diff --git a/lib/core/common.py b/lib/core/common.py index e221ee005..a3c0d052e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -35,6 +35,7 @@ import threading import time import types import unicodedata +import zlib from difflib import SequenceMatcher from math import sqrt @@ -4005,7 +4006,8 @@ def createGithubIssue(errMsg, excMsg): pass data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)} - req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + token = getText(zlib.decompress(decodeBase64(GITHUB_REPORT_OAUTH_TOKEN[::-1], binary=True))[0::2][::-1]) + req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % token, HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) try: content = getText(_urllib.request.urlopen(req).read()) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9d5bb7f5d..72d5d8740 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.15" +VERSION = "1.9.3.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02 UPPER_RATIO_BOUND = 0.98 # For filling in case of dumb push updates -DUMMY_JUNK = "ouZ0ii8A" +DUMMY_JUNK = "ahy9Ouge" # Markers for special cases when parameter values contain html encoded characters PARAMETER_AMP_MARKER = "__AMP__" @@ -701,7 +701,7 @@ DEFAULT_COOKIE_DELIMITER = ';' FORCE_COOKIE_EXPIRATION_TIME = "9999999999" # Github OAuth token used for creating an automatic Issue for unhandled exceptions -GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX0pNd0I2U25kN2Q5QmxlWkhxZmkxVXZTSHZiTlRDWjE5NUNpNA" +GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe" # Skip unforced HashDB flush requests below the threshold number of cached items HASHDB_FLUSH_THRESHOLD = 32 diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 0b78a1efd..f839453bd 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -21,7 +21,9 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.exception import SqlmapNoneDataException +from lib.core.exception import SqlmapSilentQuitException from lib.core.settings import DEFAULT_PAGE_ENCODING +from lib.core.settings import DEV_EMAIL_ADDRESS from lib.core.settings import DIFF_TOLERANCE from lib.core.settings import HTML_TITLE_REGEX from lib.core.settings import LOWER_RATIO_BOUND @@ -35,8 +37,14 @@ from lib.core.threads import getCurrentThreadData from thirdparty import six def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): - _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) - return _ + try: + _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) + return _ + except: + warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. " + warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS + logger.critical(warnMsg) + raise SqlmapSilentQuitException def _adjust(condition, getRatioValue): if not any((conf.string, conf.notString, conf.regexp, conf.code)): @@ -120,7 +128,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type): page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type): - seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") + seqMatcher.set_seq1(getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")) if any(_ is None for _ in (page, seqMatcher.a)): return None @@ -146,12 +154,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if seq1 is None or seq2 is None: return None - seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") - seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") + if isinstance(seq1, six.binary_type): + seq1 = seq1.replace(REFLECTED_VALUE_MARKER.encode(), b"") + elif isinstance(seq1, six.text_type): + seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") + + if isinstance(seq2, six.binary_type): + seq2 = seq2.replace(REFLECTED_VALUE_MARKER.encode(), b"") + elif isinstance(seq2, six.text_type): + seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") if kb.heavilyDynamic: - seq1 = seq1.split("\n") - seq2 = seq2.split("\n") + seq1 = seq1.split("\n" if isinstance(seq1, six.text_type) else b"\n") + seq2 = seq2.split("\n" if isinstance(seq2, six.text_type) else b"\n") key = None else: diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index 05aecc981..c472bda98 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -79,6 +79,7 @@ class HTTPSConnection(_http_client.HTTPSConnection): try: # Reference(s): https://askubuntu.com/a/1263098 # https://askubuntu.com/a/1250807 + # https://git.zknt.org/mirror/bazarr/commit/7f05f932ffb84ba8b9e5630b2adc34dbd77e2b4a?style=split&whitespace=show-all&show-outdated= _contexts[protocol].set_ciphers("ALL@SECLEVEL=0") except (ssl.SSLError, AttributeError): pass