From 0599f7c1b6fe679106d18744b49f90fd1f340cff Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 6 Nov 2025 11:14:13 +0100 Subject: [PATCH 1/4] Minor bug fix --- data/txt/sha256sums.txt | 4 ++-- lib/core/convert.py | 2 +- lib/core/settings.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 6c970b8ac..80ab84ef6 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -168,7 +168,7 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserv fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0 lib/core/bigarray.py 5b21bafe2eb07466d9751f4d80b21f256d5ffb1bb5a9639f91c09a43ec3fec87 lib/core/common.py d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py -ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a lib/core/convert.py +f83118ffc45f9d53ea9b429bc520067cfba561cd44f9ad9473f66eb7acfd5758 lib/core/convert.py ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024 lib/core/datatype.py 1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead lib/core/decorators.py @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -1afb5a037ff09316b651650037f8101f601fd6d193ffc052923494248fb041fe lib/core/settings.py +eba30dd85c52223447d25514ff2a467f409398052dd81d280c406ffd77852b26 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py diff --git a/lib/core/convert.py b/lib/core/convert.py index 08594cdcf..e3d6d5c4c 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -316,7 +316,7 @@ def getBytes(value, encoding=None, errors="strict", unsafe=True): retVal = value.encode(encoding, errors) if unsafe: - retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal) + retVal = re.sub((r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER).encode(), lambda _: decodeHex(_.group(1)), retVal) else: try: retVal = value.encode(encoding, errors) diff --git a/lib/core/settings.py b/lib/core/settings.py index 418e02fdf..e273d36e7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.10.5" +VERSION = "1.9.11.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 77a42b3a6f3b0eb99c53b862e415e56d23fa436d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 6 Nov 2025 11:41:35 +0100 Subject: [PATCH 2/4] Minor patches --- data/txt/sha256sums.txt | 8 ++++---- lib/core/convert.py | 6 +++--- lib/core/option.py | 4 ++-- lib/core/settings.py | 2 +- lib/core/update.py | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 80ab84ef6..a85b1cd96 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -168,7 +168,7 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserv fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0 lib/core/bigarray.py 5b21bafe2eb07466d9751f4d80b21f256d5ffb1bb5a9639f91c09a43ec3fec87 lib/core/common.py d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py -f83118ffc45f9d53ea9b429bc520067cfba561cd44f9ad9473f66eb7acfd5758 lib/core/convert.py +463005de14642fef4251c951c9b24ec8d456f67f0cd98a9f4d6add281ccbb775 lib/core/convert.py ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024 lib/core/datatype.py 1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead lib/core/decorators.py @@ -181,21 +181,21 @@ c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump. 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/core/__init__.py 3d308440fb01d04b5d363bfbe0f337756b098532e5bb7a1c91d5213157ec2c35 lib/core/log.py 2a06dc9b5c17a1efdcdb903545729809399f1ee96f7352cc19b9aaa227394ff3 lib/core/optiondict.py -d33dbc25635e2ae42c70e5997f28097143966279adfbf98e95b0d09ad4976e88 lib/core/option.py +c53862358795097a59aa4eacc4d90815afb7e0540899b8885b586e43267be225 lib/core/option.py fd449fe2c707ce06c929fc164cbabb3342f3e4e2b86c06f3efc1fc09ac98a25a lib/core/patch.py 85f10c6195a3a675892d914328173a6fb6a8393120417a2f10071c6e77bfa47d lib/core/profiling.py c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readlineng.py d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -eba30dd85c52223447d25514ff2a467f409398052dd81d280c406ffd77852b26 lib/core/settings.py +d7b31917f9057dd078f0d5992a9e9d7c585b40b63ce5394d4b4d09d725f260b8 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py 6cf11d8b00fa761046686437fe90565e708809f793e88a3f02527d0e49c4d2a8 lib/core/testing.py 2a179b7601026a8da092271b30ad353cdb6decd658e2614fa51983aaf6dd80e7 lib/core/threads.py 6f61e7946e368ee1450c301aaf5a26381a8ae31fc8bffa28afc9383e8b1fbc3f lib/core/unescaper.py -f7245b99c17ef88cd9a626ca09c0882a5e172bb10a38a5dec9d08da6c8e2d076 lib/core/update.py +8919863be7a86f46d2c41bd30c0114a55a55c5931be48e3cfc66dfa96b7109c8 lib/core/update.py cba481f8c79f4a75bd147b9eb5a1e6e61d70422fceadd12494b1dbaa4f1d27f4 lib/core/wordlist.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/__init__.py 7d1d3e07a1f088428d155c0e1b28e67ecbf5f62775bdeeeb11b4388369dce0f7 lib/parse/banner.py diff --git a/lib/core/convert.py b/lib/core/convert.py index e3d6d5c4c..72c1ce79a 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -154,7 +154,7 @@ def rot13(data): def decodeHex(value, binary=True): """ - Returns a decoded representation of provided hexadecimal value + Returns a decoded representation of the provided hexadecimal value >>> decodeHex("313233") == b"123" True @@ -182,7 +182,7 @@ def decodeHex(value, binary=True): def encodeHex(value, binary=True): """ - Returns a encoded representation of provided string value + Returns an encoded representation of the provided value >>> encodeHex(b"123") == b"313233" True @@ -251,7 +251,7 @@ def decodeBase64(value, binary=True, encoding=None): def encodeBase64(value, binary=True, encoding=None, padding=True, safe=False): """ - Returns a decoded representation of provided Base64 value + Returns a Base64 encoded representation of the provided value >>> encodeBase64(b"123") == b"MTIz" True diff --git a/lib/core/option.py b/lib/core/option.py index 2e9da8ca4..42a626971 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -939,8 +939,8 @@ def _setPreprocessFunctions(): handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=".py") os.close(handle) - openFile(filename, "w+b").write("#!