Trivial patches

lib/core/settings.py

@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.12.20"
+VERSION = "1.4.12.21"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -649,7 +649,7 @@ SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
 TRIM_STDOUT_DUMP_SIZE = 256
 
 # Reference: http://stackoverflow.com/a/3168436
-# Reference: https://support.microsoft.com/en-us/kb/899149
+# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149
 DUMP_FILE_BUFFER_SIZE = 1024
 
 # Parse response headers only first couple of times
@@ -874,7 +874,7 @@ CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token")
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
     OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
-    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
+    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }
 
 # Suffixes used in brute force search for web server document root

lib/utils/hashdb.py

@@ -116,7 +116,7 @@ class HashDB(object):
             self._write_cache[hash_] = getUnicode(value) if not serialize else serializeObject(value)
             self._cache_lock.release()
 
-        if getCurrentThreadName() in ('0', 'MainThread'):
+        if getCurrentThreadName() in ('0', "MainThread"):
             self.flush()
 
     def flush(self, forced=False):

lib/utils/pivotdumptable.py

@@ -113,7 +113,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
                     break
 
         if not validColumnList:
-            errMsg = "all column name(s) provided are non-existent"
+            errMsg = "all provided column name(s) are non-existent"
             raise SqlmapNoneDataException(errMsg)
 
         if not validPivotValue:

lib/utils/search.py

@@ -130,7 +130,7 @@ def _search(dork):
             url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1)
             regex = BING_REGEX
         else:
-            url = "https://duckduckgo.com/html/"
+            url = "https://html.duckduckgo.com/html/"
             data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30)
             regex = DUCKDUCKGO_REGEX
 

sqlmap.py

@@ -328,20 +328,20 @@ def main():
 
         elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")):
             errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) "
-            errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)"
+            errMsg += "(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')"
             logger.critical(errMsg)
             raise SystemExit
 
         elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")):
             errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) "
-            errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)"
+            errMsg += "(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')"
             logger.critical(errMsg)
             raise SystemExit
 
         elif "must be pinned buffer, not bytearray" in excMsg:
             errMsg = "error occurred at Python interpreter which "
             errMsg += "is fixed in 2.7. Please update accordingly "
-            errMsg += "(Reference: https://bugs.python.org/issue8104)"
+            errMsg += "(Reference: 'https://bugs.python.org/issue8104')"
             logger.critical(errMsg)
             raise SystemExit
 
@@ -431,7 +431,7 @@ def main():
 
         elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")):
             errMsg = "package 'python-ntlm' has a known compatibility issue with the "
-            errMsg += "Python 3 (Reference: https://github.com/mullender/python-ntlm/pull/61)"
+            errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')"
             logger.critical(errMsg)
             raise SystemExit
 

tamper/apostrophemask.py

@@ -18,9 +18,9 @@ def tamper(payload, **kwargs):
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
-        * http://lukasz.pilorz.net/testy/unicode_conversion/
+        * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/
-        * http://sla.ckers.org/forum/read.php?13,11562,11850
+        * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850
-        * http://lukasz.pilorz.net/testy/full_width_utf/index.phps
+        * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps
 
     >>> tamper("1 AND '1'='1")
     '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'