From cfa7b3c3bd9b59f00680eaf275c5f46127321085 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Apr 2021 18:06:15 +0200 Subject: [PATCH 01/92] Implements #4656 --- lib/core/settings.py | 6 +++++- lib/utils/search.py | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c3a3e72a0..3d422ef85 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -11,6 +11,7 @@ import random import re import string import sys +import time from lib.core.enums import DBMS from lib.core.enums import DBMS_DIRECTORY_NAME @@ -18,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.4.8" +VERSION = "1.5.4.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -125,6 +126,9 @@ MAX_MURPHY_SLEEP_TIME = 3 # Regular expression used for extracting results from Google search GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)" +# Google Search consent cookie +GOOGLE_CONSENT_COOKIE = "CONSENT=YES+shp.gws-%s-0-RC1.%s+FX+740" % (time.strftime("%Y%m%d"), "".join(random.sample(string.ascii_lowercase, 2))) + # Regular expression used for extracting results from DuckDuckGo search DUCKDUCKGO_REGEX = r' 1 else 1 logger.info("using search result page #%d" % gpage) - url = "http://www.google.com/search?" # NOTE: https version goes to the consent + url = "https://www.google.com/search?" # NOTE: if consent fails, try to use the "http://" url += "q=%s&" % urlencode(dork, convall=True) url += "num=100&hl=en&complete=0&safe=off&filter=0&btnG=Search" url += "&start=%d" % ((gpage - 1) * 100) From ff645a767b0703c7a0df70b1c6e9fdd18dd9c37e Mon Sep 17 00:00:00 2001 From: Sutrisno Efendi Date: Sat, 1 May 2021 16:33:14 +0700 Subject: [PATCH 02/92] Update README-id-ID.md (#4663) --- doc/translations/README-id-ID.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/translations/README-id-ID.md b/doc/translations/README-id-ID.md index bd2ffd092..d3a0c5a84 100644 --- a/doc/translations/README-id-ID.md +++ b/doc/translations/README-id-ID.md @@ -2,7 +2,7 @@ [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) -sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur hanal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. +sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. Tangkapan Layar ---- @@ -14,8 +14,7 @@ Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapprojec Instalasi ---- -Anda dapat mengunduh tarball versi terbaru [di sini] -(https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master). +Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master). Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap): From 8bf1650d65dfcfc7c1bef06b53ffc9a97ae901b9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 1 May 2021 11:39:42 +0200 Subject: [PATCH 03/92] Fixes #4664 --- lib/core/settings.py | 2 +- thirdparty/keepalive/keepalive.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3d422ef85..6f35827f9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.4.9" +VERSION = "1.5.5.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/keepalive/keepalive.py b/thirdparty/keepalive/keepalive.py index 4647f1f7c..59cd9aacc 100644 --- a/thirdparty/keepalive/keepalive.py +++ b/thirdparty/keepalive/keepalive.py @@ -165,11 +165,11 @@ class ConnectionManager: def get_ready_conn(self, host): conn = None - self._lock.acquire() try: + self._lock.acquire() if host in self._hostmap: for c in self._hostmap[host]: - if self._readymap[c]: + if self._readymap.get(c): self._readymap[c] = 0 conn = c break From 95511c8ff9b891f6751e793fd2d0738a9a9e6c5b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 1 May 2021 13:25:00 +0200 Subject: [PATCH 04/92] Fixes #4659 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 84f187290..bd9c6bdef 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -5249,7 +5249,7 @@ def parseRequestFile(reqFile, checkParams=True): if "HTTP/" not in request: continue - if re.search(r"^[\n]*%s.*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M): + if re.search(r"^[\n]*%s[^?]*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M): if not re.search(r"^[\n]*%s[^\n]*\*[^\n]*\sHTTP\/" % HTTPMETHOD.GET, request, re.I | re.M): continue diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f35827f9..3ec339482 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.0" +VERSION = "1.5.5.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 0896a49500c6fae297922d7d3e556bd5e71e08f8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 12 May 2021 13:14:13 +0200 Subject: [PATCH 05/92] Minor update --- lib/controller/checks.py | 6 +++--- lib/core/dicts.py | 2 +- lib/core/enums.py | 8 ++++---- lib/core/settings.py | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 82959e632..ef382cf7b 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -404,8 +404,8 @@ def checkSqlInjection(place, parameter, value): continue # Parse boundary's , and - prefix = boundary.prefix if boundary.prefix else "" - suffix = boundary.suffix if boundary.suffix else "" + prefix = boundary.prefix or "" + suffix = boundary.suffix or "" ptype = boundary.ptype # Options --prefix/--suffix have a higher priority (if set by user) @@ -642,7 +642,7 @@ def checkSqlInjection(place, parameter, value): output = output or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) if output: - result = output == "1" + result = output == '1' if result: infoMsg = "%sparameter '%s' is '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index e842f97cc..811ef8d8b 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -370,10 +370,10 @@ OBSOLETE_OPTIONS = { "--check-payload": None, "--check-waf": None, "--pickled-options": "use '--api -c ...' instead", + "--identify-waf": "functionality being done automatically", } DEPRECATED_OPTIONS = { - "--identify-waf": "functionality being done automatically", } DUMP_DATA_PREPROCESS = { diff --git a/lib/core/enums.py b/lib/core/enums.py index 5a4af4fcc..34b1c2b5c 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -201,16 +201,16 @@ class HASH(object): # Reference: http://www.zytrax.com/tech/web/mobile_ids.html class MOBILES(object): BLACKBERRY = ("BlackBerry Z10", "Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+") - GALAXY = ("Samsung Galaxy S7", "Mozilla/5.0 (Linux; Android 7.0; SM-G930V Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36") + GALAXY = ("Samsung Galaxy S8", "Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36 Puffin/9.0.0.50263AP") HP = ("HP iPAQ 6365", "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)") HTC = ("HTC 10", "Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36") HUAWEI = ("Huawei P8", "Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36") IPHONE = ("Apple iPhone 8", "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1") - LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.14977") + LUMIA = ("Microsoft Lumia 950", "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063") NEXUS = ("Google Nexus 7", "Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19") NOKIA = ("Nokia N97", "Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344") - PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 8.0.0; Pixel Build/OPR3.170623.013) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36") - XIAOMI = ("Xiaomi Mi 3", "Mozilla/5.0 (Linux; U; Android 4.4.4; en-gb; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/39.0.0.0 Mobile Safari/537.36 XiaoMi/MiuiBrowser/2.1.1") + PIXEL = ("Google Pixel", "Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.117 Mobile Safari/537.36") + XIAOMI = ("Xiaomi Mi 8 Pro", "Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36") class PROXY_TYPE(object): HTTP = "HTTP" diff --git a/lib/core/settings.py b/lib/core/settings.py index 3ec339482..c8cd51aa4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.1" +VERSION = "1.5.5.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 015a8f0a6dcfe2d1f0039c3ec7d302421c26f6f8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 May 2021 10:40:27 +0200 Subject: [PATCH 06/92] Fixes #4678 --- lib/core/dump.py | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index ff207bc6c..336831674 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -611,7 +611,7 @@ class Dump(object): _ = safechardecode(value, True) f.write(_) - except magic.MagicException as ex: + except Exception as ex: logger.debug(getSafeExString(ex)) if conf.dumpFormat == DUMP_FORMAT.CSV: diff --git a/lib/core/settings.py b/lib/core/settings.py index c8cd51aa4..93e39c56a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.2" +VERSION = "1.5.5.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 35e575c287f616f94a37fc37a2399eb597c7ad01 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 May 2021 10:43:58 +0200 Subject: [PATCH 07/92] Minor update --- README.md | 2 -- lib/core/settings.py | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 5a5d1f69f..ca4cab95d 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections. -**sqlmap is sponsored by [SpyderSec](https://spydersec.com/).** - Screenshots ---- diff --git a/lib/core/settings.py b/lib/core/settings.py index 93e39c56a..d84780877 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.3" +VERSION = "1.5.5.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 452915ed4a0a214cae6413a9a10137c00fb102d4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 May 2021 18:20:39 +0200 Subject: [PATCH 08/92] Minor update --- lib/core/bigarray.py | 22 +++++++++++++++++++++- lib/core/settings.py | 4 ++-- plugins/dbms/mysql/fingerprint.py | 6 +++--- plugins/dbms/oracle/fingerprint.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 4 +++- 5 files changed, 30 insertions(+), 8 deletions(-) diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index ffe754f39..da01be481 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -56,6 +56,12 @@ class BigArray(list): >>> _[20] = 0 >>> _[99999] 99999 + >>> _ += [0] + >>> _[100000] + 0 + >>> _ = _ + [1] + >>> _[-1] + 1 """ def __init__(self, items=None): @@ -69,6 +75,20 @@ class BigArray(list): for item in (items or []): self.append(item) + def __add__(self, value): + retval = BigArray(self) + + for _ in value: + retval.append(_) + + return retval + + def __iadd__(self, value): + for _ in value: + self.append(_) + + return self + def append(self, value): self.chunks[-1].append(value) @@ -145,7 +165,7 @@ class BigArray(list): self.chunks, self.filenames = state def __getitem__(self, y): - if y < 0: + while y < 0: y += len(self) index = y // self.chunk_length diff --git a/lib/core/settings.py b/lib/core/settings.py index d84780877..6825bd8b7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.4" +VERSION = "1.5.5.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -106,7 +106,7 @@ FUZZ_UNION_ERROR_REGEX = r"(?i)data\s?type|comparable|compatible|conversion|conv FUZZ_UNION_MAX_COLUMNS = 10 # Regular expression used for recognition of generic maximum connection messages -MAX_CONNECTIONS_REGEX = r"\bmax.+?\bconnection" +MAX_CONNECTIONS_REGEX = r"\bmax.{1,100}\bconnection" # Maximum consecutive connection errors before asking the user if he wants to continue MAX_CONSECUTIVE_CONNECTION_ERRORS = 15 diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 301a41a48..1b6e66545 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -45,10 +45,10 @@ class Fingerprint(GenericFingerprint): # Reference: https://dev.mysql.com/doc/relnotes/mysql/./en/ versions = ( - (80000, 80021), # MySQL 8.0 + (80000, 80028), # MySQL 8.0 (60000, 60014), # MySQL 6.0 - (50700, 50731), # MySQL 5.7 - (50600, 50649), # MySQL 5.6 + (50700, 50736), # MySQL 5.7 + (50600, 50652), # MySQL 5.6 (50500, 50563), # MySQL 5.5 (50400, 50404), # MySQL 5.4 (50100, 50174), # MySQL 5.1 diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 3e471ca62..cf9bd3a10 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -105,7 +105,7 @@ class Fingerprint(GenericFingerprint): logger.info(infoMsg) # Reference: https://en.wikipedia.org/wiki/Oracle_Database - for version in ("19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"): + for version in ("21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"): number = int(re.search(r"([\d]+)", version).group(1)) output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2)) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 9cf301db1..f7fa57c65 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -131,7 +131,9 @@ class Fingerprint(GenericFingerprint): infoMsg = "actively fingerprinting %s" % DBMS.PGSQL logger.info(infoMsg) - if inject.checkBooleanExpression("SINH(0)=0"): + if inject.checkBooleanExpression("GEN_RANDOM_UUID() IS NOT NULL"): + Backend.setVersion(">= 13.0") + elif inject.checkBooleanExpression("SINH(0)=0"): Backend.setVersion(">= 12.0") elif inject.checkBooleanExpression("SHA256(NULL) IS NULL"): Backend.setVersion(">= 11.0") From dccc8377036e5ea68795215abcfa5e6c797a037a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 May 2021 18:32:03 +0200 Subject: [PATCH 09/92] Minor update --- lib/core/settings.py | 2 +- thirdparty/identywaf/data.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6825bd8b7..d2ae62c1d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.5" +VERSION = "1.5.5.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/identywaf/data.json b/thirdparty/identywaf/data.json index 57485d143..afab549d4 100644 --- a/thirdparty/identywaf/data.json +++ b/thirdparty/identywaf/data.json @@ -761,8 +761,8 @@ }, "tencent": { "company": "Tencent Cloud Computing", - "name": "Tencent Cloud", - "regex": "waf\\.tencent-cloud\\.com", + "name": "Tencent Cloud|Waterproof Wall", + "regex": "waf\\.tencent-cloud\\.com|window.location.href=.https://waf.tencent.com/501page.html", "signatures": [ "3f82:RVZXum60OEhCWapBYKcPk4JzWOpohM4IiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD" ] From da86486cd9e759ba404977fdfee1d5a6ef1a4a07 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 May 2021 13:12:18 +0200 Subject: [PATCH 10/92] Couple of minor patches --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 2 -- thirdparty/beautifulsoup/beautifulsoup.py | 2 -- thirdparty/fcrypt/fcrypt.py | 2 +- thirdparty/keepalive/keepalive.py | 8 ++++---- thirdparty/magic/magic.py | 3 +-- thirdparty/multipart/multipartpost.py | 1 - thirdparty/six/__init__.py | 12 +++++++++++- 8 files changed, 18 insertions(+), 14 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d2ae62c1d..d41bbf999 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.6" +VERSION = "1.5.5.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 9b45c4e12..a623dad8b 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -4,8 +4,6 @@ # import logging -import os -import re import sys from lib.core.settings import IS_WIN diff --git a/thirdparty/beautifulsoup/beautifulsoup.py b/thirdparty/beautifulsoup/beautifulsoup.py index bc8889f76..60ff0475f 100644 --- a/thirdparty/beautifulsoup/beautifulsoup.py +++ b/thirdparty/beautifulsoup/beautifulsoup.py @@ -85,7 +85,6 @@ __copyright__ = "Copyright (c) 2004-2012 Leonard Richardson" __license__ = "New-style BSD" import codecs -import types import re import sys @@ -2029,6 +2028,5 @@ class UnicodeDammit: #By default, act as an HTML pretty-printer. if __name__ == '__main__': - import sys soup = BeautifulSoup(sys.stdin) print(soup.prettify()) diff --git a/thirdparty/fcrypt/fcrypt.py b/thirdparty/fcrypt/fcrypt.py index 2f664d81a..8fb36a623 100644 --- a/thirdparty/fcrypt/fcrypt.py +++ b/thirdparty/fcrypt/fcrypt.py @@ -119,7 +119,7 @@ __all__ = ['crypt'] # ----- END fcrypt.c LICENSE ----- -import string, struct, sys +import struct, sys if sys.version_info >= (3, 0): xrange = range diff --git a/thirdparty/keepalive/keepalive.py b/thirdparty/keepalive/keepalive.py index 59cd9aacc..2dda424e6 100644 --- a/thirdparty/keepalive/keepalive.py +++ b/thirdparty/keepalive/keepalive.py @@ -517,7 +517,7 @@ def error_handler(url): keepalive_handler.close_all() def continuity(url): - import md5 + from hashlib import md5 format = '%25s: %s' # first fetch the file with the normal http handler @@ -526,7 +526,7 @@ def continuity(url): fo = _urllib.request.urlopen(url) foo = fo.read() fo.close() - m = md5.new(foo) + m = md5(foo) print(format % ('normal urllib', m.hexdigest())) # now install the keepalive handler and try again @@ -536,7 +536,7 @@ def continuity(url): fo = _urllib.request.urlopen(url) foo = fo.read() fo.close() - m = md5.new(foo) + m = md5(foo) print(format % ('keepalive read', m.hexdigest())) fo = _urllib.request.urlopen(url) @@ -546,7 +546,7 @@ def continuity(url): if f: foo = foo + f else: break fo.close() - m = md5.new(foo) + m = md5(foo) print(format % ('keepalive readline', m.hexdigest())) def comp(N, url): diff --git a/thirdparty/magic/magic.py b/thirdparty/magic/magic.py index c99c17041..0a5c2575a 100644 --- a/thirdparty/magic/magic.py +++ b/thirdparty/magic/magic.py @@ -117,7 +117,6 @@ try: pass if not libmagic or not libmagic._name: - import sys platform_to_lib = {'darwin': ['/opt/local/lib/libmagic.dylib', '/usr/local/lib/libmagic.dylib', '/usr/local/Cellar/libmagic/5.10/lib/libmagic.dylib'], @@ -223,4 +222,4 @@ MAGIC_NO_CHECK_ASCII = 0x020000 # Don't check for ascii files MAGIC_NO_CHECK_TROFF = 0x040000 # Don't check ascii/troff MAGIC_NO_CHECK_FORTRAN = 0x080000 # Don't check ascii/fortran MAGIC_NO_CHECK_TOKENS = 0x100000 # Don't check ascii/tokens -MAGIC_UNKNOWN_FILETYPE = b"unknown" \ No newline at end of file +MAGIC_UNKNOWN_FILETYPE = b"unknown" diff --git a/thirdparty/multipart/multipartpost.py b/thirdparty/multipart/multipartpost.py index ff0da31f1..5ea37ccf7 100644 --- a/thirdparty/multipart/multipartpost.py +++ b/thirdparty/multipart/multipartpost.py @@ -29,7 +29,6 @@ import sys from lib.core.compat import choose_boundary from lib.core.convert import getBytes -from lib.core.convert import getText from lib.core.exception import SqlmapDataException from thirdparty.six.moves import urllib as _urllib diff --git a/thirdparty/six/__init__.py b/thirdparty/six/__init__.py index d162d09cd..4e15675d8 100644 --- a/thirdparty/six/__init__.py +++ b/thirdparty/six/__init__.py @@ -29,7 +29,7 @@ import sys import types __author__ = "Benjamin Peterson " -__version__ = "1.15.0" +__version__ = "1.16.0" # Useful for very coarse version differentiation. @@ -71,6 +71,11 @@ else: MAXSIZE = int((1 << 63) - 1) del X +if PY34: + from importlib.util import spec_from_loader +else: + spec_from_loader = None + def _add_doc(func, doc): """Add documentation to a function.""" @@ -186,6 +191,11 @@ class _SixMetaPathImporter(object): return self return None + def find_spec(self, fullname, path, target=None): + if fullname in self.known_modules: + return spec_from_loader(fullname, self) + return None + def __get_module(self, fullname): try: return self.known_modules[fullname] From c4c1571902047d98acf0f9b557469f0d4d4dd919 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 May 2021 13:49:35 +0200 Subject: [PATCH 11/92] Making sqlmap compatible with PyPy/PyPy3 --- lib/core/bigarray.py | 5 ++++- lib/core/common.py | 1 + lib/core/settings.py | 2 +- lib/utils/hash.py | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index da01be481..a5711105a 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -22,7 +22,10 @@ from lib.core.exception import SqlmapSystemException from lib.core.settings import BIGARRAY_CHUNK_SIZE from lib.core.settings import BIGARRAY_COMPRESS_LEVEL -DEFAULT_SIZE_OF = sys.getsizeof(object()) +try: + DEFAULT_SIZE_OF = sys.getsizeof(object()) +except TypeError: + DEFAULT_SIZE_OF = 16 def _size_of(instance): """ diff --git a/lib/core/common.py b/lib/core/common.py index bd9c6bdef..ae95a90cc 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2270,6 +2270,7 @@ def isMultiThreadMode(): """ Checks if running in multi-thread(ing) mode + >>> import time >>> isMultiThreadMode() False >>> _ = lambda: time.sleep(0.1) diff --git a/lib/core/settings.py b/lib/core/settings.py index d41bbf999..3f4632671 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.7" +VERSION = "1.5.5.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index a7a5614bf..38b853063 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -351,7 +351,7 @@ def crypt_generic_passwd(password, salt, **kwargs): 'rl.3StKT.4T8M' """ - return crypt(password, salt) + return getText(crypt(password, salt)) def unix_md5_passwd(password, salt, magic="$1$", **kwargs): """ From 94ab17829eda4ca7056fc7aaf0ebace4ef520066 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 25 May 2021 09:01:41 +0200 Subject: [PATCH 12/92] Fixes #4688 --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3f4632671..740540993 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.8" +VERSION = "1.5.5.