca9b949 lib/utils/brute.py +442555ab85277aff7c9e0cf465ea5b0d28395c326f68363449b2d3941f4b6de2 lib/utils/brute.py da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718 lib/utils/crawler.py a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps.py 51cfab194cd5b6b24d62706fb79db86c852b9e593f4c55c15b35f175e70c9d75 lib/utils/getch.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 37c7573330..6e0fec178f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.30" +VERSION = "1.10.6.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/brute.py b/lib/utils/brute.py index 7833a3982c..5f917e26a3 100644 --- a/lib/utils/brute.py +++ b/lib/utils/brute.py @@ -310,7 +310,9 @@ def columnExistsThread(): else: columns[column] = "non-numeric" - kb.data.cachedColumns[conf.db] = {table: columns} + if conf.db not in kb.data.cachedColumns: + kb.data.cachedColumns[conf.db] = {} + kb.data.cachedColumns[conf.db][table] = columns for _ in ((conf.db, table, item[0], item[1]) for item in columns.items()): if _ not in kb.brute.columns: From 3e8a69cfbe27b0b469df28b9f4422edfec09f5da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:34:11 +0200 Subject: [PATCH 21/23] Minor patch --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/utils/api.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 3026416674..675a8e50d4 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -6e1f8c9c82327f2da8c4c8db535fc09cbf4dbae88b33eeeff2a267694c99cadf lib/core/settings.py +a32ad6c856581ecf1629841477e5db9432063bbea7ab5881a2ed353fefb1fa6f lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -241,7 +241,7 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d lib/techniques 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/techniques/union/__init__.py 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b lib/techniques/union/test.py a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0 lib/techniques/union/use.py -f64f2e9df844061ff0b7b97907ac959e6e03c0eda4cbb273145985b90adc081d lib/utils/api.py +9ff41fda2d5738c7cc3ab794ab25e7d6b28dd17f7d9b096da9ba9ee395445f30 lib/utils/api.py 442555ab85277aff7c9e0cf465ea5b0d28395c326f68363449b2d3941f4b6de2 lib/utils/brute.py da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718 lib/utils/crawler.py a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 6e0fec178f..b14c49cb88 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.31" +VERSION = "1.10.6.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 5e5bc61e88..d576c7ba1e 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -660,7 +660,7 @@ def download(taskid, target, filename): path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename)) # Prevent file path traversal - if not path.startswith(paths.SQLMAP_OUTPUT_PATH): + if not path.startswith(os.path.join(paths.SQLMAP_OUTPUT_PATH, "")): logger.warning("[%s] Forbidden path (%s)" % (taskid, target)) return jsonize({"success": False, "message": "Forbidden path"}) From cfd9309be439cc02f6bc784acc2a1a77705f63f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:50:49 +0200 Subject: [PATCH 22/23] Minor patch --- data/txt/sha256sums.txt | 4 ++-- lib/core/agent.py | 2 +- lib/core/settings.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 675a8e50d4..ea25236f87 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -165,7 +165,7 @@ ced1c82713afc1309c1495485b3d25a11c95af1f7460ea7922dbb96dacac37b4 lib/controller c1881685bef8504ded32c51abed00ab51849008c84b74e8a66117e5f5041b3df lib/controller/controller.py d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f lib/controller/handler.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/controller/__init__.py -9e694e4864d865c5da745aaf9d35da885eff697a9a0f7b37c3e85d47b4378f64 lib/core/agent.py +b2555d11529689f5d7d02bee0741d3228969e2bf29a2b9140bf1560ff60249e7 lib/core/agent.py b13462712ec5ac07541dba98631ddcda279d210b838f363d15ac97a1413b67a2 lib/core/bigarray.py 2a9d87359d4b7d4fa8a818e4ee8f7a6fd3d3cf46feae17d21e7a3370c5cee5d2 lib/core/common.py a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e lib/core/compat.py @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -a32ad6c856581ecf1629841477e5db9432063bbea7ab5881a2ed353fefb1fa6f lib/core/settings.py +f01a6b1bd013e23b2b273adf85767101529da406000878f1074366bdd450f78d lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py diff --git a/lib/core/agent.py b/lib/core/agent.py index aacdf57898..be235b7447 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -203,7 +203,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N origValue = encodeBase64(origValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING) if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER): - _ = "%s%s" % (origValue, kb.customInjectionMark) + _ = "%s%s" % (_origValue if base64Encoding else origValue, kb.customInjectionMark) if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '"%s"' % _ not in paramString: newValue = '"%s"' % self.addPayloadDelimiters(newValue) diff --git a/lib/core/settings.py b/lib/core/settings.py index b14c49cb88..bd23b0dcb9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.32" +VERSION = "1.10.6.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 85a71c2b49a283b1ceb2da65bdb6246a619b31c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 4 Jun 2026 21:58:15 +0200 Subject: [PATCH 23/23] Minor patch --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/utils/har.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index ea25236f87..1fd2fa5c73 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -f01a6b1bd013e23b2b273adf85767101529da406000878f1074366bdd450f78d lib/core/settings.py +a94bd355c8c2a9e60009c536b03de1d86f085121de60b36d22073e3620588e47 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -247,7 +247,7 @@ da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718 lib/utils/craw a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps.py 51cfab194cd5b6b24d62706fb79db86c852b9e593f4c55c15b35f175e70c9d75 lib/utils/getch.py 853c3595e1d2efc54b8bfb6ab12c55d1efc1603be266978e3a7d96d553d91a52 lib/utils/gui.py -366e6fd5356fae7e3f2467c070d064b6695be80b50f1530ea3c01e86569b58b2 lib/utils/har.py +972c5db9c9e30ac0f91c0f8d4df4531d0304e151dac99f1399c37c952ba9f935 lib/utils/har.py e890d2ee4787589b2464d9c561d10a6896546781c349b48bfe4d42dd3954468b lib/utils/hashdb.py 84bf572a9e7915e91dbffea996e1a7b749392725f1ad7f412d0ff48c636a2896 lib/utils/hash.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/utils/__init__.py diff --git a/lib/core/settings.py b/lib/core/settings.py index bd23b0dcb9..0422327d1c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.33" +VERSION = "1.10.6.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/har.py b/lib/utils/har.py index cb34bf3917..e5dde561cf 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -185,7 +185,7 @@ def toDict(self): "size": len(self.content or "") } - binary = set([b'\0', b'\1']) + binary = set([b'\0', b'\1', u'\0', u'\1', 0, 1]) if any(c in binary for c in self.content): content["encoding"] = "base64" content["text"] = getText(base64.b64encode(self.content))