From a1342e04a5c8c84abe575ae00393c6a0b24b162b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 10 Sep 2020 16:34:01 +0200 Subject: [PATCH] Minor update --- doc/THIRD-PARTY.md | 2 +- lib/core/settings.py | 2 +- lib/core/testing.py | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/THIRD-PARTY.md b/doc/THIRD-PARTY.md index eca318269..04d558f61 100644 --- a/doc/THIRD-PARTY.md +++ b/doc/THIRD-PARTY.md @@ -277,7 +277,7 @@ be bound by the terms and conditions of this License Agreement. * The `bottle` web framework library located under `thirdparty/bottle/`. Copyright (C) 2012, Marcel Hellkamp. * The `identYwaf` library located under `thirdparty/identywaf/`. - Copyright (C) 2019, Miroslav Stampar. + Copyright (C) 2019-2020, Miroslav Stampar. * The `ordereddict` library located under `thirdparty/odict/`. Copyright (C) 2009, Raymond Hettinger. * The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`. diff --git a/lib/core/settings.py b/lib/core/settings.py index 6ab9972ff..b64c1ad90 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.9.9" +VERSION = "1.4.9.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 9c4e874bd..61dd1c3dc 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -44,6 +44,7 @@ def vulnTest(): (u"-c --flush-session --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible")), (u"-u --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), + ("-u '&id2=1' -p id2 -v 5 --flush-session --level=5 --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'", ("~1AND",)), ("--list-tampers", ("between", "MySQL", "xforwardedfor")), ("-r --flush-session -v 5 --test-skip='heavy' --save=", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")), ("-l --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),