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index a623dad8b..4d9731c1b 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -4,6 +4,7 @@ # import logging +import re import sys from lib.core.settings import IS_WIN From 3c25f79a9b2a14553dbae2d553a984f26709693e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 25 May 2021 14:40:15 +0200 Subject: [PATCH 13/92] Fixes #4671 --- lib/core/settings.py | 2 +- lib/request/comparison.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 740540993..a0304fb3f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.9" +VERSION = "1.5.5.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 8f973a646..1733325c1 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -13,6 +13,7 @@ from lib.core.common import extractRegexResult from lib.core.common import getFilteredPageContent from lib.core.common import listToStrValue from lib.core.common import removeDynamicContent +from lib.core.common import getLastRequestHTTPError from lib.core.common import wasLastResponseDBMSError from lib.core.common import wasLastResponseHTTPError from lib.core.convert import getBytes @@ -91,7 +92,8 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if page: # In case of an DBMS error page return None if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()) and not kb.negativeLogic: - return None + if not (wasLastResponseHTTPError() and getLastRequestHTTPError() in (conf.ignoreCode or [])): + return None # Dynamic content lines to be excluded before comparison if not kb.nullConnection: From 6942abf09075b4b50465a53e819a828445438749 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 27 May 2021 12:29:40 +0200 Subject: [PATCH 14/92] Minor update --- lib/core/settings.py | 2 +- lib/request/dns.py | 4 ++-- plugins/dbms/access/connector.py | 5 ++--- plugins/dbms/cratedb/syntax.py | 2 +- plugins/dbms/derby/syntax.py | 2 +- plugins/dbms/extremedb/syntax.py | 2 +- plugins/dbms/frontbase/syntax.py | 2 +- plugins/dbms/maxdb/syntax.py | 2 +- plugins/dbms/mckoi/syntax.py | 2 +- plugins/dbms/mysql/connector.py | 7 +++---- plugins/generic/takeover.py | 2 +- 11 files changed, 15 insertions(+), 17 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a0304fb3f..36d7f9cc8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.10" +VERSION = "1.5.5.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/dns.py b/lib/request/dns.py index 5f275286b..9b54ecd5f 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -68,8 +68,8 @@ class DNSServer(object): raw request Reference(s): - http://code.activestate.com/recipes/491264-mini-fake-dns-server/ - https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py + https://code.activestate.com/recipes/491264-mini-fake-dns-server/ + https://web.archive.org/web/20150418152405/https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py """ def __init__(self): diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 0ab871199..52940b003 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -22,9 +22,8 @@ from plugins.generic.connector import Connector as GenericConnector class Connector(GenericConnector): """ - Homepage: http://pyodbc.googlecode.com/ - User guide: http://code.google.com/p/pyodbc/wiki/GettingStarted - API: http://code.google.com/p/pyodbc/w/list + Homepage: https://github.com/mkleehammer/pyodbc + User guide: https://github.com/mkleehammer/pyodbc/wiki Debian package: python-pyodbc License: MIT """ diff --git a/plugins/dbms/cratedb/syntax.py b/plugins/dbms/cratedb/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/cratedb/syntax.py +++ b/plugins/dbms/cratedb/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/derby/syntax.py b/plugins/dbms/derby/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/derby/syntax.py +++ b/plugins/dbms/derby/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/extremedb/syntax.py b/plugins/dbms/extremedb/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/extremedb/syntax.py +++ b/plugins/dbms/extremedb/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/frontbase/syntax.py b/plugins/dbms/frontbase/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/frontbase/syntax.py +++ b/plugins/dbms/frontbase/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/mckoi/syntax.py b/plugins/dbms/mckoi/syntax.py index eadbee04f..ee78f3b52 100644 --- a/plugins/dbms/mckoi/syntax.py +++ b/plugins/dbms/mckoi/syntax.py @@ -11,7 +11,7 @@ class Syntax(GenericSyntax): @staticmethod def escape(expression, quote=True): """ - >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar" + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar" True """ diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index a8a0c58ac..90e618fa7 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -21,10 +21,9 @@ from plugins.generic.connector import Connector as GenericConnector class Connector(GenericConnector): """ - Homepage: http://code.google.com/p/pymysql/ - User guide: http://code.google.com/p/pymysql/ - API: http://code.google.com/p/pymysql/ - Debian package: + Homepage: https://github.com/PyMySQL/PyMySQL + User guide: https://pymysql.readthedocs.io/en/latest/ + Debian package: python3-pymysql License: MIT Possible connectors: http://wiki.python.org/moin/MySQL diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index e5dcfb670..194f4b07b 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -145,7 +145,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): except ImportError: errMsg = "sqlmap requires 'python-impacket' third-party library " errMsg += "in order to run icmpsh master. You can get it at " - errMsg += "http://code.google.com/p/impacket/downloads/list" + errMsg += "https://github.com/SecureAuthCorp/impacket" raise SqlmapMissingDependence(errMsg) filename = "/proc/sys/net/ipv4/icmp_echo_ignore_all" From a23faaeb8c9d37502eee28db2e7fd7ced3bc45e6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 31 May 2021 00:34:14 +0200 Subject: [PATCH 15/92] Patch related to #4693 --- lib/core/common.py | 9 ++++++++- lib/core/settings.py | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index ae95a90cc..41517b4a4 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2708,7 +2708,14 @@ def popValue(): 'foobar' """ - return getCurrentThreadData().valueStack.pop() + retVal = None + + try: + retVal = getCurrentThreadData().valueStack.pop() + except IndexError: + pass + + return retVal def wasLastResponseDBMSError(): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 36d7f9cc8..c18fb8981 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.11" +VERSION = "1.5.5.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From ab904476001428716f14b9be8e51585e0f5331ae Mon Sep 17 00:00:00 2001 From: Pham Sy Minh <59408894+shelld3v@users.noreply.github.com> Date: Tue, 8 Jun 2021 19:02:38 +0700 Subject: [PATCH 16/92] Update README-vi-VN.md (#4701) --- doc/translations/README-vi-VN.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/translations/README-vi-VN.md b/doc/translations/README-vi-VN.md index 71216af61..42a604400 100644 --- a/doc/translations/README-vi-VN.md +++ b/doc/translations/README-vi-VN.md @@ -3,15 +3,14 @@ [![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với -một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập và một loạt các tùy chọn bao gồm lấy dấu cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ -liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành thông qua kết nối ngoài. +một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa. Ảnh chụp màn hình ---- ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) -Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng trên wiki. +Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng có thể tìm thấy trong wiki. Cài đặt ---- @@ -19,11 +18,11 @@ Cài đặt Bạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master). -Tốt hơn là bạn có thể tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap): +Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap): git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev -sqlmap hoạt động hiệu quả với [Python](http://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì nền tảng nào. +sqlmap hoạt động hiệu quả với [Python](http://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào. Sử dụng ---- @@ -36,7 +35,7 @@ Sử dụng python sqlmap.py -hh -Bạn có thể tìm thấy video chạy mẫu [tại đây](https://asciinema.org/a/46601). +Bạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/46601). Để có cái nhìn tổng quan về các khả năng của sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh). Liên kết @@ -44,7 +43,7 @@ Liên kết * Trang chủ: http://sqlmap.org * Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) -* Lịch sử thay nguồn đổi cấp dữ liệu RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues * Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki * Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ From 88553d3540ced413c5cd0442568d7e1abe3a1bf2 Mon Sep 17 00:00:00 2001 From: Stefan Pejcic Date: Tue, 8 Jun 2021 14:03:52 +0200 Subject: [PATCH 17/92] rs translation (#4691) --- doc/translations/README-rs-RS.md | 50 ++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 doc/translations/README-rs-RS.md diff --git a/doc/translations/README-rs-RS.md b/doc/translations/README-rs-RS.md new file mode 100644 index 000000000..09671beb0 --- /dev/null +++ b/doc/translations/README-rs-RS.md @@ -0,0 +1,50 @@ +# sqlmap + +[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza. + +Slike +---- + +![Slika](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Možete posetiti [kolekciju slika](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gde su demonstrirane neke od e se demonstriraju neke od funkcija na wiki stranicama. + +Instalacija +---- + +Možete preuzeti najnoviji tarball klikom [ovde](https://github.com/sqlmapproject/sqlmap/tarball/master) ili najnoviji zipball klikom [ovde](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Opciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap radi bez posebnih zahteva korištenjem [Python](http://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi. + +Korišćenje +---- + +Kako biste dobili listu osnovnih opcija i prekidača koristite: + + python sqlmap.py -h + +Kako biste dobili listu svih opcija i prekidača koristite: + + python sqlmap.py -hh + +Možete pronaći primer izvršavanja [ovde](https://asciinema.org/a/46601). +Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih funkcija, te opis svih opcija i prekidača, zajedno s primerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Linkovi +---- + +* Početna stranica: http://sqlmap.org +* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* RSS feed promena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues +* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki +* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* Twitter: [@sqlmap](https://twitter.com/sqlmap) +* Demo: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* Slike: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots From 3463341bad4c7212a1bce38148939282237efd29 Mon Sep 17 00:00:00 2001 From: Stefan Pejcic Date: Tue, 8 Jun 2021 14:04:03 +0200 Subject: [PATCH 18/92] link to rs translation (#4692) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ca4cab95d..c42e4e30d 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ Translations * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) * [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) +* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md) * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) * [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md) From 295cd15dff9952b88cb264e2508c5931c046b9e4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 Jun 2021 14:05:05 +0200 Subject: [PATCH 19/92] Version bump related to the merged pulls --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c18fb8981..7d0b44374 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.5.12" +VERSION = "1.5.6.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 63073a18735cebd12135444bbe0c1c5c00a57c1e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 Jun 2021 21:48:43 +0200 Subject: [PATCH 20/92] 15% speedup in some cases (avoiding heuristic char detection) --- lib/core/settings.py | 6 +++++- lib/request/basic.py | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7d0b44374..74ccfa881 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -16,10 +16,11 @@ import time from lib.core.enums import DBMS from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS +from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.0" +VERSION = "1.5.6.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -906,6 +907,9 @@ KB_CHARS_BOUNDARY_CHAR = 'q' # Letters of lower frequency used in kb.chars KB_CHARS_LOW_FREQUENCY_ALPHABET = "zqxjkvbp" +# Printable bytes +PRINTABLE_BYTES = set(bytes(string.printable, "ascii") if six.PY3 else string.printable) + # SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk) HTTP_CHUNKED_SPLIT_KEYWORDS = ("SELECT", "UPDATE", "INSERT", "FROM", "LOAD_FILE", "UNION", "information_schema", "sysdatabases", "msysaccessobjects", "msysqueries", "sysmodules") diff --git a/lib/request/basic.py b/lib/request/basic.py index 13a7db752..2ded16330 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -48,6 +48,7 @@ from lib.core.settings import IDENTYWAF_PARSE_LIMIT from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE from lib.core.settings import META_CHARSET_REGEX from lib.core.settings import PARSE_HEADERS_LIMIT +from lib.core.settings import PRINTABLE_BYTES from lib.core.settings import SELECT_FROM_TABLE_REGEX from lib.core.settings import UNICODE_ENCODING from lib.core.settings import VIEWSTATE_REGEX @@ -324,7 +325,7 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True): metaCharset = checkCharEncoding(extractRegexResult(META_CHARSET_REGEX, page)) - if (any((httpCharset, metaCharset)) and not all((httpCharset, metaCharset))) or (httpCharset == metaCharset and all((httpCharset, metaCharset))): + if (any((httpCharset, metaCharset)) and (not all((httpCharset, metaCharset)) or isinstance(page, six.binary_type) and all(_ in PRINTABLE_BYTES for _ in page))) or (httpCharset == metaCharset and all((httpCharset, metaCharset))): kb.pageEncoding = httpCharset or metaCharset # Reference: http://bytes.com/topic/html-css/answers/154758-http-equiv-vs-true-header-has-precedence debugMsg = "declared web page charset '%s'" % kb.pageEncoding singleTimeLogMessage(debugMsg, logging.DEBUG, debugMsg) From 7c7c338705f409a3c6fb5e0da1da9ff2d4272f5e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 11 Jun 2021 09:48:00 +0200 Subject: [PATCH 21/92] Fixes #4705 --- lib/core/settings.py | 2 +- lib/utils/har.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 74ccfa881..aa96993c8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.1" +VERSION = "1.5.6.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/har.py b/lib/utils/har.py index a2cc5ccab..1ccd5a1de 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -165,7 +165,7 @@ class Response(object): try: content = response.read() except _http_client.IncompleteRead: - content = raw[raw.find("\r\n\r\n") + 4:].rstrip("\r\n") + content = raw[raw.find(b"\r\n\r\n") + 4:].rstrip(b"\r\n") return cls(httpVersion="HTTP/1.1" if response.version == 11 else "HTTP/1.0", status=response.status, From 255dce8c4983934e71ce99d5af249363763a5149 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 15 Jun 2021 21:04:51 +0200 Subject: [PATCH 22/92] Fixes #4712 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index aa96993c8..065f819e9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.2" +VERSION = "1.5.6.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 56f7c7336..e44a5532d 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -626,7 +626,7 @@ class Connect(object): if conn: code = (code or conn.code) if conn.code == kb.originalCode else conn.code # do not override redirection code (for comparison purposes) responseHeaders = conn.info() - responseHeaders[URI_HTTP_HEADER] = conn.geturl() + responseHeaders[URI_HTTP_HEADER] = conn.geturl() if hasattr(conn, "geturl") else url if hasattr(conn, "redurl"): responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl From 7c41967865eff84b57d89bb317102004a7f9d1b5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 21 Jun 2021 17:17:41 +0200 Subject: [PATCH 23/92] Fixes #4719 --- lib/core/replication.py | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/replication.py b/lib/core/replication.py index 11ee56e6f..1e43d31e0 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -29,7 +29,7 @@ class Replication(object): self.cursor = self.connection.cursor() except sqlite3.OperationalError as ex: errMsg = "error occurred while opening a replication " - errMsg += "file '%s' ('%s')" % (self.filepath, getSafeExString(ex)) + errMsg += "file '%s' ('%s')" % (dbpath, getSafeExString(ex)) raise SqlmapConnectionException(errMsg) class DataType(object): diff --git a/lib/core/settings.py b/lib/core/settings.py index 065f819e9..14659b0b1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.3" +VERSION = "1.5.6.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 5ea08b397afd14462dbccf7a0790f2fa81e4265f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 24 Jun 2021 21:03:22 +0200 Subject: [PATCH 24/92] Fixes #4710 --- lib/core/dump.py | 4 ++++ lib/core/settings.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 336831674..9bf1b8782 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -26,6 +26,7 @@ from lib.core.common import openFile from lib.core.common import prioritySortColumns from lib.core.common import randomInt from lib.core.common import safeCSValue +from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.compat import xrange from lib.core.convert import getBytes @@ -116,6 +117,9 @@ class Dump(object): if conf.api: self._write(data, content_type=content_type) + if isListLike(data) and len(data) == 1: + data = unArrayizeValue(data) + if isListLike(data): self.lister(header, data, content_type, sort) elif data is not None: diff --git a/lib/core/settings.py b/lib/core/settings.py index 14659b0b1..3afebfda3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.4" +VERSION = "1.5.6.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 69c679cf06cef0d81a178fe39c3c6b37967f6444 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 4 Jul 2021 23:07:55 +0200 Subject: [PATCH 25/92] Fixes #4728 --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 8 ++++---- plugins/generic/users.py | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3afebfda3..6b9b9a02b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.6.5" +VERSION = "1.5.7.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 256fd398a..6cd28b48b 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -618,7 +618,7 @@ class Databases(object): query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = re.sub("column_type", "data_type", query, flags=re.I) elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL): @@ -1022,7 +1022,7 @@ class Databases(object): rootQuery = queries[Backend.getIdentifiedDbms()].statements if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -1049,7 +1049,7 @@ class Databases(object): query = rootQuery.blind.count - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = re.sub("INFORMATION_SCHEMA", "DATA_DICTIONARY", query, flags=re.I) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) @@ -1077,7 +1077,7 @@ class Databases(object): if isNoneValue(value): query = rootQuery.blind.query % index - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = re.sub("INFORMATION_SCHEMA", "DATA_DICTIONARY", query, flags=re.I) value = unArrayizeValue(inject.getValue(query, union=False, error=False)) diff --git a/plugins/generic/users.py b/plugins/generic/users.py index a8fa76ee4..9928b2d14 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -81,7 +81,7 @@ class Users(object): if Backend.isDbms(DBMS.MYSQL): self.getCurrentUser() - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): kb.data.isDba = "root" in (kb.data.currentUser or "") elif kb.data.currentUser: query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0] @@ -106,7 +106,7 @@ class Users(object): condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema) if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = rootQuery.inband.query3 elif condition: query = rootQuery.inband.query2 @@ -126,7 +126,7 @@ class Users(object): infoMsg = "fetching number of database users" logger.info(infoMsg) - if Backend.isFork(FORK.DRIZZLE): + if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = rootQuery.blind.count3 elif condition: query = rootQuery.blind.count2 @@ -147,7 +147,7 @@ class Users(object): for index in indexRange: if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB): query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ") - elif Backend.isFork(FORK.DRIZZLE): + elif Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE): query = rootQuery.blind.query3 % index elif condition: query = rootQuery.blind.query2 % index From 1f3a1410f247ff9c07712da20cf7dbfb1a0f031c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 4 Jul 2021 23:45:22 +0200 Subject: [PATCH 26/92] Fixes #4727 --- lib/core/settings.py | 2 +- lib/utils/safe2bin.