From 441196f360e8ef6650ae6b636eb70190984682cc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 16 Oct 2015 23:59:39 +0200
Subject: [PATCH 01/12] Fixes #1470

---
 lib/core/update.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/core/update.py b/lib/core/update.py
index 7e0b802a7..3e0b38dd8 100644
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -13,6 +13,7 @@ from subprocess import PIPE
 from subprocess import Popen as execute
 
 from lib.core.common import dataToStdout
+from lib.core.common import getSafeExString
 from lib.core.common import pollProcess
 from lib.core.data import conf
 from lib.core.data import logger
@@ -41,10 +42,15 @@ def update():
         logger.debug(debugMsg)
 
         dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
-        process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
-        pollProcess(process, True)
-        stdout, stderr = process.communicate()
-        success = not process.returncode
+
+        try:
+            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
+            pollProcess(process, True)
+            stdout, stderr = process.communicate()
+            success = not process.returncode
+        except (IOError, OSError), ex:
+            success = False
+            stderr = getSafeExString(ex)
 
         if success:
             import lib.core.settings

From 3dc8820caa9f78d7ebfee3659d8feb69312a4c4c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 19 Oct 2015 10:38:38 +0200
Subject: [PATCH 02/12] Fixes #1474

---
 lib/request/inject.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index ecbf65384..64c5a534c 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -190,7 +190,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
                 countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
                 countedExpression = expression.replace(expressionFields, countFirstField, 1)
 
-                if " ORDER BY " in expression.upper():
+                if " ORDER BY " in countedExpression.upper():
                     _ = countedExpression.upper().rindex(" ORDER BY ")
                     countedExpression = countedExpression[:_]
 

From 8aada250f322627011c2f4059014cb860989c351 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 19 Oct 2015 11:08:58 +0200
Subject: [PATCH 03/12] Fixes #1471

---
 lib/request/basic.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/request/basic.py b/lib/request/basic.py
index 1c88d327d..90f21f3f9 100755
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -33,6 +33,7 @@ from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import META_CHARSET_REGEX
 from lib.core.settings import PARSE_HEADERS_LIMIT
+from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import VIEWSTATE_REGEX
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser
@@ -197,7 +198,7 @@ def checkCharEncoding(encoding, warn=True):
     # Reference: http://www.iana.org/assignments/character-sets
     # Reference: http://docs.python.org/library/codecs.html
     try:
-        codecs.lookup(encoding)
+        codecs.lookup(encoding.encode(UNICODE_ENCODING) if isinstance(encoding, unicode) else encoding)
     except LookupError:
         if warn:
             warnMsg = "unknown web page charset '%s'. " % encoding

From 5ff59296ef4a15c93f88e7158097db34cec96412 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 14:47:19 +0200
Subject: [PATCH 04/12] Space after the generic comments has to be "protected"

---
 xml/payloads/01_boolean_blind.xml |  4 ++--
 xml/payloads/06_union_query.xml   | 36 +++++++++++++++----------------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/xml/payloads/01_boolean_blind.xml b/xml/payloads/01_boolean_blind.xml
index 19f2b1ce9..f10f65c9b 100644
--- a/xml/payloads/01_boolean_blind.xml
+++ b/xml/payloads/01_boolean_blind.xml
@@ -196,7 +196,7 @@ Tag: <test>
         <vector>AND [INFERENCE]</vector>
         <request>
             <payload>AND [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- </comment>
+            <comment>-- -</comment>
         </request>
         <response>
             <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
@@ -213,7 +213,7 @@ Tag: <test>
         <vector>OR [INFERENCE]</vector>
         <request>
             <payload>OR [RANDNUM]=[RANDNUM]</payload>
-            <comment>-- </comment>
+            <comment>-- -</comment>
         </request>
         <response>
             <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
diff --git a/xml/payloads/06_union_query.xml b/xml/payloads/06_union_query.xml
index 7de66f9e1..507bf0845 100644
--- a/xml/payloads/06_union_query.xml
+++ b/xml/payloads/06_union_query.xml
@@ -12,7 +12,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -31,7 +31,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -50,7 +50,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>[COLSTART]-[COLSTOP]</columns>
         </request>
@@ -69,7 +69,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>1-10</columns>
         </request>
@@ -88,7 +88,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>1-10</columns>
         </request>
@@ -107,7 +107,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>1-10</columns>
         </request>
@@ -126,7 +126,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>11-20</columns>
         </request>
@@ -145,7 +145,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>11-20</columns>
         </request>
@@ -164,7 +164,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>11-20</columns>
         </request>
@@ -183,7 +183,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>21-30</columns>
         </request>
@@ -202,7 +202,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>21-30</columns>
         </request>
@@ -221,7 +221,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>21-30</columns>
         </request>
@@ -240,7 +240,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>31-40</columns>
         </request>
@@ -259,7 +259,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>31-40</columns>
         </request>
@@ -278,7 +278,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>31-40</columns>
         </request>
@@ -297,7 +297,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[CHAR]</char>
             <columns>41-50</columns>
         </request>
@@ -315,7 +315,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>NULL</char>
             <columns>41-50</columns>
         </request>
@@ -334,7 +334,7 @@
         <vector>[UNION]</vector>
         <request>
             <payload/>
-            <comment>-- </comment>
+            <comment>-- -</comment>
             <char>[RANDNUM]</char>
             <columns>41-50</columns>
         </request>

From 90ad914c1eb4955bbcfae2edc5b8b4c41010c1f1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 14:58:06 +0200
Subject: [PATCH 05/12] Patch related to the #1477

---
 lib/request/comparison.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index 7028b364f..e58da901b 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -160,7 +160,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
     # If the url is stable and we did not set yet the match ratio and the
     # current injected value changes the url page content
     if kb.matchRatio is None:
-        if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
+        if (count or ratio >= LOWER_RATIO_BOUND) and ratio <= UPPER_RATIO_BOUND:
             kb.matchRatio = ratio
             logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio)
 

From 7c1cff6749948efa082b3abd841f94b67945da39 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 15:14:12 +0200
Subject: [PATCH 06/12] Fixing ancient bug (introduced with #6c80f29) - that
 removes original value when --prefix used

---
 lib/core/agent.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 67222ccc2..efedf2180 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -124,11 +124,8 @@ class Agent(object):
                 if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():
                     origValue = origValue.split(' ')[-1].split(':')[-1]
 
-        if conf.prefix:
-            value = origValue
-
         if value is None:
-            if where == PAYLOAD.WHERE.ORIGINAL:
+            if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
                 value = origValue
             elif where == PAYLOAD.WHERE.NEGATIVE:
                 if conf.invalidLogical:

From fbec463b49ff336dbb16cd5fdf8251b0c3dfc57b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 15:44:08 +0200
Subject: [PATCH 07/12] Adding new bold patterns

---
 lib/core/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4ded4236a..cf28d47fb 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -563,7 +563,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 
 # Boldify all logger messages containing these "patterns"
-BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved")
+BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved")
 
 # Generic www root directory names
 GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")

From 5fb8ae9d3ce82b4805472b13ec5342bb662f7cc0 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 19:59:16 +0200
Subject: [PATCH 08/12] Fixes #1479

---
 lib/request/comparison.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index e58da901b..61f503a68 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -53,6 +53,8 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
     if page is None and pageLength is None:
         return None
 
+    count = 0
+
     seqMatcher = threadData.seqMatcher
     seqMatcher.set_seq1(kb.pageTemplate)
 
@@ -122,7 +124,6 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
         seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
         seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
 
-        count = 0
         while count < min(len(seq1), len(seq2)):
             if seq1[count] == seq2[count]:
                 count += 1

From 8f9979c3022727063a8c1679067c5c584f739021 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Oct 2015 20:51:05 +0200
Subject: [PATCH 09/12] Patch for an Issue #541

---
 lib/core/update.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/core/update.py b/lib/core/update.py
index 3e0b38dd8..3636ba40a 100644
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -27,9 +27,8 @@ def update():
         return
 
     success = False
-    rootDir = paths.SQLMAP_ROOT_PATH
 
-    if not os.path.exists(os.path.join(rootDir, ".git")):
+    if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
         errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository "
         errMsg += "from GitHub (e.g. 'git clone https://github.com/sqlmapproject/sqlmap.git sqlmap')"
         logger.error(errMsg)
@@ -44,7 +43,7 @@ def update():
         dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
 
         try:
-            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE)
+            process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH)
             pollProcess(process, True)
             stdout, stderr = process.communicate()
             success = not process.returncode

From 2c754b57bb85f67aa0b25f0ed9db12dee39efd1e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 23 Oct 2015 14:29:48 +0200
Subject: [PATCH 10/12] Minor patch

---
 lib/parse/payloads.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index a96867082..89e077098 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -9,6 +9,7 @@ import os
 
 from xml.etree import ElementTree as et
 
+from lib.core.common import getSafeExString
 from lib.core.data import conf
 from lib.core.data import paths
 from lib.core.datatype import AttribDict
@@ -74,7 +75,7 @@ def loadBoundaries():
         doc = et.parse(paths.BOUNDARIES_XML)
     except Exception, ex:
         errMsg = "something seems to be wrong with "
-        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, ex)
+        errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex))
         errMsg += "sure that you haven't made any changes to it"
         raise SqlmapInstallationException, errMsg
 
@@ -92,7 +93,7 @@ def loadPayloads():
             doc = et.parse(payloadFilePath)
         except Exception, ex:
             errMsg = "something seems to be wrong with "
-            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, ex)
+            errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex))
             errMsg += "sure that you haven't made any changes to it"
             raise SqlmapInstallationException, errMsg
 

From 1b81084106e98ebc6f90766e29788d2541df047f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 23 Oct 2015 23:48:41 +0200
Subject: [PATCH 11/12] Fixes #1484

---
 lib/utils/hashdb.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
index 555be564b..9b7ea8de3 100644
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@@ -69,6 +69,7 @@ class HashDB(object):
 
     def retrieve(self, key, unserialize=False):
         retVal = None
+
         if key and (self._write_cache or os.path.isfile(self.filepath)):
             hash_ = HashDB.hashKey(key)
             retVal = self._write_cache.get(hash_)
@@ -86,7 +87,16 @@ class HashDB(object):
                         raise SqlmapDataException, errMsg
                     else:
                         break
-        return retVal if not unserialize else unserializeObject(retVal)
+
+        if unserialize:
+            try:
+                retVal = unserializeObject(retVal)
+            except:
+                warnMsg = "error occurred while unserializing value for session key '%s'. " % key
+                warnMsg += "If the problem persists please rerun with `--flush-session`"
+                logger.warn(warnMsg)
+
+        return retVal
 
     def write(self, key, value, serialize=False):
         if key:

From 89e36392f774f4983858bcc89a9790f76931afca Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 25 Oct 2015 15:32:02 +0100
Subject: [PATCH 12/12] Fixes #1486

---
 lib/core/common.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 1a43aaf1f..60f0b97a8 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -202,7 +202,7 @@ class Format(object):
         if versions is None and Backend.getVersionList():
             versions = Backend.getVersionList()
 
-        return Backend.getDbms() if versions is None else "%s %s" % (Backend.getDbms(), " and ".join(v for v in versions))
+        return Backend.getDbms() if versions is None else "%s %s" % (Backend.getDbms(), " and ".join(filter(None, versions)))
 
     @staticmethod
     def getErrorParsedDBMSes():
@@ -471,15 +471,17 @@ class Backend:
 
     @staticmethod
     def getVersion():
-        if len(kb.dbmsVersion) > 0:
-            return kb.dbmsVersion[0]
+        versions = filter(None, flattenValue(kb.dbmsVersion))
+        if not isNoneValue(versions):
+            return versions[0]
         else:
             return None
 
     @staticmethod
     def getVersionList():
-        if len(kb.dbmsVersion) > 0:
-            return kb.dbmsVersion
+        versions = filter(None, flattenValue(kb.dbmsVersion))
+        if not isNoneValue(versions):
+            return versions
         else:
             return None