/usr/bin/env\n\ndef preprocess(req):\n pass\n") - openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+b").write("pass") + openFile(filename, "w+").write("#!/usr/bin/env\n\ndef preprocess(req):\n pass\n") + openFile(os.path.join(os.path.dirname(filename), "__init__.py"), "w+").write("pass") errMsg = "function 'preprocess(req)' " errMsg += "in preprocess script '%s' " % script diff --git a/lib/core/settings.py b/lib/core/settings.py index e273d36e7..1e5679fdb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.11.0" +VERSION = "1.9.11.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index 841e5f0d5..6e46cb87b 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -110,7 +110,7 @@ def update(): filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") if os.path.isfile(filepath): - with openFile(filepath, "rb") as f: + with openFile(filepath, "r") as f: version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1) logger.info("updated to the latest version '%s#dev'" % version) success = True From 619d53a9e5eb5b7a443ad6b14092a74d7964995e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 7 Nov 2025 16:09:27 +0100 Subject: [PATCH 3/4] Dump patch for #5975 --- data/txt/sha256sums.txt | 4 ++-- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index a85b1cd96..741c9bcdd 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -160,7 +160,7 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/ 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/vulnserver/__init__.py eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserver/vulnserver.py 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py -2c8652359d6790755117ec5c68d0ddffacff5f3377ad5004c4fffd29c2446d61 lib/controller/checks.py +c060567ff0430f2ec915bf8abec8d632a52b5cb8a75a88984e6065a0feedcf44 lib/controller/checks.py 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py 49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3 lib/controller/handler.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -d7b31917f9057dd078f0d5992a9e9d7c585b40b63ce5394d4b4d09d725f260b8 lib/core/settings.py +da7f5032642529d1ce83a4df0955ff49e89878510d24d976280d80a3fce908ac lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 92b1aac67..49b4c800d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -521,7 +521,7 @@ def checkSqlInjection(place, parameter, value): if ratio == 1.0: continue - except (MemoryError, OverflowError): + except: pass # Perform the test's True request diff --git a/lib/core/settings.py b/lib/core/settings.py index 1e5679fdb..a45819cd4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.11.1" +VERSION = "1.9.11.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From f44aef3e419ffe8e8112c661ad0615105fef8e03 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Nov 2025 09:40:19 +0100 Subject: [PATCH 4/4] Fixes #5978 --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- sqlmap.py | 6 ++++++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 741c9bcdd..dac1a7b0d 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -da7f5032642529d1ce83a4df0955ff49e89878510d24d976280d80a3fce908ac lib/core/settings.py +4456a83ec33c9650ed49a21cffc529b20a9007884e5f414809018b59f63f351a lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -477,7 +477,7 @@ f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697 README.md 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc sqlmapapi.py 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9 sqlmap.conf -ee57424aa71fbf2d2d1189304f91e95aac812912b7826ea67cfbc07b11aaa6b6 sqlmap.py +d305f00a68898314242e7cfc19daf367c8f97e5f1da40100390b635b73b80722 sqlmap.py 82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a tamper/0eunion.py bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460 tamper/apostrophemask.py c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce tamper/apostrophenullencode.py diff --git a/lib/core/settings.py b/lib/core/settings.py index a45819cd4..2e6f07976 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.11.2" +VERSION = "1.9.11.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index b8c870cdc..aa4f07d1a 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -347,6 +347,12 @@ def main(): logger.critical(errMsg) raise SystemExit + elif all(_ in excMsg for _ in ("httpcore", "typing.", "AttributeError")): + errMsg = "please update the 'httpcore' package (>= 1.0.8) " + errMsg += "(Reference: 'https://github.com/encode/httpcore/discussions/995')" + logger.critical(errMsg) + raise SystemExit + elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None: errMsg = "please upgrade the Python version (>= 3.5) " errMsg += "(Reference: 'https://bugs.python.org/issue18183')"