From 12c472cef59aec19637e17354e6915bc464642e9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 Apr 2023 14:45:19 +0200 Subject: [PATCH 1/2] Fixes #5404 --- lib/core/settings.py | 2 +- sqlmap.py | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 89d31f23a..520d2a79e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.7.4.10" +VERSION = "1.7.4.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index edad7efa7..f35db5504 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -472,6 +472,11 @@ def main(): logger.critical(errMsg) raise SystemExit + elif all(_ in excMsg for _ in ("FileNotFoundError: [Errno 2] No such file or directory", "cwd = os.getcwd()")): + errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip() + logger.critical(errMsg) + raise SystemExit + elif all(_ in excMsg for _ in ("PermissionError: [WinError 5]", "multiprocessing")): errMsg = "there is a permission problem in running multiprocessing on this system. " errMsg += "Please rerun with '--disable-multi'" From e1043173d712a61b5c09b668947f5aad559f8b1a Mon Sep 17 00:00:00 2001 From: Sheldon Klassen Date: Mon, 24 Apr 2023 09:06:57 -0400 Subject: [PATCH 2/2] Disabled hostname and certificate validation for TLSv1.3 support. (#5395) --- lib/request/httpshandler.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index 05e1ccf8b..03c4079dc 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -69,6 +69,11 @@ class HTTPSConnection(_http_client.HTTPSConnection): sock = create_sock() if protocol not in _contexts: _contexts[protocol] = ssl.SSLContext(protocol) + + # Disable certificate and hostname validation enabled by default with PROTOCOL_TLS_CLIENT + _contexts[protocol].check_hostname = False + _contexts[protocol].verify_mode = ssl.CERT_NONE + if getattr(self, "cert_file", None) and getattr(self, "key_file", None): _contexts[protocol].load_cert_chain(certfile=self.cert_file, keyfile=self.key_file) try: