diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 3f92695c2..690716e16 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -574,7 +574,7 @@ def checkSqlInjection(place, parameter, value): page, headers, _ = Request.queryPage(reqPayload, place, content=True, raise404=False) output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \ or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE) \ - or extractRegexResult(check, listToStrValue([headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()] if headers else None), re.DOTALL | re.IGNORECASE) \ + or extractRegexResult(check, listToStrValue((headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()) if headers else None), re.DOTALL | re.IGNORECASE) \ or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) if output: diff --git a/lib/core/common.py b/lib/core/common.py index 027d9a943..24e4f6795 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -28,6 +28,7 @@ import sys import tempfile import threading import time +import types import urllib import urllib2 import urlparse @@ -3418,7 +3419,7 @@ def listToStrValue(value): '1, 2, 3' """ - if isinstance(value, (set, tuple)): + if isinstance(value, (set, tuple, types.GeneratorType)): value = list(value) if isinstance(value, list): diff --git a/lib/core/settings.py b/lib/core/settings.py index d083f09ea..4ac252708 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.11.6" +VERSION = "1.1.11.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/comparison.py b/lib/request/comparison.py index f0c92c3c2..44926fea6 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -49,7 +49,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): threadData = getCurrentThreadData() if kb.testMode: - threadData.lastComparisonHeaders = listToStrValue([_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)]) if headers else "" + threadData.lastComparisonHeaders = listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "" threadData.lastComparisonPage = page threadData.lastComparisonCode = code @@ -57,7 +57,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): return None if any((conf.string, conf.notString, conf.regexp)): - rawResponse = "%s%s" % (listToStrValue([_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)]) if headers else "", page) + rawResponse = "%s%s" % (listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "", page) # String to match in page when the query is True and/or valid if conf.string: diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 6b556abfd..c0e7cced7 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -133,7 +133,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): output = reduce(lambda x, y: x if x is not None else y, (\ extractRegexResult(check, page), \ extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), \ - extractRegexResult(check, listToStrValue([headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()] if headers else None)), \ + extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), \ extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)), \ None) @@ -142,7 +142,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): else: trimmed = extractRegexResult(trimcheck, page) \ or extractRegexResult(trimcheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None) \ - or extractRegexResult(trimcheck, listToStrValue([headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()] if headers else None)) \ + or extractRegexResult(trimcheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)) \ or extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) if trimmed: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 56e1f796a..be48f8449 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,13 +21,13 @@ f96467fc5cd1d87f52dd7966c8ae6e79 extra/shutils/regressiontest.py 5fb9aaf874daa47ea2b672a22740e56b extra/sqlharvest/__init__.py 1fc7772edce5a01c31f3932b2fc4c1c6 extra/sqlharvest/sqlharvest.py 21bf2b3a7a22b8cd5d96a6457a1b4997 lib/controller/action.py -9eadf57517a6064d462b1f5ba9a3280d lib/controller/checks.py +47ea1e8ca54bad024814e4f539738c86 lib/controller/checks.py 91c9ef44927b270ea53b6739ff5b2e76 lib/controller/controller.py d2cdb9e832e18a81e936ca3348144b16 lib/controller/handler.py 5fb9aaf874daa47ea2b672a22740e56b lib/controller/__init__.py c1ba81136151b327c71fd01376376451 lib/core/agent.py d55b4b58019d6dbfddd40ec919f9f172 lib/core/bigarray.py -abcdd166b8b7c7d84bfa3d70a1778f06 lib/core/common.py +8ba4d3870b4a7a5a89eb8fe4f039e355 lib/core/common.py 54326d3a690f8b26fe5a5da1a589b369 lib/core/convert.py 90b1b08368ac8a859300e6fa6a8c796e lib/core/data.py 1c14bdbf47b8dba31f73da9ad731a54a lib/core/datatype.py @@ -46,7 +46,7 @@ ec6a778b0e74749b916caead78ba88b7 lib/core/option.py 760d9df2a27ded29109b390ab202e72d lib/core/replication.py a2466b62e67f8b31736bac4dac590e51 lib/core/revision.py 02d4762140a72fd44668d3dab5eabda9 lib/core/session.py -131b671b06a10d4fb46daa6c1b9399c4 lib/core/settings.py +b1cea79f42496d6b39be19a0bdc26070 lib/core/settings.py 35bffbad762eb9e03db9e93b1c991103 lib/core/shell.py a59ec28371ae067a6fdd8f810edbee3d lib/core/subprocessng.py 7c9f2af3c0a8dd89223cfe07b0a0b826 lib/core/target.py @@ -67,7 +67,7 @@ d8d9bcf9e7107a5e2cf2dd10f115ac28 lib/parse/payloads.py 2b87577dc6d3609e96fc1e049def5b4f lib/parse/sitemap.py d2f13a0e2fef5273d419d06e516122e1 lib/request/basicauthhandler.py 669e8cf941bba4a2e987045b3002b8e3 lib/request/basic.py -67bcf2499db566ebf46f9a6122399fe6 lib/request/comparison.py +28348595147a731677c8bef470c6f57a lib/request/comparison.py a253670611499bc159879122e05622de lib/request/connect.py ad6f76839408d827abfcdc57813f8518 lib/request/direct.py 4853bd0d523646315607a6a9a4c0b745 lib/request/dns.py @@ -93,7 +93,7 @@ ab58650253fdad04e7a53a4e4d36df8a lib/techniques/blind/inference.py 95331b2826f28db9ff962670391aa7d6 lib/techniques/dns/test.py 82cc907fb335250703072337d8f8cceb lib/techniques/dns/use.py 5fb9aaf874daa47ea2b672a22740e56b lib/techniques/error/__init__.py -e9e3e8ad72a9cd981e76d6debec05185 lib/techniques/error/use.py +5953b814b91e6a03d26f319203b48d01 lib/techniques/error/use.py 5fb9aaf874daa47ea2b672a22740e56b lib/techniques/__init__.py 5fb9aaf874daa47ea2b672a22740e56b lib/techniques/union/__init__.py fcc3a6ac3b5f7aad86686e5f9adc7a43 lib/techniques/union/test.py