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6b9b9a02b..58fe92f29 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.0" +VERSION = "1.5.7.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/safe2bin.py b/lib/utils/safe2bin.py index 6aa57aa4b..3288a0d20 100644 --- a/lib/utils/safe2bin.py +++ b/lib/utils/safe2bin.py @@ -10,7 +10,9 @@ import re import string import sys -if sys.version_info >= (3, 0): +PY3 = sys.version_info >= (3, 0) + +if PY3: xrange = range text_type = str string_types = (str,) @@ -92,7 +94,7 @@ def safechardecode(value, binary=False): if binary: if isinstance(retVal, text_type): - retVal = retVal.encode("utf8") + retVal = retVal.encode("utf8", errors="surrogatepass" if PY3 else "strict") elif isinstance(value, (list, tuple)): for i in xrange(len(value)): From 795b9e65210556c3109cd8a5965e02e7f44411d3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 12 Jul 2021 00:35:50 +0200 Subject: [PATCH 27/92] Fixes #4731 --- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 58fe92f29..4dc43713e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.1" +VERSION = "1.5.7.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index ffb5605b9..62a3ed917 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -125,7 +125,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler): delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER last = None - for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []): + for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []): if '=' in part: part = part.strip() key, value = part.split('=', 1) From fa05878712ab34774f54d70d33abf3e2dfaa79d6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 14 Jul 2021 01:10:33 +0200 Subject: [PATCH 28/92] Fixes #4733 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4dc43713e..a6f9f4dcf 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.2" +VERSION = "1.5.7.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index e44a5532d..d5248cb5b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1275,7 +1275,7 @@ class Connect(object): while True: try: - compile(getBytes(conf.evalCode.replace(';', '\n')), "", "exec") + compile(getBytes(re.sub(r"\s*;\s*", "\n", conf.evalCode)), "", "exec") except SyntaxError as ex: if ex.text: original = replacement = ex.text.strip() From 8895b7d09d2ef59f576e110480f3f0473bd7cd8c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 15 Jul 2021 10:01:17 +0200 Subject: [PATCH 29/92] Fixes #4736 --- data/xml/queries.xml | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/xml/queries.xml b/data/xml/queries.xml index ff824b87e..d7ae78238 100644 --- a/data/xml/queries.xml +++ b/data/xml/queries.xml @@ -1209,7 +1209,7 @@ - + diff --git a/lib/core/settings.py b/lib/core/settings.py index a6f9f4dcf..b089f730b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.3" +VERSION = "1.5.7.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From f8a9288953ead34141c528c153437fec54d9d964 Mon Sep 17 00:00:00 2001 From: Colinatorr <69719906+Colinatorr@users.noreply.github.com> Date: Mon, 19 Jul 2021 13:50:23 +0200 Subject: [PATCH 30/92] fix: typo (#4740) --- lib/controller/checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ef382cf7b..820e780a3 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -435,7 +435,7 @@ def checkSqlInjection(place, parameter, value): origValue = origValue.split(kb.customInjectionMark)[0] origValue = re.search(r"(\w*)\Z", origValue).group(1) - # Threat the parameter original value according to the + # Treat the parameter original value according to the # test's tag if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix: if kb.tamperFunctions: From 3a1dd163ecb5461552f78de077193e833076249c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Jul 2021 13:55:51 +0200 Subject: [PATCH 31/92] Minor text update (#4738) --- lib/core/settings.py | 2 +- lib/utils/sqlalchemy.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b089f730b..41d1477b9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.4" +VERSION = "1.5.7.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index e7a751f72..eafc7e9aa 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -88,7 +88,7 @@ class SQLAlchemy(GenericConnector): self.printConnected() else: - raise SqlmapMissingDependence("SQLAlchemy not available") + raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip install SQLAlchemy')") def fetchall(self): try: From 8af87c7ea6b598e9ec9aa50ba4914572ca07c68b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Jul 2021 13:58:54 +0200 Subject: [PATCH 32/92] More text update --- lib/core/settings.py | 2 +- lib/core/update.py | 2 +- lib/utils/api.py | 2 +- lib/utils/sqlalchemy.py | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 41d1477b9..fbc0a3fe9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.5" +VERSION = "1.5.7.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index 8bdd1df09..d9b597215 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -166,6 +166,6 @@ def update(): infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's recommended " - infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt install git')" + infoMsg += "to install a standard 'git' package (e.g.: 'apt install git')" logger.info(infoMsg) diff --git a/lib/utils/api.py b/lib/utils/api.py index a478c8bba..0b08df882 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -724,7 +724,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST errMsg += "List of supported adapters: %s" % ', '.join(sorted(list(server_names.keys()))) else: errMsg = "Server support for adapter '%s' is not installed on this system " % adapter - errMsg += "(Note: you can try to install it with 'sudo apt install python-%s' or 'sudo pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter) + errMsg += "(Note: you can try to install it with 'apt install python-%s' or 'pip%s install %s')" % (adapter, '3' if six.PY3 else "", adapter) logger.critical(errMsg) def _client(url, options=None): diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index eafc7e9aa..3a1266d09 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -35,6 +35,7 @@ from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapFilePathException from lib.core.exception import SqlmapMissingDependence from plugins.generic.connector import Connector as GenericConnector +from thirdparty import six def getSafeExString(ex, encoding=None): # Cross-referenced function raise NotImplementedError @@ -88,7 +89,7 @@ class SQLAlchemy(GenericConnector): self.printConnected() else: - raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip install SQLAlchemy')") + raise SqlmapMissingDependence("SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')" % ('3' if six.PY3 else "")) def fetchall(self): try: From 179a6edf920cb633aa9f3b9dc9fdc0388598dc24 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 23 Jul 2021 00:08:58 +0200 Subject: [PATCH 33/92] Implements swagger API specs (#4746) --- lib/core/settings.py | 2 +- sqlmapapi.yaml | 230 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 sqlmapapi.yaml diff --git a/lib/core/settings.py b/lib/core/settings.py index fbc0a3fe9..68f38ae10 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.6" +VERSION = "1.5.7.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmapapi.yaml b/sqlmapapi.yaml new file mode 100644 index 000000000..0ee4b2cd3 --- /dev/null +++ b/sqlmapapi.yaml @@ -0,0 +1,230 @@ +openapi: 3.0.1 +info: + title: sqlmapapi OpenAPI/Swagger specification + version: '0.1' +paths: + /version: + get: + description: Fetch server version + responses: + '200': + description: OK + /task/new: + get: + description: Create a new task + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + taskid: + type: string + example: "fad44d6beef72285" + success: + type: boolean + /scan/{taskid}/start: + post: + description: Launch a scan + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + requestBody: + content: + application/json: + schema: + type: object + properties: + url: + type: string + examples: + '0': + value: '{"url":"http://testphp.vulnweb.com/artists.php?artist=1"}' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + engineid: + type: integer + example: 19720 + success: + type: boolean + /scan/{taskid}/stop: + get: + description: Stop a scan + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + example: true + /scan/{taskid}/status: + get: + description: Fetch status of a scan + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + status: + type: string + example: terminated + returncode: + type: integer + example: 0 + success: + type: boolean + example: true + /scan/{taskid}/list: + get: + description: List options for a given task ID + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + example: true + options: + type: array + items: + type: object + /scan/{taskid}/data: + get: + description: Retrieve the scan resulting data + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + type: object + success: + type: boolean + example: true + error: + type: array + items: + type: object + /scan/{taskid}/log: + get: + description: Retrieve the log messages + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + log: + type: array + items: + type: object + success: + type: boolean + example: true + /scan/{taskid}/kill: + get: + description: Kill a scan + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + example: true + /task/{taskid}/delete: + get: + description: Delete an existing task + parameters: + - in: path + name: taskid + required: true + schema: + type: string + description: Scan task ID + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + success: + type: boolean + example: true From 2679c650aaabb57a90be9c5071b5cb2d522fc2c2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 23 Jul 2021 11:04:30 +0200 Subject: [PATCH 34/92] Trivial update --- lib/core/settings.py | 2 +- sqlmapapi.yaml | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 68f38ae10..623df3681 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.7" +VERSION = "1.5.7.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmapapi.yaml b/sqlmapapi.yaml index 0ee4b2cd3..999cdddff 100644 --- a/sqlmapapi.yaml +++ b/sqlmapapi.yaml @@ -9,6 +9,17 @@ paths: responses: '200': description: OK + content: + application/json: + schema: + type: object + properties: + version: + type: string + example: "1.5.7.7#dev" + success: + type: boolean + example: true /task/new: get: description: Create a new task @@ -25,6 +36,7 @@ paths: example: "fad44d6beef72285" success: type: boolean + example: true /scan/{taskid}/start: post: description: Launch a scan @@ -59,6 +71,7 @@ paths: example: 19720 success: type: boolean + example: true /scan/{taskid}/stop: get: description: Stop a scan From 293772348cbb2dd46eaa9e7e1851145c741c15e5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Jul 2021 00:34:10 +0200 Subject: [PATCH 35/92] Fixes #4751 --- lib/core/settings.py | 2 +- plugins/generic/misc.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 623df3681..c088ea83e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.8" +VERSION = "1.5.7.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 3ca193bd5..153f64c9b 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -158,7 +158,7 @@ class Miscellaneous(object): udfDict = {"master..new_xp_cmdshell": {}} if udfDict is None: - udfDict = self.sysUdfs + udfDict = getattr(self, "sysUdfs", {}) for udf, inpRet in udfDict.items(): message = "do you want to remove UDF '%s'? [Y/n] " % udf From 06cd97f0979d0ac88b73def309bd51191159de81 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Aug 2021 02:38:41 +0200 Subject: [PATCH 36/92] Trivial update --- lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c088ea83e..823f60f66 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.7.9" +VERSION = "1.5.8.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 1b6e66545..fc3c223f5 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -45,9 +45,9 @@ class Fingerprint(GenericFingerprint): # Reference: https://dev.mysql.com/doc/relnotes/mysql/./en/ versions = ( - (80000, 80028), # MySQL 8.0 + (80000, 80029), # MySQL 8.0 (60000, 60014), # MySQL 6.0 - (50700, 50736), # MySQL 5.7 + (50700, 50737), # MySQL 5.7 (50600, 50652), # MySQL 5.6 (50500, 50563), # MySQL 5.5 (50400, 50404), # MySQL 5.4 From b3bc401f2e8ad54058794cefe10c0bed9ad4fdc7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 17 Aug 2021 15:16:05 +0200 Subject: [PATCH 37/92] Fixing #4768 --- data/xml/queries.xml | 2 +- lib/core/settings.py | 2 +- lib/utils/hash.py | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/data/xml/queries.xml b/data/xml/queries.xml index d7ae78238..a9120e064 100644 --- a/data/xml/queries.xml +++ b/data/xml/queries.xml @@ -128,7 +128,7 @@ - + diff --git a/lib/core/settings.py b/lib/core/settings.py index 823f60f66..c75585389 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.0" +VERSION = "1.5.8.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 38b853063..6a431ffdc 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -636,7 +636,10 @@ def storeHashesToFile(attack_dict): with openFile(filename, "w+") as f: for item in items: - f.write(item) + try: + f.write(item) + except (UnicodeError, TypeError): + pass def attackCachedUsersPasswords(): if kb.data.cachedUsersPasswords: From 9da558f041ca0bf43579c0c4161ff17566ba1e7f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Aug 2021 22:39:32 +0200 Subject: [PATCH 38/92] Minor revert (accidental change) --- data/xml/queries.xml | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/xml/queries.xml b/data/xml/queries.xml index a9120e064..d7ae78238 100644 --- a/data/xml/queries.xml +++ b/data/xml/queries.xml @@ -128,7 +128,7 @@ - + diff --git a/lib/core/settings.py b/lib/core/settings.py index c75585389..191a63681 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.1" +VERSION = "1.5.8.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 3977be9c9e3967b690d9f0714775dfd528b3a98b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Aug 2021 23:08:54 +0200 Subject: [PATCH 39/92] Fixing falling back (aka query2) for --tables --- data/xml/queries.xml | 4 +- lib/core/settings.py | 2 +- plugins/generic/databases.py | 123 ++++++++++++++++++----------------- 3 files changed, 67 insertions(+), 62 deletions(-) diff --git a/data/xml/queries.xml b/data/xml/queries.xml index d7ae78238..75f6edf95 100644 --- a/data/xml/queries.xml +++ b/data/xml/queries.xml @@ -127,8 +127,8 @@ - - + + diff --git a/lib/core/settings.py b/lib/core/settings.py index 191a63681..200622f6b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.2" +VERSION = "1.5.8.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 6cd28b48b..d77d2f025 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -363,78 +363,83 @@ class Databases(object): singleTimeLogMessage(infoMsg) continue - infoMsg = "fetching number of tables for " - infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db) - logger.info(infoMsg) + for query, count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))): + if query is None: + break - if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - query = rootQuery.blind.count - else: - query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db) + infoMsg = "fetching number of tables for " + infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db) + logger.info(infoMsg) - count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): + count = count % unsafeSQLIdentificatorNaming(db) - if count == 0: - warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db) - warnMsg += "appears to be empty" - logger.warn(warnMsg) - continue + count = inject.getValue(count, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) - elif not isNumPosStrValue(count): - warnMsg = "unable to retrieve the number of " - warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db) - logger.warn(warnMsg) - continue + if count == 0: + warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db) + warnMsg += "appears to be empty" + logger.warn(warnMsg) + break - tables = [] + elif not isNumPosStrValue(count): + warnMsg = "unable to retrieve the number of " + warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db) + singleTimeWarnMessage(warnMsg) + continue - plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES - indexRange = getLimitRange(count, plusOne=plusOne) + tables = [] - for index in indexRange: - if Backend.isDbms(DBMS.SYBASE): - query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) - elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") - elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): - query = rootQuery.blind.query % index - elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO): - query = rootQuery.blind.query % (index, unsafeSQLIdentificatorNaming(db)) - else: - query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index) + plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES + indexRange = getLimitRange(count, plusOne=plusOne) - table = unArrayizeValue(inject.getValue(query, union=False, error=False)) + for index in indexRange: + if Backend.isDbms(DBMS.SYBASE): + query = query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) + elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): + query = query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") + elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): + query = query % index + elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO): + query = query % (index, unsafeSQLIdentificatorNaming(db)) + else: + query = query % (unsafeSQLIdentificatorNaming(db), index) - if not isNoneValue(table): - kb.hintValue = table - table = safeSQLIdentificatorNaming(table, True) - tables.append(table) + table = unArrayizeValue(inject.getValue(query, union=False, error=False)) + + if not isNoneValue(table): + kb.hintValue = table + table = safeSQLIdentificatorNaming(table, True) + tables.append(table) + + if tables: + kb.data.cachedTables[db] = tables if conf.getComments: - _ = queries[Backend.getIdentifiedDbms()].table_comment - if hasattr(_, "query"): - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE): - query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper())) + for table in tables: + _ = queries[Backend.getIdentifiedDbms()].table_comment + if hasattr(_, "query"): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE): + query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper())) + else: + query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table)) + + comment = unArrayizeValue(inject.getValue(query, union=False, error=False)) + if not isNoneValue(comment): + infoMsg = "retrieved comment '%s' for table '%s'" % (comment, unsafeSQLIdentificatorNaming(table)) + if METADB_SUFFIX not in db: + infoMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(db) + logger.info(infoMsg) else: - query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table)) + warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() + warnMsg += "possible to get table comments" + singleTimeWarnMessage(warnMsg) - comment = unArrayizeValue(inject.getValue(query, union=False, error=False)) - if not isNoneValue(comment): - infoMsg = "retrieved comment '%s' for table '%s'" % (comment, unsafeSQLIdentificatorNaming(table)) - if METADB_SUFFIX not in db: - infoMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(db) - logger.info(infoMsg) - else: - warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() - warnMsg += "possible to get table comments" - singleTimeWarnMessage(warnMsg) - - if tables: - kb.data.cachedTables[db] = tables - else: - warnMsg = "unable to retrieve the table names " - warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db) - logger.warn(warnMsg) + break + else: + warnMsg = "unable to retrieve the table names " + warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db) + logger.warn(warnMsg) if isNoneValue(kb.data.cachedTables): kb.data.cachedTables.clear() From f1dbe9e388731192984f13648bb0687ab7bc8eba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Aug 2021 23:16:19 +0200 Subject: [PATCH 40/92] Minor bug fix --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 200622f6b..b074fbbda 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.3" +VERSION = "1.5.8.