diff --git a/lib/core/settings.py b/lib/core/settings.py index 61c2ff72f..561c6a82d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.6.10" +VERSION = "1.3.6.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/inject.py b/lib/request/inject.py index 0b46717fc..6a84838e9 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -90,6 +90,13 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) + if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None: + msg = "multi-threading is considered unsafe in " + msg += "time-based data retrieval. Are you sure " + msg += "of your choice (breaking warranty) [y/N] " + + kb.forceThreads = readInput(msg, default='N', boolean=True) + if not (timeBasedCompare and kb.dnsTest): if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not kb.forceThreads): diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index c57f9083a..c2dd01b50 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -26,7 +26,6 @@ from lib.core.common import getPartRun from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite from lib.core.common import incrementCounter -from lib.core.common import readInput from lib.core.common import safeStringFormat from lib.core.common import singleTimeWarnMessage from lib.core.data import conf @@ -166,13 +165,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if showEta: progress = ProgressBar(maxValue=length) - if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None: - msg = "multi-threading is considered unsafe in " - msg += "time-based data retrieval. Are you sure " - msg += "of your choice (breaking warranty) [y/N] " - - kb.forceThreads = readInput(msg, default='N', boolean=True) - if numThreads > 1: if not timeBasedCompare or kb.forceThreads: debugMsg = "starting %d thread%s" % (numThreads, ("s" if numThreads > 1 else "")) diff --git a/lib/utils/search.py b/lib/utils/search.py index e14540c21..811d489cf 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -132,7 +132,7 @@ def _search(dork): regex = DUCKDUCKGO_REGEX try: - req = _urllib.request.Request(url, data=data, headers=headers) + req = _urllib.request.Request(url, data=data, headers=requestHeaders) conn = _urllib.request.urlopen(req) requestMsg = "HTTP request:\nGET %s" % url