diff --git a/lib/core/settings.py b/lib/core/settings.py index 94cbe4f3f..d34d11956 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.12.20" +VERSION = "1.4.12.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -649,7 +649,7 @@ SOCKET_PRE_CONNECT_QUEUE_SIZE = 3 TRIM_STDOUT_DUMP_SIZE = 256 # Reference: http://stackoverflow.com/a/3168436 -# Reference: https://support.microsoft.com/en-us/kb/899149 +# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149 DUMP_FILE_BUFFER_SIZE = 1024 # Parse response headers only first couple of times @@ -874,7 +874,7 @@ CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token") # Prefixes used in brute force search for web server document root BRUTE_DOC_ROOT_PREFIXES = { OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"), - OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%") + OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%") } # Suffixes used in brute force search for web server document root diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 9e43316be..2fc76e9ac 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -116,7 +116,7 @@ class HashDB(object): self._write_cache[hash_] = getUnicode(value) if not serialize else serializeObject(value) self._cache_lock.release() - if getCurrentThreadName() in ('0', 'MainThread'): + if getCurrentThreadName() in ('0', "MainThread"): self.flush() def flush(self, forced=False): diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 254621102..af7af7212 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -113,7 +113,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None): break if not validColumnList: - errMsg = "all column name(s) provided are non-existent" + errMsg = "all provided column name(s) are non-existent" raise SqlmapNoneDataException(errMsg) if not validPivotValue: diff --git a/lib/utils/search.py b/lib/utils/search.py index 4acf8eea6..a52b2c49a 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -130,7 +130,7 @@ def _search(dork): url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1) regex = BING_REGEX else: - url = "https://duckduckgo.com/html/" + url = "https://html.duckduckgo.com/html/" data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30) regex = DUCKDUCKGO_REGEX diff --git a/sqlmap.py b/sqlmap.py index 5d9368adc..ac8adf327 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -328,20 +328,20 @@ def main(): elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) " - errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)" + errMsg += "(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')" logger.critical(errMsg) raise SystemExit elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")): errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) " - errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)" + errMsg += "(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')" logger.critical(errMsg) raise SystemExit elif "must be pinned buffer, not bytearray" in excMsg: errMsg = "error occurred at Python interpreter which " errMsg += "is fixed in 2.7. Please update accordingly " - errMsg += "(Reference: https://bugs.python.org/issue8104)" + errMsg += "(Reference: 'https://bugs.python.org/issue8104')" logger.critical(errMsg) raise SystemExit @@ -431,7 +431,7 @@ def main(): elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")): errMsg = "package 'python-ntlm' has a known compatibility issue with the " - errMsg += "Python 3 (Reference: https://github.com/mullender/python-ntlm/pull/61)" + errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')" logger.critical(errMsg) raise SystemExit diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 6c2c243a4..cdc784700 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -18,9 +18,9 @@ def tamper(payload, **kwargs): References: * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 - * http://lukasz.pilorz.net/testy/unicode_conversion/ - * http://sla.ckers.org/forum/read.php?13,11562,11850 - * http://lukasz.pilorz.net/testy/full_width_utf/index.phps + * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/ + * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850 + * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps >>> tamper("1 AND '1'='1") '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'