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index d77d2f025..7e902fe44 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -363,8 +363,8 @@ class Databases(object): singleTimeLogMessage(infoMsg) continue - for query, count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))): - if query is None: + for _query, _count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))): + if _query is None: break infoMsg = "fetching number of tables for " @@ -372,9 +372,11 @@ class Databases(object): logger.info(infoMsg) if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - count = count % unsafeSQLIdentificatorNaming(db) + query = _count % unsafeSQLIdentificatorNaming(db) + else: + query = _count - count = inject.getValue(count, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if count == 0: warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db) @@ -395,15 +397,15 @@ class Databases(object): for index in indexRange: if Backend.isDbms(DBMS.SYBASE): - query = query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) + query = _query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - query = query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") + query = _query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): - query = query % index + query = _query % index elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO): - query = query % (index, unsafeSQLIdentificatorNaming(db)) + query = _query % (index, unsafeSQLIdentificatorNaming(db)) else: - query = query % (unsafeSQLIdentificatorNaming(db), index) + query = _query % (unsafeSQLIdentificatorNaming(db), index) table = unArrayizeValue(inject.getValue(query, union=False, error=False)) From 45553f0efc1c89ab2ed3836bf4255f73f44e95e8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 26 Aug 2021 17:46:56 +0200 Subject: [PATCH 41/92] Fixes #4779 --- lib/core/settings.py | 2 +- plugins/dbms/postgresql/takeover.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b074fbbda..d5f4a8316 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.4" +VERSION = "1.5.8.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index e1f6241a3..49cc787c1 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -51,7 +51,7 @@ class Takeover(GenericTakeover): banVer = kb.bannerFp["dbmsVersion"] - if not banVer: + if not banVer or not banVer[0].isdigit(): errMsg = "unsupported feature on unknown version of PostgreSQL" raise SqlmapUnsupportedFeatureException(errMsg) elif distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("10"): From d63401632c0382b5ef3b2248b77f99532505b8be Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 26 Aug 2021 18:08:48 +0200 Subject: [PATCH 42/92] Fixes #4776 --- lib/controller/controller.py | 12 ++++++------ lib/core/settings.py | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 14a2174bb..e10a1d78b 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -295,10 +295,12 @@ def start(): infoMsg = "found a total of %d targets" % len(kb.targets) logger.info(infoMsg) - hostCount = 0 + targetCount = 0 initialHeaders = list(conf.httpHeaders) for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets: + targetCount += 1 + try: if conf.checkInternet: infoMsg = "checking for Internet connection" @@ -375,12 +377,10 @@ def start(): continue if conf.multipleTargets: - hostCount += 1 - if conf.forms and conf.method: - message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl) + message = "[%d/%d] Form:\n%s %s" % (targetCount, len(kb.targets), conf.method, targetUrl) else: - message = "URL %d:\n%s %s" % (hostCount, HTTPMETHOD.GET, targetUrl) + message = "[%d/%d] URL:\n%s %s" % (targetCount, len(kb.targets), HTTPMETHOD.GET, targetUrl) if conf.cookie: message += "\nCookie: %s" % conf.cookie @@ -738,7 +738,7 @@ def start(): if conf.multipleTargets: _saveToResultsFile() - errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL") + errMsg += ", skipping to the next target" logger.error(errMsg.lstrip(", ")) else: logger.critical(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index d5f4a8316..7916dbdc6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.5" +VERSION = "1.5.8.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From afa4d2c514633dd1e8a0a9aa7357ad94ca987435 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 31 Aug 2021 13:04:45 +0200 Subject: [PATCH 43/92] Fixes #4783 --- lib/controller/controller.py | 4 ++-- lib/core/settings.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index e10a1d78b..224ee3cdb 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -378,9 +378,9 @@ def start(): if conf.multipleTargets: if conf.forms and conf.method: - message = "[%d/%d] Form:\n%s %s" % (targetCount, len(kb.targets), conf.method, targetUrl) + message = "[%d/%s] Form:\n%s %s" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', conf.method, targetUrl) else: - message = "[%d/%d] URL:\n%s %s" % (targetCount, len(kb.targets), HTTPMETHOD.GET, targetUrl) + message = "[%d/%s] URL:\n%s %s" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', HTTPMETHOD.GET, targetUrl) if conf.cookie: message += "\nCookie: %s" % conf.cookie diff --git a/lib/core/settings.py b/lib/core/settings.py index 7916dbdc6..4501c904b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.6" +VERSION = "1.5.8.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From cc5ba4753c65c0e9bd0bec08bd31d08330e441ba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 31 Aug 2021 13:07:38 +0200 Subject: [PATCH 44/92] Fixes #4784 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4501c904b..3a8834415 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.7" +VERSION = "1.5.8.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index d5248cb5b..0cc83b244 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -978,7 +978,7 @@ class Connect(object): if conf.httpHeaders: headers = OrderedDict(conf.httpHeaders) - contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else "" for _ in headers) or None + contentType = max(headers[_] or "" if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else "" for _ in headers) or None if (kb.postHint or conf.skipUrlEncode) and postUrlEncode: postUrlEncode = False From 6e968584f6251e44271898ba981091903459205b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 2 Sep 2021 21:44:41 +0200 Subject: [PATCH 45/92] Minor refactoring --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- lib/utils/api.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3a8834415..cbb5c8595 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.8" +VERSION = "1.5.9.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 0cc83b244..41b159d43 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -695,7 +695,7 @@ class Connect(object): except SqlmapConnectionException as ex: if conf.proxyList and not kb.threadException: - warnMsg = "unable to connect to the target URL ('%s')" % ex + warnMsg = "unable to connect to the target URL ('%s')" % getSafeExString(ex) logger.critical(warnMsg) threadData.retriesCount = conf.retries return Connect._retryProxy(**kwargs) diff --git a/lib/utils/api.py b/lib/utils/api.py index 0b08df882..a2b47cd25 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -773,7 +773,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non if not isinstance(ex, _urllib.error.HTTPError) or ex.code == _http_client.UNAUTHORIZED: errMsg = "There has been a problem while connecting to the " errMsg += "REST-JSON API server at '%s' " % addr - errMsg += "(%s)" % ex + errMsg += "(%s)" % getSafeExString(ex) logger.critical(errMsg) return @@ -825,7 +825,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non try: argv = ["sqlmap.py"] + shlex.split(command)[1:] except Exception as ex: - logger.error("Error occurred while parsing arguments ('%s')" % ex) + logger.error("Error occurred while parsing arguments ('%s')" % getSafeExString(ex)) taskid = None continue From d95406016c74d342b42d658714354f54b2af0d31 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 8 Sep 2021 21:01:41 +0200 Subject: [PATCH 46/92] Update regarding #4795 --- README.md | 2 +- data/txt/common-columns.txt | 2 +- data/txt/common-files.txt | 2 +- data/txt/common-outputs.txt | 2 +- data/txt/common-tables.txt | 2 +- data/txt/keywords.txt | 2 +- data/txt/user-agents.txt | 2 +- doc/CHANGELOG.md | 4 ++-- doc/translations/README-bg-BG.md | 2 +- doc/translations/README-de-GER.md | 2 +- doc/translations/README-es-MX.md | 2 +- doc/translations/README-fa-IR.md | 2 +- doc/translations/README-fr-FR.md | 2 +- doc/translations/README-gr-GR.md | 2 +- doc/translations/README-hr-HR.md | 2 +- doc/translations/README-id-ID.md | 2 +- doc/translations/README-it-IT.md | 2 +- doc/translations/README-ja-JP.md | 2 +- doc/translations/README-ko-KR.md | 2 +- doc/translations/README-pl-PL.md | 2 +- doc/translations/README-pt-BR.md | 2 +- doc/translations/README-rs-RS.md | 2 +- doc/translations/README-ru-RUS.md | 2 +- doc/translations/README-tr-TR.md | 2 +- doc/translations/README-uk-UA.md | 2 +- doc/translations/README-vi-VN.md | 2 +- doc/translations/README-zh-CN.md | 2 +- extra/__init__.py | 2 +- extra/beep/__init__.py | 2 +- extra/beep/beep.py | 2 +- extra/cloak/__init__.py | 2 +- extra/cloak/cloak.py | 2 +- extra/dbgtool/__init__.py | 2 +- extra/dbgtool/dbgtool.py | 2 +- extra/shutils/blanks.sh | 2 +- extra/shutils/drei.sh | 2 +- extra/shutils/duplicates.py | 2 +- extra/shutils/junk.sh | 2 +- extra/shutils/modernize.sh | 2 +- extra/shutils/pycodestyle.sh | 2 +- extra/shutils/pydiatra.sh | 2 +- extra/shutils/pyflakes.sh | 2 +- extra/shutils/pylint.sh | 2 +- extra/shutils/pypi.sh | 8 ++++---- extra/vulnserver/__init__.py | 2 +- extra/vulnserver/vulnserver.py | 4 ++-- lib/__init__.py | 2 +- lib/controller/__init__.py | 2 +- lib/controller/action.py | 2 +- lib/controller/checks.py | 2 +- lib/controller/controller.py | 2 +- lib/controller/handler.py | 2 +- lib/core/__init__.py | 2 +- lib/core/agent.py | 2 +- lib/core/bigarray.py | 2 +- lib/core/common.py | 2 +- lib/core/compat.py | 2 +- lib/core/convert.py | 2 +- lib/core/data.py | 2 +- lib/core/datatype.py | 2 +- lib/core/decorators.py | 2 +- lib/core/defaults.py | 2 +- lib/core/dicts.py | 2 +- lib/core/dump.py | 2 +- lib/core/enums.py | 2 +- lib/core/exception.py | 2 +- lib/core/gui.py | 2 +- lib/core/log.py | 2 +- lib/core/option.py | 2 +- lib/core/optiondict.py | 2 +- lib/core/patch.py | 2 +- lib/core/profiling.py | 2 +- lib/core/readlineng.py | 2 +- lib/core/replication.py | 2 +- lib/core/revision.py | 2 +- lib/core/session.py | 2 +- lib/core/settings.py | 6 +++--- lib/core/shell.py | 2 +- lib/core/subprocessng.py | 2 +- lib/core/target.py | 2 +- lib/core/testing.py | 2 +- lib/core/threads.py | 2 +- lib/core/unescaper.py | 2 +- lib/core/update.py | 2 +- lib/core/wordlist.py | 2 +- lib/parse/__init__.py | 2 +- lib/parse/banner.py | 2 +- lib/parse/cmdline.py | 2 +- lib/parse/configfile.py | 2 +- lib/parse/handler.py | 2 +- lib/parse/headers.py | 2 +- lib/parse/html.py | 2 +- lib/parse/payloads.py | 2 +- lib/parse/sitemap.py | 2 +- lib/request/__init__.py | 2 +- lib/request/basic.py | 2 +- lib/request/basicauthhandler.py | 2 +- lib/request/chunkedhandler.py | 2 +- lib/request/comparison.py | 2 +- lib/request/connect.py | 2 +- lib/request/direct.py | 2 +- lib/request/dns.py | 2 +- lib/request/httpshandler.py | 2 +- lib/request/inject.py | 2 +- lib/request/methodrequest.py | 2 +- lib/request/pkihandler.py | 2 +- lib/request/rangehandler.py | 2 +- lib/request/redirecthandler.py | 2 +- lib/request/templates.py | 2 +- lib/takeover/__init__.py | 2 +- lib/takeover/abstraction.py | 2 +- lib/takeover/icmpsh.py | 2 +- lib/takeover/metasploit.py | 2 +- lib/takeover/registry.py | 2 +- lib/takeover/udf.py | 2 +- lib/takeover/web.py | 2 +- lib/takeover/xp_cmdshell.py | 2 +- lib/techniques/__init__.py | 2 +- lib/techniques/blind/__init__.py | 2 +- lib/techniques/blind/inference.py | 2 +- lib/techniques/dns/__init__.py | 2 +- lib/techniques/dns/test.py | 2 +- lib/techniques/dns/use.py | 2 +- lib/techniques/error/__init__.py | 2 +- lib/techniques/error/use.py | 2 +- lib/techniques/union/__init__.py | 2 +- lib/techniques/union/test.py | 2 +- lib/techniques/union/use.py | 2 +- lib/utils/__init__.py | 2 +- lib/utils/api.py | 2 +- lib/utils/brute.py | 2 +- lib/utils/crawler.py | 2 +- lib/utils/deps.py | 2 +- lib/utils/getch.py | 2 +- lib/utils/har.py | 2 +- lib/utils/hash.py | 2 +- lib/utils/hashdb.py | 2 +- lib/utils/httpd.py | 2 +- lib/utils/pivotdumptable.py | 2 +- lib/utils/progress.py | 2 +- lib/utils/purge.py | 2 +- lib/utils/safe2bin.py | 2 +- lib/utils/search.py | 2 +- lib/utils/sqlalchemy.py | 2 +- lib/utils/timeout.py | 2 +- lib/utils/versioncheck.py | 2 +- lib/utils/xrange.py | 2 +- plugins/__init__.py | 2 +- plugins/dbms/__init__.py | 2 +- plugins/dbms/access/__init__.py | 2 +- plugins/dbms/access/connector.py | 2 +- plugins/dbms/access/enumeration.py | 2 +- plugins/dbms/access/filesystem.py | 2 +- plugins/dbms/access/fingerprint.py | 2 +- plugins/dbms/access/syntax.py | 2 +- plugins/dbms/access/takeover.py | 2 +- plugins/dbms/altibase/__init__.py | 2 +- plugins/dbms/altibase/connector.py | 2 +- plugins/dbms/altibase/enumeration.py | 2 +- plugins/dbms/altibase/filesystem.py | 2 +- plugins/dbms/altibase/fingerprint.py | 2 +- plugins/dbms/altibase/syntax.py | 2 +- plugins/dbms/altibase/takeover.py | 2 +- plugins/dbms/cache/__init__.py | 2 +- plugins/dbms/cache/connector.py | 2 +- plugins/dbms/cache/enumeration.py | 2 +- plugins/dbms/cache/filesystem.py | 2 +- plugins/dbms/cache/fingerprint.py | 2 +- plugins/dbms/cache/syntax.py | 2 +- plugins/dbms/cache/takeover.py | 2 +- plugins/dbms/cratedb/__init__.py | 2 +- plugins/dbms/cratedb/connector.py | 2 +- plugins/dbms/cratedb/enumeration.py | 2 +- plugins/dbms/cratedb/filesystem.py | 2 +- plugins/dbms/cratedb/fingerprint.py | 2 +- plugins/dbms/cratedb/syntax.py | 2 +- plugins/dbms/cratedb/takeover.py | 2 +- plugins/dbms/cubrid/__init__.py | 2 +- plugins/dbms/cubrid/connector.py | 2 +- plugins/dbms/cubrid/enumeration.py | 2 +- plugins/dbms/cubrid/filesystem.py | 2 +- plugins/dbms/cubrid/fingerprint.py | 2 +- plugins/dbms/cubrid/syntax.py | 2 +- plugins/dbms/cubrid/takeover.py | 2 +- plugins/dbms/db2/__init__.py | 2 +- plugins/dbms/db2/connector.py | 2 +- plugins/dbms/db2/enumeration.py | 2 +- plugins/dbms/db2/filesystem.py | 2 +- plugins/dbms/db2/fingerprint.py | 2 +- plugins/dbms/db2/syntax.py | 2 +- plugins/dbms/db2/takeover.py | 2 +- plugins/dbms/derby/__init__.py | 2 +- plugins/dbms/derby/connector.py | 2 +- plugins/dbms/derby/enumeration.py | 2 +- plugins/dbms/derby/filesystem.py | 2 +- plugins/dbms/derby/fingerprint.py | 2 +- plugins/dbms/derby/syntax.py | 2 +- plugins/dbms/derby/takeover.py | 2 +- plugins/dbms/extremedb/__init__.py | 2 +- plugins/dbms/extremedb/connector.py | 2 +- plugins/dbms/extremedb/enumeration.py | 2 +- plugins/dbms/extremedb/filesystem.py | 2 +- plugins/dbms/extremedb/fingerprint.py | 2 +- plugins/dbms/extremedb/syntax.py | 2 +- plugins/dbms/extremedb/takeover.py | 2 +- plugins/dbms/firebird/__init__.py | 2 +- plugins/dbms/firebird/connector.py | 2 +- plugins/dbms/firebird/enumeration.py | 2 +- plugins/dbms/firebird/filesystem.py | 2 +- plugins/dbms/firebird/fingerprint.py | 2 +- plugins/dbms/firebird/syntax.py | 2 +- plugins/dbms/firebird/takeover.py | 2 +- plugins/dbms/frontbase/__init__.py | 2 +- plugins/dbms/frontbase/connector.py | 2 +- plugins/dbms/frontbase/enumeration.py | 2 +- plugins/dbms/frontbase/filesystem.py | 2 +- plugins/dbms/frontbase/fingerprint.py | 2 +- plugins/dbms/frontbase/syntax.py | 2 +- plugins/dbms/frontbase/takeover.py | 2 +- plugins/dbms/h2/__init__.py | 2 +- plugins/dbms/h2/connector.py | 2 +- plugins/dbms/h2/enumeration.py | 2 +- plugins/dbms/h2/filesystem.py | 2 +- plugins/dbms/h2/fingerprint.py | 2 +- plugins/dbms/h2/syntax.py | 2 +- plugins/dbms/h2/takeover.py | 2 +- plugins/dbms/hsqldb/__init__.py | 2 +- plugins/dbms/hsqldb/connector.py | 2 +- plugins/dbms/hsqldb/enumeration.py | 2 +- plugins/dbms/hsqldb/filesystem.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 2 +- plugins/dbms/hsqldb/syntax.py | 2 +- plugins/dbms/hsqldb/takeover.py | 2 +- plugins/dbms/informix/__init__.py | 2 +- plugins/dbms/informix/connector.py | 2 +- plugins/dbms/informix/enumeration.py | 2 +- plugins/dbms/informix/filesystem.py | 2 +- plugins/dbms/informix/fingerprint.py | 2 +- plugins/dbms/informix/syntax.py | 2 +- plugins/dbms/informix/takeover.py | 2 +- plugins/dbms/maxdb/__init__.py | 2 +- plugins/dbms/maxdb/connector.py | 2 +- plugins/dbms/maxdb/enumeration.py | 2 +- plugins/dbms/maxdb/filesystem.py | 2 +- plugins/dbms/maxdb/fingerprint.py | 2 +- plugins/dbms/maxdb/syntax.py | 2 +- plugins/dbms/maxdb/takeover.py | 2 +- plugins/dbms/mckoi/__init__.py | 2 +- plugins/dbms/mckoi/connector.py | 2 +- plugins/dbms/mckoi/enumeration.py | 2 +- plugins/dbms/mckoi/filesystem.py | 2 +- plugins/dbms/mckoi/fingerprint.py | 2 +- plugins/dbms/mckoi/syntax.py | 2 +- plugins/dbms/mckoi/takeover.py | 2 +- plugins/dbms/mimersql/__init__.py | 2 +- plugins/dbms/mimersql/connector.py | 2 +- plugins/dbms/mimersql/enumeration.py | 2 +- plugins/dbms/mimersql/filesystem.py | 2 +- plugins/dbms/mimersql/fingerprint.py | 2 +- plugins/dbms/mimersql/syntax.py | 2 +- plugins/dbms/mimersql/takeover.py | 2 +- plugins/dbms/monetdb/__init__.py | 2 +- plugins/dbms/monetdb/connector.py | 2 +- plugins/dbms/monetdb/enumeration.py | 2 +- plugins/dbms/monetdb/filesystem.py | 2 +- plugins/dbms/monetdb/fingerprint.py | 2 +- plugins/dbms/monetdb/syntax.py | 2 +- plugins/dbms/monetdb/takeover.py | 2 +- plugins/dbms/mssqlserver/__init__.py | 2 +- plugins/dbms/mssqlserver/connector.py | 2 +- plugins/dbms/mssqlserver/enumeration.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 2 +- plugins/dbms/mssqlserver/fingerprint.py | 2 +- plugins/dbms/mssqlserver/syntax.py | 2 +- plugins/dbms/mssqlserver/takeover.py | 2 +- plugins/dbms/mysql/__init__.py | 2 +- plugins/dbms/mysql/connector.py | 2 +- plugins/dbms/mysql/enumeration.py | 2 +- plugins/dbms/mysql/filesystem.py | 2 +- plugins/dbms/mysql/fingerprint.py | 2 +- plugins/dbms/mysql/syntax.py | 2 +- plugins/dbms/mysql/takeover.py | 2 +- plugins/dbms/oracle/__init__.py | 2 +- plugins/dbms/oracle/connector.py | 2 +- plugins/dbms/oracle/enumeration.py | 2 +- plugins/dbms/oracle/filesystem.py | 2 +- plugins/dbms/oracle/fingerprint.py | 2 +- plugins/dbms/oracle/syntax.py | 2 +- plugins/dbms/oracle/takeover.py | 2 +- plugins/dbms/postgresql/__init__.py | 2 +- plugins/dbms/postgresql/connector.py | 2 +- plugins/dbms/postgresql/enumeration.py | 2 +- plugins/dbms/postgresql/filesystem.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 2 +- plugins/dbms/postgresql/syntax.py | 2 +- plugins/dbms/postgresql/takeover.py | 2 +- plugins/dbms/presto/__init__.py | 2 +- plugins/dbms/presto/connector.py | 2 +- plugins/dbms/presto/enumeration.py | 2 +- plugins/dbms/presto/filesystem.py | 2 +- plugins/dbms/presto/fingerprint.py | 2 +- plugins/dbms/presto/syntax.py | 2 +- plugins/dbms/presto/takeover.py | 2 +- plugins/dbms/raima/__init__.py | 2 +- plugins/dbms/raima/connector.py | 2 +- plugins/dbms/raima/enumeration.py | 2 +- plugins/dbms/raima/filesystem.py | 2 +- plugins/dbms/raima/fingerprint.py | 2 +- plugins/dbms/raima/syntax.py | 2 +- plugins/dbms/raima/takeover.py | 2 +- plugins/dbms/sqlite/__init__.py | 2 +- plugins/dbms/sqlite/connector.py | 2 +- plugins/dbms/sqlite/enumeration.py | 2 +- plugins/dbms/sqlite/filesystem.py | 2 +- plugins/dbms/sqlite/fingerprint.py | 2 +- plugins/dbms/sqlite/syntax.py | 2 +- plugins/dbms/sqlite/takeover.py | 2 +- plugins/dbms/sybase/__init__.py | 2 +- plugins/dbms/sybase/connector.py | 2 +- plugins/dbms/sybase/enumeration.py | 2 +- plugins/dbms/sybase/filesystem.py | 2 +- plugins/dbms/sybase/fingerprint.py | 2 +- plugins/dbms/sybase/syntax.py | 2 +- plugins/dbms/sybase/takeover.py | 2 +- plugins/dbms/vertica/__init__.py | 2 +- plugins/dbms/vertica/connector.py | 2 +- plugins/dbms/vertica/enumeration.py | 2 +- plugins/dbms/vertica/filesystem.py | 2 +- plugins/dbms/vertica/fingerprint.py | 2 +- plugins/dbms/vertica/syntax.py | 2 +- plugins/dbms/vertica/takeover.py | 2 +- plugins/dbms/virtuoso/__init__.py | 2 +- plugins/dbms/virtuoso/connector.py | 2 +- plugins/dbms/virtuoso/enumeration.py | 2 +- plugins/dbms/virtuoso/filesystem.py | 2 +- plugins/dbms/virtuoso/fingerprint.py | 2 +- plugins/dbms/virtuoso/syntax.py | 2 +- plugins/dbms/virtuoso/takeover.py | 2 +- plugins/generic/__init__.py | 2 +- plugins/generic/connector.py | 2 +- plugins/generic/custom.py | 2 +- plugins/generic/databases.py | 2 +- plugins/generic/entries.py | 2 +- plugins/generic/enumeration.py | 2 +- plugins/generic/filesystem.py | 2 +- plugins/generic/fingerprint.py | 2 +- plugins/generic/misc.py | 2 +- plugins/generic/search.py | 2 +- plugins/generic/syntax.py | 2 +- plugins/generic/takeover.py | 2 +- plugins/generic/users.py | 2 +- sqlmap.py | 2 +- sqlmapapi.py | 2 +- tamper/0eunion.py | 2 +- tamper/__init__.py | 2 +- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/base64encode.py | 2 +- tamper/between.py | 2 +- tamper/binary.py | 2 +- tamper/bluecoat.py | 2 +- tamper/chardoubleencode.py | 2 +- tamper/charencode.py | 2 +- tamper/charunicodeencode.py | 2 +- tamper/charunicodeescape.py | 2 +- tamper/commalesslimit.py | 2 +- tamper/commalessmid.py | 2 +- tamper/commentbeforeparentheses.py | 2 +- tamper/concat2concatws.py | 2 +- tamper/dunion.py | 2 +- tamper/equaltolike.py | 2 +- tamper/equaltorlike.py | 2 +- tamper/escapequotes.py | 2 +- tamper/greatest.py | 2 +- tamper/halfversionedmorekeywords.py | 2 +- tamper/hex2char.py | 2 +- tamper/htmlencode.py | 2 +- tamper/ifnull2casewhenisnull.py | 2 +- tamper/ifnull2ifisnull.