From a2c8f1deb1bd61cb9f8bc9165d640fb79bbf7af9 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 19 Sep 2016 14:23:51 +0200
Subject: [PATCH] Update PgSQL fingerprinting payloads

---
 lib/core/settings.py                   |  2 +-
 plugins/dbms/postgresql/fingerprint.py | 12 ++++++++++--
 txt/checksum.md5                       |  4 ++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 85d83288e..394b22c79 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.15"
+VERSION = "1.0.9.16"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
index 6b371e19e..1225b62f5 100644
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -97,8 +97,16 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
             logger.info(infoMsg)
 
-            if inject.checkBooleanExpression("REVERSE('sqlmap')='pamlqs'"):
-                Backend.setVersion(">= 9.1.0")
+            if inject.checkBooleanExpression("TO_JSONB(1) IS NOT NULL"):
+                Backend.setVersion(">= 9.5.0")
+            elif inject.checkBooleanExpression("JSON_TYPEOF(NULL) IS NULL"):
+                Backend.setVersionList([">= 9.4.0", "< 9.5.0"])
+            elif inject.checkBooleanExpression("ARRAY_REPLACE(NULL,1,1) IS NULL"):
+                Backend.setVersionList([">= 9.3.0", "< 9.4.0"])
+            elif inject.checkBooleanExpression("ROW_TO_JSON(NULL) IS NULL"):
+                Backend.setVersionList([">= 9.2.0", "< 9.3.0"])
+            elif inject.checkBooleanExpression("REVERSE('sqlmap')='pamlqs'"):
+                Backend.setVersionList([">= 9.1.0", "< 9.2.0"])
             elif inject.checkBooleanExpression("LENGTH(TO_CHAR(1,'EEEE'))>0"):
                 Backend.setVersionList([">= 9.0.0", "< 9.1.0"])
             elif inject.checkBooleanExpression("2=(SELECT DIV(6,3))"):
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index f0b41f6ab..d62231538 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-13e25a2a90c7afc64e37e225bd639b3f  lib/core/settings.py
+137081b65629992ef3968f0290f86955  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@@ -176,7 +176,7 @@ cac6bd84d44ac929da6800719279875b  plugins/dbms/oracle/takeover.py
 6c54ca5c9efad3e437467f9fe44435d6  plugins/dbms/postgresql/connector.py
 419dd50e6688fef760fec4f71430fb29  plugins/dbms/postgresql/enumeration.py
 9756fc02fc84719c3e330fcc7914bf17  plugins/dbms/postgresql/filesystem.py
-28bce42dac3ee8efccc78c7a58b170b6  plugins/dbms/postgresql/fingerprint.py
+5bd67a898b9671c78b00b9299674e6d7  plugins/dbms/postgresql/fingerprint.py
 0e7d17abf68f1dd770e969c84878d246  plugins/dbms/postgresql/__init__.py
 8711e7c1265a5e651c9aadca7db40cd5  plugins/dbms/postgresql/syntax.py
 50d8070e687e5806058a121311a36385  plugins/dbms/postgresql/takeover.py