diff --git a/lib/core/settings.py b/lib/core/settings.py index 4d624c759..2fe2d3289 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.12.14" +VERSION = "1.4.12.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 310c35d3e..ed8dca4a1 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -80,6 +80,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): debugMsg = "searching for error chunk length..." logger.debug(debugMsg) + seen = set() current = MAX_ERROR_CHUNK_LENGTH while current >= MIN_ERROR_CHUNK_LENGTH: testChar = str(current % 10) @@ -91,6 +92,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): testQuery = "SELECT %s" % (agent.hexConvertField(testQuery) if conf.hexConvert else testQuery) result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True)) + seen.add(current) if (result or "").startswith(testChar): if result == testChar * current: @@ -99,7 +101,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): else: result = re.search(r"\A\w+", result).group(0) candidate = len(result) - len(kb.chars.stop) - current = candidate if candidate != current else current - 1 + current = candidate if candidate != current and candidate not in seen else current - 1 else: current = current // 2