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/least.py | 2 +- tamper/lowercase.py | 2 +- tamper/luanginx.py | 2 +- tamper/misunion.py | 2 +- tamper/modsecurityversioned.py | 2 +- tamper/modsecurityzeroversioned.py | 2 +- tamper/multiplespaces.py | 2 +- tamper/overlongutf8.py | 2 +- tamper/overlongutf8more.py | 2 +- tamper/percentage.py | 2 +- tamper/plus2concat.py | 2 +- tamper/plus2fnconcat.py | 2 +- tamper/randomcase.py | 2 +- tamper/randomcomments.py | 2 +- tamper/schemasplit.py | 2 +- tamper/sleep2getlock.py | 2 +- tamper/sp_password.py | 2 +- tamper/space2comment.py | 2 +- tamper/space2dash.py | 2 +- tamper/space2hash.py | 2 +- tamper/space2morecomment.py | 2 +- tamper/space2morehash.py | 2 +- tamper/space2mssqlblank.py | 2 +- tamper/space2mssqlhash.py | 2 +- tamper/space2mysqlblank.py | 2 +- tamper/space2mysqldash.py | 2 +- tamper/space2plus.py | 2 +- tamper/space2randomblank.py | 2 +- tamper/substring2leftright.py | 2 +- tamper/symboliclogical.py | 2 +- tamper/unionalltounion.py | 2 +- tamper/unmagicquotes.py | 2 +- tamper/uppercase.py | 2 +- tamper/varnish.py | 2 +- tamper/versionedkeywords.py | 2 +- tamper/versionedmorekeywords.py | 2 +- tamper/xforwardedfor.py | 2 +- thirdparty/socks/socks.py | 2 +- 419 files changed, 426 insertions(+), 426 deletions(-) diff --git a/README.md b/README.md index c42e4e30d..ed2cd3be5 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ To get an overview of sqlmap capabilities, a list of supported features, and a d Links ---- -* Homepage: http://sqlmap.org +* Homepage: https://sqlmap.org * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues diff --git a/data/txt/common-columns.txt b/data/txt/common-columns.txt index 6a620d60e..a3a52ce06 100644 --- a/data/txt/common-columns.txt +++ b/data/txt/common-columns.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission id diff --git a/data/txt/common-files.txt b/data/txt/common-files.txt index 9bcd879f7..859b81806 100644 --- a/data/txt/common-files.txt +++ b/data/txt/common-files.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Reference: https://gist.github.com/sckalath/78ad449346171d29241a diff --git a/data/txt/common-outputs.txt b/data/txt/common-outputs.txt index c85f9350d..560cd2a0d 100644 --- a/data/txt/common-outputs.txt +++ b/data/txt/common-outputs.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission [Banners] diff --git a/data/txt/common-tables.txt b/data/txt/common-tables.txt index cee6b766f..d09923d87 100644 --- a/data/txt/common-tables.txt +++ b/data/txt/common-tables.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission users diff --git a/data/txt/keywords.txt b/data/txt/keywords.txt index bf7ed4364..d9e2f543a 100644 --- a/data/txt/keywords.txt +++ b/data/txt/keywords.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml) diff --git a/data/txt/user-agents.txt b/data/txt/user-agents.txt index 8c6f24a4c..c90cd0b0e 100644 --- a/data/txt/user-agents.txt +++ b/data/txt/user-agents.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Opera diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index baafaeed0..a44672e01 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -171,7 +171,7 @@ * Major code cleanup. * Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware. * Updated user's manual. -* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from http://sqlmap.org/demo.html. +* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from https://sqlmap.org/demo.html. # Version 0.8 release candidate (2009-09-21) @@ -343,7 +343,7 @@ * Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS; * Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`); * Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`); -* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation ; +* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation ; * Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS; * Improved logging functionality: passed from banal 'print' to Python native logging library; * Added support for more than one parameter in `-p` command line option; diff --git a/doc/translations/README-bg-BG.md b/doc/translations/README-bg-BG.md index 81751dede..18a3a67ba 100644 --- a/doc/translations/README-bg-BG.md +++ b/doc/translations/README-bg-BG.md @@ -39,7 +39,7 @@ sqlmap работи самостоятелно с [Python](http://www.python.org Връзки ---- -* Начална страница: http://sqlmap.org +* Начална страница: https://sqlmap.org * Изтегляне: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS емисия: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-de-GER.md b/doc/translations/README-de-GER.md index d0fe52896..9067cf6e8 100644 --- a/doc/translations/README-de-GER.md +++ b/doc/translations/README-de-GER.md @@ -38,7 +38,7 @@ Ein Probelauf ist [hier](https://asciinema.org/a/46601) zu finden. Um einen Übe Links --- -* Webseite: http://sqlmap.org +* Webseite: https://sqlmap.org * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Problemverfolgung: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-es-MX.md b/doc/translations/README-es-MX.md index 403d10f46..4cc33684f 100644 --- a/doc/translations/README-es-MX.md +++ b/doc/translations/README-es-MX.md @@ -38,7 +38,7 @@ Para obtener una visión general de las capacidades de sqlmap, así como un list Enlaces --- -* Página principal: http://sqlmap.org +* Página principal: https://sqlmap.org * Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Fuente de Cambios "Commit RSS feed": https://github.com/sqlmapproject/sqlmap/commits/master.atom * Seguimiento de problemas "Issue tracker": https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-fa-IR.md b/doc/translations/README-fa-IR.md index df787f72d..207e46bcd 100644 --- a/doc/translations/README-fa-IR.md +++ b/doc/translations/README-fa-IR.md @@ -73,7 +73,7 @@ ---- -* خانه: http://sqlmap.org +* خانه: https://sqlmap.org * دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom * پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-fr-FR.md b/doc/translations/README-fr-FR.md index 8c87faf54..293262c1c 100644 --- a/doc/translations/README-fr-FR.md +++ b/doc/translations/README-fr-FR.md @@ -38,7 +38,7 @@ Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnali Liens ---- -* Page d'acceuil: http://sqlmap.org +* Page d'acceuil: https://sqlmap.org * Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Suivi des issues: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-gr-GR.md b/doc/translations/README-gr-GR.md index f06e01c9c..ccdc4fc44 100644 --- a/doc/translations/README-gr-GR.md +++ b/doc/translations/README-gr-GR.md @@ -39,7 +39,7 @@ Σύνδεσμοι ---- -* Αρχική σελίδα: http://sqlmap.org +* Αρχική σελίδα: https://sqlmap.org * Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-hr-HR.md b/doc/translations/README-hr-HR.md index 5c6a2da4b..d8815b163 100644 --- a/doc/translations/README-hr-HR.md +++ b/doc/translations/README-hr-HR.md @@ -39,7 +39,7 @@ Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te op Poveznice ---- -* Početna stranica: http://sqlmap.org +* Početna stranica: https://sqlmap.org * Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-id-ID.md b/doc/translations/README-id-ID.md index d3a0c5a84..dd52a8476 100644 --- a/doc/translations/README-id-ID.md +++ b/doc/translations/README-id-ID.md @@ -39,7 +39,7 @@ Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, Tautan ---- -* Situs: http://sqlmap.org +* Situs: https://sqlmap.org * Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-it-IT.md b/doc/translations/README-it-IT.md index 17c8b59aa..6e72b1696 100644 --- a/doc/translations/README-it-IT.md +++ b/doc/translations/README-it-IT.md @@ -39,7 +39,7 @@ Per una panoramica delle capacità di sqlmap, una lista delle sue funzionalità Link ---- -* Sito: http://sqlmap.org +* Sito: https://sqlmap.org * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed dei commit: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-ja-JP.md b/doc/translations/README-ja-JP.md index 420697539..2d3fea9b9 100644 --- a/doc/translations/README-ja-JP.md +++ b/doc/translations/README-ja-JP.md @@ -40,7 +40,7 @@ sqlmapの概要、機能の一覧、全てのオプションやスイッチの リンク ---- -* ホームページ: http://sqlmap.org +* ホームページ: https://sqlmap.org * ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom * 課題管理: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-ko-KR.md b/doc/translations/README-ko-KR.md index 7d08900b3..df959c3ca 100644 --- a/doc/translations/README-ko-KR.md +++ b/doc/translations/README-ko-KR.md @@ -39,7 +39,7 @@ sqlmap의 능력, 지원되는 기능과 모든 옵션과 스위치들의 목록 링크 ---- -* 홈페이지: http://sqlmap.org +* 홈페이지: https://sqlmap.org * 다운로드: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS 피드 커밋: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-pl-PL.md b/doc/translations/README-pl-PL.md index 142be1c5a..0cbbfb25e 100644 --- a/doc/translations/README-pl-PL.md +++ b/doc/translations/README-pl-PL.md @@ -39,7 +39,7 @@ Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich dzi Odnośniki ---- -* Strona projektu: http://sqlmap.org +* Strona projektu: https://sqlmap.org * Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-pt-BR.md b/doc/translations/README-pt-BR.md index a2af1e3eb..3a707deb1 100644 --- a/doc/translations/README-pt-BR.md +++ b/doc/translations/README-pt-BR.md @@ -39,7 +39,7 @@ Para ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e Links ---- -* Homepage: http://sqlmap.org +* Homepage: https://sqlmap.org * Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-rs-RS.md b/doc/translations/README-rs-RS.md index 09671beb0..82ab3bd76 100644 --- a/doc/translations/README-rs-RS.md +++ b/doc/translations/README-rs-RS.md @@ -39,7 +39,7 @@ Kako biste dobili pregled mogućnosti sqlmap-a, liste podržanih funkcija, te op Linkovi ---- -* Početna stranica: http://sqlmap.org +* Početna stranica: https://sqlmap.org * Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS feed promena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Prijava problema: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RUS.md index 89a19cfbf..616468865 100644 --- a/doc/translations/README-ru-RUS.md +++ b/doc/translations/README-ru-RUS.md @@ -39,7 +39,7 @@ sqlmap работает из коробки с [Python](http://www.python.org/do Ссылки ---- -* Основной сайт: http://sqlmap.org +* Основной сайт: https://sqlmap.org * Скачивание: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) или [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Канал новостей RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-tr-TR.md b/doc/translations/README-tr-TR.md index 56d698cfe..485a1fcd9 100644 --- a/doc/translations/README-tr-TR.md +++ b/doc/translations/README-tr-TR.md @@ -42,7 +42,7 @@ Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirs Links ---- -* Anasayfa: http://sqlmap.org +* Anasayfa: https://sqlmap.org * İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-uk-UA.md b/doc/translations/README-uk-UA.md index 4036b9d5a..6ad8c684e 100644 --- a/doc/translations/README-uk-UA.md +++ b/doc/translations/README-uk-UA.md @@ -39,7 +39,7 @@ sqlmap «працює з коробки» з [Python](http://www.python.org/down Посилання ---- -* Основний сайт: http://sqlmap.org +* Основний сайт: https://sqlmap.org * Завантаження: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) або [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Канал новин RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-vi-VN.md b/doc/translations/README-vi-VN.md index 42a604400..0dbae9989 100644 --- a/doc/translations/README-vi-VN.md +++ b/doc/translations/README-vi-VN.md @@ -41,7 +41,7 @@ Bạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/466 Liên kết ---- -* Trang chủ: http://sqlmap.org +* Trang chủ: https://sqlmap.org * Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues diff --git a/doc/translations/README-zh-CN.md b/doc/translations/README-zh-CN.md index d9b6419c4..77412af78 100644 --- a/doc/translations/README-zh-CN.md +++ b/doc/translations/README-zh-CN.md @@ -38,7 +38,7 @@ sqlmap 可以运行在 [Python](http://www.python.org/download/) **2.6**, **2.7 链接 ---- -* 项目主页: http://sqlmap.org +* 项目主页: https://sqlmap.org * 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) * RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom * Issue tracker: https://github.com/sqlmapproject/sqlmap/issues diff --git a/extra/__init__.py b/extra/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/extra/__init__.py +++ b/extra/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/extra/beep/__init__.py +++ b/extra/beep/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/beep.py b/extra/beep/beep.py index 7eed25585..c20ae2043 100644 --- a/extra/beep/beep.py +++ b/extra/beep/beep.py @@ -3,7 +3,7 @@ """ beep.py - Make a beep sound -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/extra/cloak/__init__.py +++ b/extra/cloak/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index cad12f095..b76146a51 100644 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -3,7 +3,7 @@ """ cloak.py - Simple file encryption/compression utility -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/extra/dbgtool/__init__.py +++ b/extra/dbgtool/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py index b04f05d20..9ebc30807 100644 --- a/extra/dbgtool/dbgtool.py +++ b/extra/dbgtool/dbgtool.py @@ -3,7 +3,7 @@ """ dbgtool.py - Portable executable to ASCII debug script converter -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/shutils/blanks.sh b/extra/shutils/blanks.sh index e27b3b991..236638bbe 100755 --- a/extra/shutils/blanks.sh +++ b/extra/shutils/blanks.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Removes trailing spaces from blank lines inside project files diff --git a/extra/shutils/drei.sh b/extra/shutils/drei.sh index 76180b61f..cbd907f35 100755 --- a/extra/shutils/drei.sh +++ b/extra/shutils/drei.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Stress test against Python3 diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py index 71fce7edd..afdd130d1 100755 --- a/extra/shutils/duplicates.py +++ b/extra/shutils/duplicates.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Removes duplicate entries in wordlist like files diff --git a/extra/shutils/junk.sh b/extra/shutils/junk.sh index ff339b588..a36e0225b 100755 --- a/extra/shutils/junk.sh +++ b/extra/shutils/junk.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null diff --git a/extra/shutils/modernize.sh b/extra/shutils/modernize.sh index e63194241..e23311cec 100755 --- a/extra/shutils/modernize.sh +++ b/extra/shutils/modernize.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # sudo pip install modernize diff --git a/extra/shutils/pycodestyle.sh b/extra/shutils/pycodestyle.sh index a643ef082..0fc4aa146 100755 --- a/extra/shutils/pycodestyle.sh +++ b/extra/shutils/pycodestyle.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle) diff --git a/extra/shutils/pydiatra.sh b/extra/shutils/pydiatra.sh index b67f0dc53..ba5db67ae 100755 --- a/extra/shutils/pydiatra.sh +++ b/extra/shutils/pydiatra.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Runs py3diatra on all python files (prerequisite: pip install pydiatra) diff --git a/extra/shutils/pyflakes.sh b/extra/shutils/pyflakes.sh index dfbac1bb5..26651118d 100755 --- a/extra/shutils/pyflakes.sh +++ b/extra/shutils/pyflakes.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes) diff --git a/extra/shutils/pylint.sh b/extra/shutils/pylint.sh index dca46a2c7..114e2f952 100755 --- a/extra/shutils/pylint.sh +++ b/extra/shutils/pylint.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \; diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index 99e0ff0b3..254d99414 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ @@ -30,7 +30,7 @@ setup( long_description_content_type='text/x-rst', author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar', author_email='bernardo@sqlmap.org, miroslav@sqlmap.org', - url='http://sqlmap.org', + url='https://sqlmap.org', project_urls={ 'Documentation': 'https://github.com/sqlmapproject/sqlmap/wiki', 'Source': 'https://github.com/sqlmapproject/sqlmap/', @@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ @@ -149,7 +149,7 @@ manual `__. Links ----- -- Homepage: http://sqlmap.org +- Homepage: https://sqlmap.org - Download: `.tar.gz `__ or `.zip `__ diff --git a/extra/vulnserver/__init__.py b/extra/vulnserver/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/extra/vulnserver/__init__.py +++ b/extra/vulnserver/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index 520652435..e2b51526c 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -3,7 +3,7 @@ """ vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes) -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ @@ -49,7 +49,7 @@ SCHEMA = """ INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81'); - INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); + INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header'); INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); """ diff --git a/lib/__init__.py b/lib/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/__init__.py +++ b/lib/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/controller/__init__.py +++ b/lib/controller/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/action.py b/lib/controller/action.py index 6510b35d0..c8e6e1eaa 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 820e780a3..95a931825 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 224ee3cdb..e17470839 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 79364c103..09a7b9533 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/__init__.py b/lib/core/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/core/__init__.py +++ b/lib/core/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/agent.py b/lib/core/agent.py index d3a739db5..2e4321e43 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index a5711105a..52fc2227f 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/common.py b/lib/core/common.py index 41517b4a4..ec82ad733 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/compat.py b/lib/core/compat.py index 6c3f4b7bd..3e8c168fe 100644 --- a/lib/core/compat.py +++ b/lib/core/compat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/convert.py b/lib/core/convert.py index 520c306a4..4495f56a8 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/data.py b/lib/core/data.py index 416540443..f086df4de 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/datatype.py b/lib/core/datatype.py index 412d54543..fab1fd133 100644 --- a/lib/core/datatype.py +++ b/lib/core/datatype.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 33644e1de..7ec5dbb6d 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/defaults.py b/lib/core/defaults.py index 94713e0e6..c1f4cd75b 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 811ef8d8b..01a46ae0f 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/dump.py b/lib/core/dump.py index 9bf1b8782..6e02df5b8 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/enums.py b/lib/core/enums.py index 34b1c2b5c..148c29647 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/exception.py b/lib/core/exception.py index 184ed9949..9111888b0 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/gui.py b/lib/core/gui.py index 6489bd8c0..0ee3219fa 100644 --- a/lib/core/gui.py +++ b/lib/core/gui.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/log.py b/lib/core/log.py index c5c3d14c1..fcd7e6f86 100644 --- a/lib/core/log.py +++ b/lib/core/log.