sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-11 04:34:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into update-sums

Browse Source 
# Conflicts:
#	data/txt/sha256sums.txt
This commit is contained in:
tanaydin 2025-03-15 22:13:09 +01:00
commit 26988e9e45
4 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -35,6 +35,7 @@ import threading
import time
import types
import unicodedata
import zlib
from difflib import SequenceMatcher
from math import sqrt
@ -4005,7 +4006,8 @@ def createGithubIssue(errMsg, excMsg):
pass
data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()})
token = getText(zlib.decompress(decodeBase64(GITHUB_REPORT_OAUTH_TOKEN[::-1], binary=True))[0::2][::-1])
req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % token, HTTP_HEADER.USER_AGENT: fetchRandomAgent()})
try:
content = getText(_urllib.request.urlopen(req).read())

6
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.9.2.15"
VERSION = "1.9.3.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02
UPPER_RATIO_BOUND = 0.98
# For filling in case of dumb push updates
DUMMY_JUNK = "ouZ0ii8A"
DUMMY_JUNK = "ahy9Ouge"
# Markers for special cases when parameter values contain html encoded characters
PARAMETER_AMP_MARKER = "__AMP__"
@ -701,7 +701,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
# Github OAuth token used for creating an automatic Issue for unhandled exceptions
GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX0pNd0I2U25kN2Q5QmxlWkhxZmkxVXZTSHZiTlRDWjE5NUNpNA"
GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe"
# Skip unforced HashDB flush requests below the threshold number of cached items
HASHDB_FLUSH_THRESHOLD = 32

29
lib/request/comparison.py
View File

@ -21,7 +21,9 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapSilentQuitException
from lib.core.settings import DEFAULT_PAGE_ENCODING
from lib.core.settings import DEV_EMAIL_ADDRESS
from lib.core.settings import DIFF_TOLERANCE
from lib.core.settings import HTML_TITLE_REGEX
from lib.core.settings import LOWER_RATIO_BOUND
@ -35,8 +37,14 @@ from lib.core.threads import getCurrentThreadData
from thirdparty import six
def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
_ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
return _
try:
_ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
return _
except:
warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. "
warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS
logger.critical(warnMsg)
raise SqlmapSilentQuitException
def _adjust(condition, getRatioValue):
if not any((conf.string, conf.notString, conf.regexp, conf.code)):
@ -120,7 +128,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type):
page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")
elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type):
seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")
seqMatcher.set_seq1(getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore"))
if any(_ is None for _ in (page, seqMatcher.a)):
return None
@ -146,12 +154,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
if seq1 is None or seq2 is None:
return None
seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
if isinstance(seq1, six.binary_type):
seq1 = seq1.replace(REFLECTED_VALUE_MARKER.encode(), b"")
elif isinstance(seq1, six.text_type):
seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
if isinstance(seq2, six.binary_type):
seq2 = seq2.replace(REFLECTED_VALUE_MARKER.encode(), b"")
elif isinstance(seq2, six.text_type):
seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
if kb.heavilyDynamic:
seq1 = seq1.split("\n")
seq2 = seq2.split("\n")
seq1 = seq1.split("\n" if isinstance(seq1, six.text_type) else b"\n")
seq2 = seq2.split("\n" if isinstance(seq2, six.text_type) else b"\n")
key = None
else:

1
lib/request/httpshandler.py
View File

@ -79,6 +79,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
try:
# Reference(s): https://askubuntu.com/a/1263098
# https://askubuntu.com/a/1250807
# https://git.zknt.org/mirror/bazarr/commit/7f05f932ffb84ba8b9e5630b2adc34dbd77e2b4a?style=split&whitespace=show-all&show-outdated=
_contexts[protocol].set_ciphers("ALL@SECLEVEL=0")
except (ssl.SSLError, AttributeError):
pass