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/option.py b/lib/core/option.py index ff72f6a3b..3b6a1ceab 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index c5806a9c3..c22b9d11e 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/patch.py b/lib/core/patch.py index e6865bb4d..c2847d1aa 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/profiling.py b/lib/core/profiling.py index 84a8558e1..4f96fb3ad 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index 243532348..7871b9caa 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/replication.py b/lib/core/replication.py index 1e43d31e0..11889478a 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/revision.py b/lib/core/revision.py index 81083f8be..9e3cd5455 100644 --- a/lib/core/revision.py +++ b/lib/core/revision.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/session.py b/lib/core/session.py index 59291cc16..00104ebea 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/settings.py b/lib/core/settings.py index cbb5c8595..9e5f62c3b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ @@ -20,12 +20,12 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.0" +VERSION = "1.5.9.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) DESCRIPTION = "automatic SQL injection and database takeover tool" -SITE = "http://sqlmap.org" +SITE = "https://sqlmap.org" DEFAULT_USER_AGENT = "%s (%s)" % (VERSION_STRING, SITE) DEV_EMAIL_ADDRESS = "dev@sqlmap.org" ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" diff --git a/lib/core/shell.py b/lib/core/shell.py index 2806b38ef..543d67389 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index d25fbbd4b..2a8f46b23 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/target.py b/lib/core/target.py index 69f1fa9f9..a160815a7 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/testing.py b/lib/core/testing.py index abec58e97..2c05ec11e 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/threads.py b/lib/core/threads.py index 58c0e5de0..e8e4f5cdc 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 5aaf94d13..31c68490e 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/update.py b/lib/core/update.py index d9b597215..b753176a9 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index e6ecae1e1..06a00066b 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/__init__.py b/lib/parse/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/parse/__init__.py +++ b/lib/parse/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 6c5b8fe50..4a3924f24 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 020753de4..5dacb84b5 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index a51bc90b5..a353ce8e0 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/handler.py b/lib/parse/handler.py index 82fbbbcdb..b20c55876 100644 --- a/lib/parse/handler.py +++ b/lib/parse/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 24999539e..4b19a3b11 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/html.py b/lib/parse/html.py index 4de608313..6a949e084 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 27251ba97..ee6a06ca0 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py index 752d9899a..2723853c6 100644 --- a/lib/parse/sitemap.py +++ b/lib/parse/sitemap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/__init__.py b/lib/request/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/request/__init__.py +++ b/lib/request/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/basic.py b/lib/request/basic.py index 2ded16330..baf467115 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py index ede8f31e1..4aeb44aba 100644 --- a/lib/request/basicauthhandler.py +++ b/lib/request/basicauthhandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/chunkedhandler.py b/lib/request/chunkedhandler.py index 131c81dd4..487775ef9 100644 --- a/lib/request/chunkedhandler.py +++ b/lib/request/chunkedhandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 1733325c1..50c50a7af 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/connect.py b/lib/request/connect.py index 41b159d43..db895f10c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/direct.py b/lib/request/direct.py index d1cdfa560..9ed20e16b 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/dns.py b/lib/request/dns.py index 9b54ecd5f..cf03ac0cd 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index a1ce15ef1..dcd429afc 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/inject.py b/lib/request/inject.py index 9be980da3..804ce799f 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/methodrequest.py b/lib/request/methodrequest.py index e596f9528..929c3d69d 100644 --- a/lib/request/methodrequest.py +++ b/lib/request/methodrequest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py index 5dafca3f0..8e073fd26 100644 --- a/lib/request/pkihandler.py +++ b/lib/request/pkihandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py index 85aeb7afb..df81ca098 100644 --- a/lib/request/rangehandler.py +++ b/lib/request/rangehandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 62a3ed917..a93cdcc94 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/templates.py b/lib/request/templates.py index fb2ff0120..367e6f9d2 100644 --- a/lib/request/templates.py +++ b/lib/request/templates.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/__init__.py b/lib/takeover/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/takeover/__init__.py +++ b/lib/takeover/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 78bd42a05..ead783f63 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py index cf67316eb..c80fe41fa 100644 --- a/lib/takeover/icmpsh.py +++ b/lib/takeover/icmpsh.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 87dc156c1..ebcf38cfa 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index 461006786..07bb7be97 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 6847f690c..37cee7fd2 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 674c6026d..1020836c8 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index c0bc064fd..6e626e970 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/__init__.py b/lib/techniques/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/techniques/__init__.py +++ b/lib/techniques/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/blind/__init__.py b/lib/techniques/blind/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/techniques/blind/__init__.py +++ b/lib/techniques/blind/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index f24af8702..71a2235b5 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/__init__.py b/lib/techniques/dns/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/techniques/dns/__init__.py +++ b/lib/techniques/dns/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index df49ae629..86b4e757e 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index a37a90bb1..d71bbc7f7 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/error/__init__.py b/lib/techniques/error/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/techniques/error/__init__.py +++ b/lib/techniques/error/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 6009e0046..8adc74d6f 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/__init__.py b/lib/techniques/union/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/techniques/union/__init__.py +++ b/lib/techniques/union/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 3ea0abba5..235782b55 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index decc7c318..68f8b87e4 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/__init__.py b/lib/utils/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/lib/utils/__init__.py +++ b/lib/utils/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/api.py b/lib/utils/api.py index a2b47cd25..c16aa72be 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/brute.py b/lib/utils/brute.py index 1d8a3e290..548494d62 100644 --- a/lib/utils/brute.py +++ b/lib/utils/brute.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 0b1f790ab..4aa30af5a 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/deps.py b/lib/utils/deps.py index da2d19317..dd0825cfa 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/getch.py b/lib/utils/getch.py index f5da1509b..e8c4c40e4 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/har.py b/lib/utils/har.py index 1ccd5a1de..cb57a2630 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 6a431ffdc..f7604d1c9 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index a5f85fa09..5fa0b26b5 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/httpd.py b/lib/utils/httpd.py index ae9a87528..1294676d0 100644 --- a/lib/utils/httpd.py +++ b/lib/utils/httpd.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 1d33797fd..d297932d8 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/progress.py b/lib/utils/progress.py index cc6e1edee..929a29a1d 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/purge.py b/lib/utils/purge.py index cc1174f4e..60bdab1bd 100644 --- a/lib/utils/purge.py +++ b/lib/utils/purge.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/safe2bin.py b/lib/utils/safe2bin.py index 3288a0d20..3b35f2406 100644 --- a/lib/utils/safe2bin.py +++ b/lib/utils/safe2bin.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/search.py b/lib/utils/search.py index 290fe379c..c7ee86cf1 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 3a1266d09..9c6a4532f 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/timeout.py b/lib/utils/timeout.py index d75a4f74b..b129c4f9d 100644 --- a/lib/utils/timeout.py +++ b/lib/utils/timeout.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index eccd85670..47f5b44e9 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py index 679c0f955..7397033c3 100644 --- a/lib/utils/xrange.py +++ b/lib/utils/xrange.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/__init__.py b/plugins/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/plugins/__init__.py +++ b/plugins/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/__init__.py b/plugins/dbms/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/plugins/dbms/__init__.py +++ b/plugins/dbms/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/__init__.py b/plugins/dbms/access/__init__.py index 772161783..ebf8252a3 100644 --- a/plugins/dbms/access/__init__.py +++ b/plugins/dbms/access/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 52940b003..f95286ce9 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/enumeration.py b/plugins/dbms/access/enumeration.py index 0d812e560..8b9f7d85e 100644 --- a/plugins/dbms/access/enumeration.py +++ b/plugins/dbms/access/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/filesystem.py b/plugins/dbms/access/filesystem.py index 0841fa1ea..748d33eae 100644 --- a/plugins/dbms/access/filesystem.py +++ b/plugins/dbms/access/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 33999dcd9..48ad097c2 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/syntax.py b/plugins/dbms/access/syntax.py index 3f6fa30ba..b8b37eac0 100644 --- a/plugins/dbms/access/syntax.py +++ b/plugins/dbms/access/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/takeover.py b/plugins/dbms/access/takeover.py index 7d023411c..0acdaf1cc 100644 --- a/plugins/dbms/access/takeover.py +++ b/plugins/dbms/access/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/__init__.py b/plugins/dbms/altibase/__init__.py index 7db8a7c1e..1f1030d2b 100644 --- a/plugins/dbms/altibase/__init__.py +++ b/plugins/dbms/altibase/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/connector.py b/plugins/dbms/altibase/connector.py index 9f7fe6889..89bc77bd4 100644 --- a/plugins/dbms/altibase/connector.py +++ b/plugins/dbms/altibase/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/enumeration.py b/plugins/dbms/altibase/enumeration.py index 0197b91f0..d2f7433b7 100644 --- a/plugins/dbms/altibase/enumeration.py +++ b/plugins/dbms/altibase/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/filesystem.py b/plugins/dbms/altibase/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/altibase/filesystem.py +++ b/plugins/dbms/altibase/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/fingerprint.py b/plugins/dbms/altibase/fingerprint.py index 1b7db3c19..8d5778efd 100644 --- a/plugins/dbms/altibase/fingerprint.py +++ b/plugins/dbms/altibase/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/syntax.py b/plugins/dbms/altibase/syntax.py index f59b9cb9c..021bf7a21 100644 --- a/plugins/dbms/altibase/syntax.py +++ b/plugins/dbms/altibase/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/altibase/takeover.py b/plugins/dbms/altibase/takeover.py index 68f05bd53..134831e45 100644 --- a/plugins/dbms/altibase/takeover.py +++ b/plugins/dbms/altibase/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/__init__.py b/plugins/dbms/cache/__init__.py index 5a8099d0d..95eadcaa5 100644 --- a/plugins/dbms/cache/__init__.py +++ b/plugins/dbms/cache/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/connector.py b/plugins/dbms/cache/connector.py index e88537d13..468bbe77e 100644 --- a/plugins/dbms/cache/connector.py +++ b/plugins/dbms/cache/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/enumeration.py b/plugins/dbms/cache/enumeration.py index daa80ebe3..20bdb1d40 100644 --- a/plugins/dbms/cache/enumeration.py +++ b/plugins/dbms/cache/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/filesystem.py b/plugins/dbms/cache/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/cache/filesystem.py +++ b/plugins/dbms/cache/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/fingerprint.py b/plugins/dbms/cache/fingerprint.py index b67a66856..67c52a95a 100644 --- a/plugins/dbms/cache/fingerprint.py +++ b/plugins/dbms/cache/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/syntax.py b/plugins/dbms/cache/syntax.py index 576bef8c4..c5e0c2066 100644 --- a/plugins/dbms/cache/syntax.py +++ b/plugins/dbms/cache/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cache/takeover.py b/plugins/dbms/cache/takeover.py index 1dc45ef01..e6da58fff 100644 --- a/plugins/dbms/cache/takeover.py +++ b/plugins/dbms/cache/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/__init__.py b/plugins/dbms/cratedb/__init__.py index 349f7fa2e..5593182e6 100644 --- a/plugins/dbms/cratedb/__init__.py +++ b/plugins/dbms/cratedb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/connector.py b/plugins/dbms/cratedb/connector.py index 17ae00b27..eb7cadeb8 100644 --- a/plugins/dbms/cratedb/connector.py +++ b/plugins/dbms/cratedb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/enumeration.py b/plugins/dbms/cratedb/enumeration.py index 3a1a80b25..e03a09da5 100644 --- a/plugins/dbms/cratedb/enumeration.py +++ b/plugins/dbms/cratedb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/filesystem.py b/plugins/dbms/cratedb/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/cratedb/filesystem.py +++ b/plugins/dbms/cratedb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/fingerprint.py b/plugins/dbms/cratedb/fingerprint.py index 86a21d06e..2be44f646 100644 --- a/plugins/dbms/cratedb/fingerprint.py +++ b/plugins/dbms/cratedb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/syntax.py b/plugins/dbms/cratedb/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/cratedb/syntax.py +++ b/plugins/dbms/cratedb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cratedb/takeover.py b/plugins/dbms/cratedb/takeover.py index 6ee845590..11565a613 100644 --- a/plugins/dbms/cratedb/takeover.py +++ b/plugins/dbms/cratedb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/__init__.py b/plugins/dbms/cubrid/__init__.py index 03f6a012e..00bbe474b 100644 --- a/plugins/dbms/cubrid/__init__.py +++ b/plugins/dbms/cubrid/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/connector.py b/plugins/dbms/cubrid/connector.py index e0e40bcf4..3e589185c 100644 --- a/plugins/dbms/cubrid/connector.py +++ b/plugins/dbms/cubrid/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/enumeration.py b/plugins/dbms/cubrid/enumeration.py index 115c44a85..c2a8eac68 100644 --- a/plugins/dbms/cubrid/enumeration.py +++ b/plugins/dbms/cubrid/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/filesystem.py b/plugins/dbms/cubrid/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/cubrid/filesystem.py +++ b/plugins/dbms/cubrid/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/fingerprint.py b/plugins/dbms/cubrid/fingerprint.py index 3e462d758..8501c6ecd 100644 --- a/plugins/dbms/cubrid/fingerprint.py +++ b/plugins/dbms/cubrid/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/syntax.py b/plugins/dbms/cubrid/syntax.py index 5a031db64..f6da33619 100644 --- a/plugins/dbms/cubrid/syntax.py +++ b/plugins/dbms/cubrid/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/cubrid/takeover.py b/plugins/dbms/cubrid/takeover.py index de5c23c64..949356088 100644 --- a/plugins/dbms/cubrid/takeover.py +++ b/plugins/dbms/cubrid/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py index aaeafeb5c..975447ba7 100644 --- a/plugins/dbms/db2/__init__.py +++ b/plugins/dbms/db2/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index ba77b546a..0a6cabe74 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py index d65d8446a..8467e722f 100644 --- a/plugins/dbms/db2/enumeration.py +++ b/plugins/dbms/db2/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/filesystem.py b/plugins/dbms/db2/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/db2/filesystem.py +++ b/plugins/dbms/db2/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index 209ad08bf..f98b19305 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py index f59b9cb9c..021bf7a21 100644 --- a/plugins/dbms/db2/syntax.py +++ b/plugins/dbms/db2/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/takeover.py b/plugins/dbms/db2/takeover.py index a888d5a90..68a9c3ca9 100644 --- a/plugins/dbms/db2/takeover.py +++ b/plugins/dbms/db2/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/__init__.py b/plugins/dbms/derby/__init__.py index 0b48a12b2..3f7bdc488 100644 --- a/plugins/dbms/derby/__init__.py +++ b/plugins/dbms/derby/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/connector.py b/plugins/dbms/derby/connector.py index f6a11877e..df32df8ca 100644 --- a/plugins/dbms/derby/connector.py +++ b/plugins/dbms/derby/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/enumeration.py b/plugins/dbms/derby/enumeration.py index 0f253f41b..e75d8ec62 100644 --- a/plugins/dbms/derby/enumeration.py +++ b/plugins/dbms/derby/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/filesystem.py b/plugins/dbms/derby/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/derby/filesystem.py +++ b/plugins/dbms/derby/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/fingerprint.py b/plugins/dbms/derby/fingerprint.py index 88dbb6768..c2a194c4e 100644 --- a/plugins/dbms/derby/fingerprint.py +++ b/plugins/dbms/derby/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/syntax.py b/plugins/dbms/derby/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/derby/syntax.py +++ b/plugins/dbms/derby/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/derby/takeover.py b/plugins/dbms/derby/takeover.py index 93fd99d27..9ca6c285a 100644 --- a/plugins/dbms/derby/takeover.py +++ b/plugins/dbms/derby/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/__init__.py b/plugins/dbms/extremedb/__init__.py index 03c5f22f8..f9b63ab1d 100644 --- a/plugins/dbms/extremedb/__init__.py +++ b/plugins/dbms/extremedb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/connector.py b/plugins/dbms/extremedb/connector.py index 8d9557284..f39e0fd23 100644 --- a/plugins/dbms/extremedb/connector.py +++ b/plugins/dbms/extremedb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/enumeration.py b/plugins/dbms/extremedb/enumeration.py index 742e29866..fabdbac0b 100644 --- a/plugins/dbms/extremedb/enumeration.py +++ b/plugins/dbms/extremedb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/filesystem.py b/plugins/dbms/extremedb/filesystem.py index 0bb0e972b..4d79e6833 100644 --- a/plugins/dbms/extremedb/filesystem.py +++ b/plugins/dbms/extremedb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/fingerprint.py b/plugins/dbms/extremedb/fingerprint.py index d7381c71f..4650c0a32 100644 --- a/plugins/dbms/extremedb/fingerprint.py +++ b/plugins/dbms/extremedb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/syntax.py b/plugins/dbms/extremedb/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/extremedb/syntax.py +++ b/plugins/dbms/extremedb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/extremedb/takeover.py b/plugins/dbms/extremedb/takeover.py index 88187a8d1..6ee639bc0 100644 --- a/plugins/dbms/extremedb/takeover.py +++ b/plugins/dbms/extremedb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/__init__.py b/plugins/dbms/firebird/__init__.py index 350da6712..40e7263e5 100644 --- a/plugins/dbms/firebird/__init__.py +++ b/plugins/dbms/firebird/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py index d88901933..7b9414c44 100644 --- a/plugins/dbms/firebird/connector.py +++ b/plugins/dbms/firebird/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/enumeration.py b/plugins/dbms/firebird/enumeration.py index fcba44c6b..ed0cb856a 100644 --- a/plugins/dbms/firebird/enumeration.py +++ b/plugins/dbms/firebird/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/filesystem.py b/plugins/dbms/firebird/filesystem.py index f87150008..d361f80a1 100644 --- a/plugins/dbms/firebird/filesystem.py +++ b/plugins/dbms/firebird/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index 3a6ea93c0..425f10d75 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py index 31044624e..5fe1f4847 100644 --- a/plugins/dbms/firebird/syntax.py +++ b/plugins/dbms/firebird/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/takeover.py b/plugins/dbms/firebird/takeover.py index 93b325ccb..2d1af194f 100644 --- a/plugins/dbms/firebird/takeover.py +++ b/plugins/dbms/firebird/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/__init__.py b/plugins/dbms/frontbase/__init__.py index 7ae233340..590f09ef0 100644 --- a/plugins/dbms/frontbase/__init__.py +++ b/plugins/dbms/frontbase/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/connector.py b/plugins/dbms/frontbase/connector.py index a0e6bebd7..1523d5042 100644 --- a/plugins/dbms/frontbase/connector.py +++ b/plugins/dbms/frontbase/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/enumeration.py b/plugins/dbms/frontbase/enumeration.py index 8a9f8e3b3..09f62a1d6 100644 --- a/plugins/dbms/frontbase/enumeration.py +++ b/plugins/dbms/frontbase/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/filesystem.py b/plugins/dbms/frontbase/filesystem.py index 240237bbd..24930fea4 100644 --- a/plugins/dbms/frontbase/filesystem.py +++ b/plugins/dbms/frontbase/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/fingerprint.py b/plugins/dbms/frontbase/fingerprint.py index de1322db5..b52d65a10 100644 --- a/plugins/dbms/frontbase/fingerprint.py +++ b/plugins/dbms/frontbase/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/syntax.py b/plugins/dbms/frontbase/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/frontbase/syntax.py +++ b/plugins/dbms/frontbase/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/frontbase/takeover.py b/plugins/dbms/frontbase/takeover.py index 026cacd98..b06660816 100644 --- a/plugins/dbms/frontbase/takeover.py +++ b/plugins/dbms/frontbase/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/__init__.py b/plugins/dbms/h2/__init__.py index f795721f5..5afe0a8f7 100644 --- a/plugins/dbms/h2/__init__.py +++ b/plugins/dbms/h2/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py index f073881e6..f9442d1b7 100644 --- a/plugins/dbms/h2/connector.py +++ b/plugins/dbms/h2/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py index 71b672bd1..17d340b80 100644 --- a/plugins/dbms/h2/enumeration.py +++ b/plugins/dbms/h2/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/filesystem.py b/plugins/dbms/h2/filesystem.py index 28a5072c2..a0e55c212 100644 --- a/plugins/dbms/h2/filesystem.py +++ b/plugins/dbms/h2/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py index fcd3e56e7..9f48b0292 100644 --- a/plugins/dbms/h2/fingerprint.py +++ b/plugins/dbms/h2/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/syntax.py b/plugins/dbms/h2/syntax.py index 19853b3e8..a790dd635 100644 --- a/plugins/dbms/h2/syntax.py +++ b/plugins/dbms/h2/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/takeover.py b/plugins/dbms/h2/takeover.py index 6e84df295..71c1be941 100644 --- a/plugins/dbms/h2/takeover.py +++ b/plugins/dbms/h2/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/__init__.py b/plugins/dbms/hsqldb/__init__.py index 9febde242..8d9129f25 100644 --- a/plugins/dbms/hsqldb/__init__.py +++ b/plugins/dbms/hsqldb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index 2ca8acb49..734906704 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/enumeration.py b/plugins/dbms/hsqldb/enumeration.py index dfc4cbe53..303d89e38 100644 --- a/plugins/dbms/hsqldb/enumeration.py +++ b/plugins/dbms/hsqldb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index bb68e3bf9..ab547c2a4 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index 407e6657b..964d59167 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/syntax.py b/plugins/dbms/hsqldb/syntax.py index 19853b3e8..a790dd635 100644 --- a/plugins/dbms/hsqldb/syntax.py +++ b/plugins/dbms/hsqldb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/takeover.py b/plugins/dbms/hsqldb/takeover.py index bffffc075..f08787992 100644 --- a/plugins/dbms/hsqldb/takeover.py +++ b/plugins/dbms/hsqldb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/__init__.py b/plugins/dbms/informix/__init__.py index edceb3fdb..b76f7c97a 100644 --- a/plugins/dbms/informix/__init__.py +++ b/plugins/dbms/informix/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/connector.py b/plugins/dbms/informix/connector.py index 1c1fb4e02..bc0550ad9 100644 --- a/plugins/dbms/informix/connector.py +++ b/plugins/dbms/informix/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/enumeration.py b/plugins/dbms/informix/enumeration.py index 5fa7cf777..862922714 100644 --- a/plugins/dbms/informix/enumeration.py +++ b/plugins/dbms/informix/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/filesystem.py b/plugins/dbms/informix/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/informix/filesystem.py +++ b/plugins/dbms/informix/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/fingerprint.py b/plugins/dbms/informix/fingerprint.py index ee21d5642..11f0d1906 100644 --- a/plugins/dbms/informix/fingerprint.py +++ b/plugins/dbms/informix/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/syntax.py b/plugins/dbms/informix/syntax.py index e41425462..d9963eefa 100644 --- a/plugins/dbms/informix/syntax.py +++ b/plugins/dbms/informix/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/takeover.py b/plugins/dbms/informix/takeover.py index a888d5a90..68a9c3ca9 100644 --- a/plugins/dbms/informix/takeover.py +++ b/plugins/dbms/informix/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/__init__.py b/plugins/dbms/maxdb/__init__.py index 04a0f0fcd..87ddf093d 100644 --- a/plugins/dbms/maxdb/__init__.py +++ b/plugins/dbms/maxdb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 1be1c4981..f2f4d807c 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 6eedc8896..7e4a525a0 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/filesystem.py b/plugins/dbms/maxdb/filesystem.py index a43764c9f..11ebc4b7d 100644 --- a/plugins/dbms/maxdb/filesystem.py +++ b/plugins/dbms/maxdb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index a507cf48b..b50919b38 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/takeover.py b/plugins/dbms/maxdb/takeover.py index 65baa74a3..e8298a689 100644 --- a/plugins/dbms/maxdb/takeover.py +++ b/plugins/dbms/maxdb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/__init__.py b/plugins/dbms/mckoi/__init__.py index 384766ef2..8dac72cc9 100644 --- a/plugins/dbms/mckoi/__init__.py +++ b/plugins/dbms/mckoi/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/connector.py b/plugins/dbms/mckoi/connector.py index cb6c5e92f..cdb645878 100644 --- a/plugins/dbms/mckoi/connector.py +++ b/plugins/dbms/mckoi/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/enumeration.py b/plugins/dbms/mckoi/enumeration.py index b10326fc4..c6e836113 100644 --- a/plugins/dbms/mckoi/enumeration.py +++ b/plugins/dbms/mckoi/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/filesystem.py b/plugins/dbms/mckoi/filesystem.py index aaeb14d06..6494bffd3 100644 --- a/plugins/dbms/mckoi/filesystem.py +++ b/plugins/dbms/mckoi/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/fingerprint.py b/plugins/dbms/mckoi/fingerprint.py index 6a73a24a5..bdd539ade 100644 --- a/plugins/dbms/mckoi/fingerprint.py +++ b/plugins/dbms/mckoi/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/syntax.py b/plugins/dbms/mckoi/syntax.py index ee78f3b52..a8f222458 100644 --- a/plugins/dbms/mckoi/syntax.py +++ b/plugins/dbms/mckoi/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mckoi/takeover.py b/plugins/dbms/mckoi/takeover.py index 74805fe80..d248eb5a4 100644 --- a/plugins/dbms/mckoi/takeover.py +++ b/plugins/dbms/mckoi/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/__init__.py b/plugins/dbms/mimersql/__init__.py index e3b757b75..f7eddb3db 100644 --- a/plugins/dbms/mimersql/__init__.py +++ b/plugins/dbms/mimersql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/connector.py b/plugins/dbms/mimersql/connector.py index 961f9f647..b5adb74f9 100644 --- a/plugins/dbms/mimersql/connector.py +++ b/plugins/dbms/mimersql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/enumeration.py b/plugins/dbms/mimersql/enumeration.py index 390a9dbb4..47b4553eb 100644 --- a/plugins/dbms/mimersql/enumeration.py +++ b/plugins/dbms/mimersql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/filesystem.py b/plugins/dbms/mimersql/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/mimersql/filesystem.py +++ b/plugins/dbms/mimersql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/fingerprint.py b/plugins/dbms/mimersql/fingerprint.py index b014f4f8a..cbd27af8d 100644 --- a/plugins/dbms/mimersql/fingerprint.py +++ b/plugins/dbms/mimersql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/syntax.py b/plugins/dbms/mimersql/syntax.py index 494388855..4247a5a5a 100644 --- a/plugins/dbms/mimersql/syntax.py +++ b/plugins/dbms/mimersql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mimersql/takeover.py b/plugins/dbms/mimersql/takeover.py index 715a18e77..46b11e254 100644 --- a/plugins/dbms/mimersql/takeover.py +++ b/plugins/dbms/mimersql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/__init__.py b/plugins/dbms/monetdb/__init__.py index dad05bbc0..14bc375c6 100644 --- a/plugins/dbms/monetdb/__init__.py +++ b/plugins/dbms/monetdb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/connector.py b/plugins/dbms/monetdb/connector.py index 47cd6389c..1b17740c4 100644 --- a/plugins/dbms/monetdb/connector.py +++ b/plugins/dbms/monetdb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/enumeration.py b/plugins/dbms/monetdb/enumeration.py index 63cff1fb3..e6b91c217 100644 --- a/plugins/dbms/monetdb/enumeration.py +++ b/plugins/dbms/monetdb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/filesystem.py b/plugins/dbms/monetdb/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/monetdb/filesystem.py +++ b/plugins/dbms/monetdb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/fingerprint.py b/plugins/dbms/monetdb/fingerprint.py index 4c1d7ad51..98f32ee9c 100644 --- a/plugins/dbms/monetdb/fingerprint.py +++ b/plugins/dbms/monetdb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/syntax.py b/plugins/dbms/monetdb/syntax.py index 6ac40d417..0388125ff 100644 --- a/plugins/dbms/monetdb/syntax.py +++ b/plugins/dbms/monetdb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/monetdb/takeover.py b/plugins/dbms/monetdb/takeover.py index 9afbcab09..da4eddbc2 100644 --- a/plugins/dbms/monetdb/takeover.py +++ b/plugins/dbms/monetdb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py index 56b7b1d33..0c359bbee 100644 --- a/plugins/dbms/mssqlserver/__init__.py +++ b/plugins/dbms/mssqlserver/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index 730e7220a..1f9b3a768 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index ae6b113e9..448dbb412 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index e3e466b0e..6d0623252 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 0ddc1fe0f..0679d6442 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py index 17f6dca9f..2c550e8f4 100644 --- a/plugins/dbms/mssqlserver/syntax.py +++ b/plugins/dbms/mssqlserver/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index 7b1ea5bd1..c812761db 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index a46c76ed0..e12d9b0e7 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index 90e618fa7..c0abd7bad 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/enumeration.py b/plugins/dbms/mysql/enumeration.py index e3b76fb20..804ea81fb 100644 --- a/plugins/dbms/mysql/enumeration.py +++ b/plugins/dbms/mysql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index ec1f2be60..e7ed79d9c 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index fc3c223f5..bd5ad8cca 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py index 52d1b2a80..53d1d3dce 100644 --- a/plugins/dbms/mysql/syntax.py +++ b/plugins/dbms/mysql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 23c391302..1444436dc 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/__init__.py b/plugins/dbms/oracle/__init__.py index 5828d1fc9..06f9e80d5 100644 --- a/plugins/dbms/oracle/__init__.py +++ b/plugins/dbms/oracle/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index 106322633..44fc459c5 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index b3420ba80..0d083bfef 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 2b3bcd46d..cb4733ae3 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index cf9bd3a10..b67a9b65b 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py index 08851c5b3..6665e264e 100644 --- a/plugins/dbms/oracle/syntax.py +++ b/plugins/dbms/oracle/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/takeover.py b/plugins/dbms/oracle/takeover.py index 7219e7500..3128156a5 100644 --- a/plugins/dbms/oracle/takeover.py +++ b/plugins/dbms/oracle/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index 42d481e60..b34540055 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py index 17ae00b27..eb7cadeb8 100644 --- a/plugins/dbms/postgresql/connector.py +++ b/plugins/dbms/postgresql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/enumeration.py b/plugins/dbms/postgresql/enumeration.py index 4a5c7521f..2cafb2b2b 100644 --- a/plugins/dbms/postgresql/enumeration.py +++ b/plugins/dbms/postgresql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index 8106405ec..ddd0ea0f8 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index f7fa57c65..79ae135a6 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py index 82fbb2ec9..b1f2d5d15 100644 --- a/plugins/dbms/postgresql/syntax.py +++ b/plugins/dbms/postgresql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 49cc787c1..187a0686f 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/__init__.py b/plugins/dbms/presto/__init__.py index 79328a341..8043421ce 100644 --- a/plugins/dbms/presto/__init__.py +++ b/plugins/dbms/presto/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/connector.py b/plugins/dbms/presto/connector.py index 88f875e3c..f4dd8d60a 100644 --- a/plugins/dbms/presto/connector.py +++ b/plugins/dbms/presto/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/enumeration.py b/plugins/dbms/presto/enumeration.py index f9a8c7d7f..05260f8d1 100644 --- a/plugins/dbms/presto/enumeration.py +++ b/plugins/dbms/presto/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/filesystem.py b/plugins/dbms/presto/filesystem.py index 5990632b1..deedef47e 100644 --- a/plugins/dbms/presto/filesystem.py +++ b/plugins/dbms/presto/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/fingerprint.py b/plugins/dbms/presto/fingerprint.py index 416a4ef01..1996e557f 100644 --- a/plugins/dbms/presto/fingerprint.py +++ b/plugins/dbms/presto/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/syntax.py b/plugins/dbms/presto/syntax.py index f59b9cb9c..021bf7a21 100644 --- a/plugins/dbms/presto/syntax.py +++ b/plugins/dbms/presto/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/presto/takeover.py b/plugins/dbms/presto/takeover.py index 02ee04885..c94fc81d6 100644 --- a/plugins/dbms/presto/takeover.py +++ b/plugins/dbms/presto/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/__init__.py b/plugins/dbms/raima/__init__.py index 565c30629..5a071424e 100644 --- a/plugins/dbms/raima/__init__.py +++ b/plugins/dbms/raima/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/connector.py b/plugins/dbms/raima/connector.py index 3274991f6..ee69500f9 100644 --- a/plugins/dbms/raima/connector.py +++ b/plugins/dbms/raima/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/enumeration.py b/plugins/dbms/raima/enumeration.py index 34d4fa368..d29b62654 100644 --- a/plugins/dbms/raima/enumeration.py +++ b/plugins/dbms/raima/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/filesystem.py b/plugins/dbms/raima/filesystem.py index da17a0d1e..b91958020 100644 --- a/plugins/dbms/raima/filesystem.py +++ b/plugins/dbms/raima/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/fingerprint.py b/plugins/dbms/raima/fingerprint.py index 12b17937c..01c3b7e02 100644 --- a/plugins/dbms/raima/fingerprint.py +++ b/plugins/dbms/raima/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/syntax.py b/plugins/dbms/raima/syntax.py index 19853b3e8..a790dd635 100644 --- a/plugins/dbms/raima/syntax.py +++ b/plugins/dbms/raima/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/raima/takeover.py b/plugins/dbms/raima/takeover.py index 1ab013347..3d3a3583c 100644 --- a/plugins/dbms/raima/takeover.py +++ b/plugins/dbms/raima/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/__init__.py b/plugins/dbms/sqlite/__init__.py index d67e1e6e1..91f3f7282 100644 --- a/plugins/dbms/sqlite/__init__.py +++ b/plugins/dbms/sqlite/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index 2b76342d6..b841404a8 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py index 03b37c548..9b18dc18f 100644 --- a/plugins/dbms/sqlite/enumeration.py +++ b/plugins/dbms/sqlite/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/filesystem.py b/plugins/dbms/sqlite/filesystem.py index 52430caf0..e58ed30c2 100644 --- a/plugins/dbms/sqlite/filesystem.py +++ b/plugins/dbms/sqlite/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 6baaaa3d0..6a31e0a6e 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py index 85b5fa593..f19b531f5 100644 --- a/plugins/dbms/sqlite/syntax.py +++ b/plugins/dbms/sqlite/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/takeover.py b/plugins/dbms/sqlite/takeover.py index cbca22037..2b69ee508 100644 --- a/plugins/dbms/sqlite/takeover.py +++ b/plugins/dbms/sqlite/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py index a4ed40033..6bb6d4e07 100644 --- a/plugins/dbms/sybase/__init__.py +++ b/plugins/dbms/sybase/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py index d52f3f66a..87761b03c 100644 --- a/plugins/dbms/sybase/connector.py +++ b/plugins/dbms/sybase/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 4c179e07a..60a9ca6a3 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py index 17e3bad2a..570c28382 100644 --- a/plugins/dbms/sybase/filesystem.py +++ b/plugins/dbms/sybase/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index f545762ba..b4cafcd07 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py index da0a77c9d..49cbe9758 100644 --- a/plugins/dbms/sybase/syntax.py +++ b/plugins/dbms/sybase/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py index a851f0230..23bf140c9 100644 --- a/plugins/dbms/sybase/takeover.py +++ b/plugins/dbms/sybase/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/__init__.py b/plugins/dbms/vertica/__init__.py index 4906cb8ce..be2dfd531 100644 --- a/plugins/dbms/vertica/__init__.py +++ b/plugins/dbms/vertica/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/connector.py b/plugins/dbms/vertica/connector.py index f1c81be31..a70b2037c 100644 --- a/plugins/dbms/vertica/connector.py +++ b/plugins/dbms/vertica/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/enumeration.py b/plugins/dbms/vertica/enumeration.py index 9ef809e61..af97494e5 100644 --- a/plugins/dbms/vertica/enumeration.py +++ b/plugins/dbms/vertica/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/filesystem.py b/plugins/dbms/vertica/filesystem.py index ed68f5ab3..1092f4f24 100644 --- a/plugins/dbms/vertica/filesystem.py +++ b/plugins/dbms/vertica/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/fingerprint.py b/plugins/dbms/vertica/fingerprint.py index aaa54deb7..03d42c135 100644 --- a/plugins/dbms/vertica/fingerprint.py +++ b/plugins/dbms/vertica/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/syntax.py b/plugins/dbms/vertica/syntax.py index 7203c6550..cbd8791df 100644 --- a/plugins/dbms/vertica/syntax.py +++ b/plugins/dbms/vertica/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/vertica/takeover.py b/plugins/dbms/vertica/takeover.py index 0d6926bf8..8fe3ee3fc 100644 --- a/plugins/dbms/vertica/takeover.py +++ b/plugins/dbms/vertica/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/__init__.py b/plugins/dbms/virtuoso/__init__.py index 7e7ae0677..96265772f 100644 --- a/plugins/dbms/virtuoso/__init__.py +++ b/plugins/dbms/virtuoso/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/connector.py b/plugins/dbms/virtuoso/connector.py index 4724e7a78..8a3bd64c3 100644 --- a/plugins/dbms/virtuoso/connector.py +++ b/plugins/dbms/virtuoso/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/enumeration.py b/plugins/dbms/virtuoso/enumeration.py index 1bce85ade..2e7f335d7 100644 --- a/plugins/dbms/virtuoso/enumeration.py +++ b/plugins/dbms/virtuoso/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/filesystem.py b/plugins/dbms/virtuoso/filesystem.py index 1e4dd8aa1..611f3fddd 100644 --- a/plugins/dbms/virtuoso/filesystem.py +++ b/plugins/dbms/virtuoso/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/fingerprint.py b/plugins/dbms/virtuoso/fingerprint.py index a88208588..a676a33de 100644 --- a/plugins/dbms/virtuoso/fingerprint.py +++ b/plugins/dbms/virtuoso/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/syntax.py b/plugins/dbms/virtuoso/syntax.py index f59b9cb9c..021bf7a21 100644 --- a/plugins/dbms/virtuoso/syntax.py +++ b/plugins/dbms/virtuoso/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/virtuoso/takeover.py b/plugins/dbms/virtuoso/takeover.py index 1ddcd068a..79eabf302 100644 --- a/plugins/dbms/virtuoso/takeover.py +++ b/plugins/dbms/virtuoso/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/__init__.py b/plugins/generic/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/plugins/generic/__init__.py +++ b/plugins/generic/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index 865bf267e..519a037b5 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 8e2350bb5..1251dfd93 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 7e902fe44..493620af6 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index c80ecbb76..77fb435b4 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 42edfcbc3..13c8460c2 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 0c235a41d..9dbc707f2 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py index 21426358f..718e36acf 100644 --- a/plugins/generic/fingerprint.py +++ b/plugins/generic/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 153f64c9b..15476a111 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/search.py b/plugins/generic/search.py index e4a1dc35e..f6383b563 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 0c16c4939..8b7d4a948 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 194f4b07b..2e1a0dc68 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 9928b2d14..9ddcc8eec 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/sqlmap.py b/sqlmap.py index 833e7f5e1..1e6d4ec37 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/sqlmapapi.py b/sqlmapapi.py index c02fc9882..b3b7e89f2 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/0eunion.py b/tamper/0eunion.py index 80089c803..c170c156f 100644 --- a/tamper/0eunion.py +++ b/tamper/0eunion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/__init__.py b/tamper/__init__.py index f5f6aa0e9..9daf7bb73 100644 --- a/tamper/__init__.py +++ b/tamper/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 1b420a373..ca0f8d5c4 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 22f75d11c..236b6cad9 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index 8413d8e13..d56fe03a2 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/base64encode.py b/tamper/base64encode.py index b8f75117c..511afa0b9 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/between.py b/tamper/between.py index 2a1fd605d..b2f731e1e 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/binary.py b/tamper/binary.py index 35fafaa2e..adb5e88ac 100644 --- a/tamper/binary.py +++ b/tamper/binary.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index d46de1f4f..62e8cfda7 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index b259ae36f..dde407e36 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charencode.py b/tamper/charencode.py index c813bebaa..1897a46d7 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index 5d64b7e60..b6d3bc10c 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 660f2bc89..1a905605c 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index 3b7d424f0..c3dbca9a9 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index 2328bb754..ddd083da0 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index a41fd7262..712cfc4ff 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 0f85acde7..5d67ac3f0 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/dunion.py b/tamper/dunion.py index 28d33638e..7541282b9 100644 --- a/tamper/dunion.py +++ b/tamper/dunion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index 8a22b023b..6ed8fff6c 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/equaltorlike.py b/tamper/equaltorlike.py index df652c5dd..244953539 100644 --- a/tamper/equaltorlike.py +++ b/tamper/equaltorlike.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py index d3c97b3a2..dd57545e8 100644 --- a/tamper/escapequotes.py +++ b/tamper/escapequotes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/greatest.py b/tamper/greatest.py index 238d6654f..e734b24ea 100644 --- a/tamper/greatest.py +++ b/tamper/greatest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index da830aeff..2b881c8bb 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/hex2char.py b/tamper/hex2char.py index d0263e41c..542a6ffc1 100644 --- a/tamper/hex2char.py +++ b/tamper/hex2char.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/htmlencode.py b/tamper/htmlencode.py index 16c77e2c5..7babc5d66 100644 --- a/tamper/htmlencode.py +++ b/tamper/htmlencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index 06ba898bd..67dfa6a02 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index e9b7396eb..ac57cf6ff 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 28e8aecd5..e0c6d636a 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/least.py b/tamper/least.py index f81674cc2..8a904c018 100644 --- a/tamper/least.py +++ b/tamper/least.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/lowercase.py b/tamper/lowercase.py index f249b6b19..0a4c8224b 100644 --- a/tamper/lowercase.py +++ b/tamper/lowercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/luanginx.py b/tamper/luanginx.py index 9850cea14..c169f5c43 100644 --- a/tamper/luanginx.py +++ b/tamper/luanginx.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/misunion.py b/tamper/misunion.py index ae8d8f13b..dc4f92b12 100644 --- a/tamper/misunion.py +++ b/tamper/misunion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index ab15bc39b..0eb1e5ad1 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index 940f50f37..a7a4f4f09 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index 0ca463df3..1fd64203f 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 39d0e6cf6..40c773614 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py index ebef0af6a..64abfa087 100644 --- a/tamper/overlongutf8more.py +++ b/tamper/overlongutf8more.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/percentage.py b/tamper/percentage.py index 09e86f546..fb7dbf620 100644 --- a/tamper/percentage.py +++ b/tamper/percentage.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index 438f2fed4..4e15ab811 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 291a19ac8..c20629651 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 3bf398de2..8240c796f 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index e5d7a0511..08f03eb78 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/schemasplit.py b/tamper/schemasplit.py index 32f64a6ed..e8cdabcce 100644 --- a/tamper/schemasplit.py +++ b/tamper/schemasplit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/sleep2getlock.py b/tamper/sleep2getlock.py index 013cda246..da1f1ee9d 100644 --- a/tamper/sleep2getlock.py +++ b/tamper/sleep2getlock.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 3414f7b4f..381b6db03 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 90a317fc9..8b8b3daef 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2dash.py b/tamper/space2dash.py index 579ac984b..8c84ed68a 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2hash.py b/tamper/space2hash.py index cd6c6f546..8335f50ba 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py index 54fbb6324..499560da5 100644 --- a/tamper/space2morecomment.py +++ b/tamper/space2morecomment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index f2992048e..bd411c1e3 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 129ac4d3f..5ef846041 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index 21771d8da..7ea384a55 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index b7de361ca..e8fdbad66 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index a795f3851..483fbb6a6 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2plus.py b/tamper/space2plus.py index e8cd97108..0cf2579ac 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index c17012800..cf0a616fc 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/substring2leftright.py b/tamper/substring2leftright.py index 3dfce471a..8d4709c9d 100644 --- a/tamper/substring2leftright.py +++ b/tamper/substring2leftright.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py index 5d552757f..6b862de12 100644 --- a/tamper/symboliclogical.py +++ b/tamper/symboliclogical.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py index 8a840619c..051e3550c 100644 --- a/tamper/unionalltounion.py +++ b/tamper/unionalltounion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index 1170174ed..e420aa669 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/uppercase.py b/tamper/uppercase.py index 90910a4a1..de728317e 100644 --- a/tamper/uppercase.py +++ b/tamper/uppercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/varnish.py b/tamper/varnish.py index 9dc1b9e72..fd69bf961 100644 --- a/tamper/varnish.py +++ b/tamper/varnish.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 8a8ef9fcd..e9ea57fbc 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index 8791620b5..48d2af384 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index 12e33e1a5..cf5ebdb30 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/thirdparty/socks/socks.py b/thirdparty/socks/socks.py index 70dba70e4..2ee96695c 100644 --- a/thirdparty/socks/socks.py +++ b/thirdparty/socks/socks.py @@ -33,7 +33,7 @@ for tunneling connections through SOCKS proxies. """ """ -Minor modifications made by Miroslav Stampar (http://sqlmap.org/) +Minor modifications made by Miroslav Stampar (https://sqlmap.org/) for patching DNS-leakage occuring in socket.create_connection() Minor modifications made by Christopher Gilbert (http://motomastyle.com/) From 590480d6ac48f7a6d33bbd8138967d41a8f3d9e1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Sep 2021 20:07:41 +0200 Subject: [PATCH 47/92] Update of bottle library --- lib/core/settings.py | 2 +- thirdparty/bottle/bottle.py | 1308 +++++++++++++++++++++++------------ 2 files changed, 862 insertions(+), 448 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e5f62c3b..089634b68 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.1" +VERSION = "1.5.9.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/bottle/bottle.py b/thirdparty/bottle/bottle.py index de959cd37..be42bcbcc 100644 --- a/thirdparty/bottle/bottle.py +++ b/thirdparty/bottle/bottle.py @@ -9,11 +9,11 @@ Python Standard Library. Homepage and documentation: http://bottlepy.org/ -Copyright (c) 2014, Marcel Hellkamp. +Copyright (c) 2009-2018, Marcel Hellkamp. License: MIT (see LICENSE for details) """ -from __future__ import with_statement +from __future__ import print_function import sys __author__ = 'Marcel Hellkamp' @@ -21,18 +21,18 @@ __version__ = '0.13-dev' __license__ = 'MIT' ############################################################################### -# Command-line interface ######################################################## +# Command-line interface ###################################################### ############################################################################### # INFO: Some server adapters need to monkey-patch std-lib modules before they # are imported. This is why some of the command-line handling is done here, but -# the actual call to main() is at the end of the file. +# the actual call to _main() is at the end of the file. -def _cli_parse(args): - from optparse import OptionParser - parser = OptionParser( - usage="usage: %prog [options] package.module:app") - opt = parser.add_option +def _cli_parse(args): # pragma: no coverage + from argparse import ArgumentParser + + parser = ArgumentParser(prog=args[0], usage="%(prog)s [options] package.module:app") + opt = parser.add_argument opt("--version", action="store_true", help="show version number.") opt("-b", "--bind", metavar="ADDRESS", help="bind socket to ADDRESS.") opt("-s", "--server", default='wsgiref', help="use SERVER as backend.") @@ -43,13 +43,16 @@ def _cli_parse(args): help="override config values.") opt("--debug", action="store_true", help="start server in debug mode.") opt("--reload", action="store_true", help="auto-reload on file changes.") - opts, args = parser.parse_args(args[1:]) + opt('app', help='WSGI app entry point.', nargs='?') - return opts, args, parser + cli_args = parser.parse_args(args[1:]) + + return cli_args, parser -def _cli_patch(args): - opts, _, _ = _cli_parse(args) +def _cli_patch(cli_args): # pragma: no coverage + parsed_args, _ = _cli_parse(cli_args) + opts = parsed_args if opts.server: if opts.server.startswith('gevent'): import gevent.monkey @@ -63,12 +66,11 @@ if __name__ == '__main__': _cli_patch(sys.argv) ############################################################################### -# Imports and Python 2/3 unification ########################################### +# Imports and Python 2/3 unification ########################################## ############################################################################### - -import base64, cgi, email.utils, functools, hmac, imp, itertools, mimetypes,\ - os, re, tempfile, threading, time, warnings +import base64, calendar, cgi, email.utils, functools, hmac, imp, itertools,\ + mimetypes, os, re, tempfile, threading, time, warnings, weakref, hashlib from types import FunctionType from datetime import date as datedate, datetime, timedelta @@ -76,6 +78,11 @@ from tempfile import TemporaryFile from traceback import format_exc, print_exc from unicodedata import normalize +try: + from ujson import dumps as json_dumps, loads as json_lds +except ImportError: + from json import dumps as json_dumps, loads as json_lds + # inspect.getargspec was removed in Python 3.6, use # Signature-based version where we can (Python 3.3+) try: @@ -94,60 +101,32 @@ try: defaults.append(param.default) return (args, varargs, keywords, tuple(defaults) or None) except ImportError: - from inspect import getargspec - -try: - from simplejson import dumps as json_dumps, loads as json_lds -except ImportError: # pragma: no cover try: - from json import dumps as json_dumps, loads as json_lds + from inspect import getfullargspec + def getargspec(func): + spec = getfullargspec(func) + kwargs = makelist(spec[0]) + makelist(spec.kwonlyargs) + return kwargs, spec[1], spec[2], spec[3] except ImportError: - try: - from django.utils.simplejson import dumps as json_dumps, loads as json_lds - except ImportError: + from inspect import getargspec - def json_dumps(data): - raise ImportError( - "JSON support requires Python 2.6 or simplejson.") - - json_lds = json_dumps - -# We now try to fix 2.5/2.6/3.1/3.2 incompatibilities. -# It ain't pretty but it works... Sorry for the mess. py = sys.version_info -py3k = py >= (3, 0, 0) -py25 = py < (2, 6, 0) -py31 = (3, 1, 0) <= py < (3, 2, 0) - -# Workaround for the missing "as" keyword in py3k. -def _e(): - return sys.exc_info()[1] - -# Workaround for the "print is a keyword/function" Python 2/3 dilemma -# and a fallback for mod_wsgi (resticts stdout/err attribute access) -try: - _stdout, _stderr = sys.stdout.write, sys.stderr.write -except IOError: - _stdout = lambda x: sys.stdout.write(x) - _stderr = lambda x: sys.stderr.write(x) +py3k = py.major > 2 # Lots of stdlib and builtin differences. if py3k: - try: - from collections.abc import MutableMapping as DictMixin - except ImportError: - from collections import MutableMapping as DictMixin - import http.client as httplib import _thread as thread from urllib.parse import urljoin, SplitResult as UrlSplitResult from urllib.parse import urlencode, quote as urlquote, unquote as urlunquote urlunquote = functools.partial(urlunquote, encoding='latin1') - from http.cookies import SimpleCookie + from http.cookies import SimpleCookie, Morsel, CookieError + from collections.abc import MutableMapping as DictMixin import pickle from io import BytesIO - from configparser import ConfigParser, Error as ConfigParserError + import configparser + basestring = str unicode = str json_loads = lambda s: json_lds(touni(s)) @@ -161,50 +140,37 @@ else: # 2.x import thread from urlparse import urljoin, SplitResult as UrlSplitResult from urllib import urlencode, quote as urlquote, unquote as urlunquote - from Cookie import SimpleCookie + from Cookie import SimpleCookie, Morsel, CookieError from itertools import imap import cPickle as pickle from StringIO import StringIO as BytesIO - from ConfigParser import SafeConfigParser as ConfigParser, \ - Error as ConfigParserError - if py25: - msg = "Python 2.5 support may be dropped in future versions of Bottle." - warnings.warn(msg, DeprecationWarning) - from UserDict import DictMixin - - def next(it): - return it.next() - - bytes = str - else: # 2.6, 2.7 - from collections import MutableMapping as DictMixin + import ConfigParser as configparser + from collections import MutableMapping as DictMixin unicode = unicode json_loads = json_lds - eval(compile('def _raise(*a): raise a[0], a[1], a[2]', '', 'exec')) - + exec(compile('def _raise(*a): raise a[0], a[1], a[2]', '', 'exec')) # Some helpers for string/byte handling def tob(s, enc='utf8'): - return s.encode(enc) if isinstance(s, unicode) else bytes(s) + if isinstance(s, unicode): + return s.encode(enc) + return b'' if s is None else bytes(s) def touni(s, enc='utf8', err='strict'): if isinstance(s, bytes): return s.decode(enc, err) - else: - return unicode(s or ("" if s is None else s)) + return unicode("" if s is None else s) tonat = touni if py3k else tob -# 3.2 fixes cgi.FieldStorage to accept bytes (which makes a lot of sense). -# 3.1 needs a workaround. -if py31: - from io import TextIOWrapper - class NCTextIOWrapper(TextIOWrapper): - def close(self): - pass # Keep wrapped buffer open. +def _stderr(*args): + try: + print(*args, file=sys.stderr) + except (IOError, AttributeError): + pass # Some environments do not allow printing (mod_wsgi) # A bug in functools causes it to break if the wrapper is an instance method @@ -218,8 +184,14 @@ def update_wrapper(wrapper, wrapped, *a, **ka): # And yes, I know PEP-8, but sometimes a lower-case classname makes more sense. -def depr(message, strict=False): - warnings.warn(message, DeprecationWarning, stacklevel=3) +def depr(major, minor, cause, fix): + text = "Warning: Use of deprecated feature or API. (Deprecated in Bottle-%d.%d)\n"\ + "Cause: %s\n"\ + "Fix: %s\n" % (major, minor, cause, fix) + if DEBUG == 'strict': + raise DeprecationWarning(text) + warnings.warn(text, DeprecationWarning, stacklevel=3) + return DeprecationWarning(text) def makelist(data): # This is just too handy @@ -263,7 +235,7 @@ class cached_property(object): property. """ def __init__(self, func): - self.__doc__ = getattr(func, '__doc__') + update_wrapper(self, func) self.func = func def __get__(self, obj, cls): @@ -285,7 +257,7 @@ class lazy_attribute(object): return value ############################################################################### -# Exceptions and Events ######################################################## +# Exceptions and Events ####################################################### ############################################################################### @@ -374,13 +346,16 @@ class Router(object): rule_syntax = re.compile('(\\\\*)' '(?:(?::([a-zA-Z_][a-zA-Z_0-9]*)?()(?:#(.*?)#)?)' '|(?:<([a-zA-Z_][a-zA-Z_0-9]*)?(?::([a-zA-Z_]*)' - '(?::((?:\\\\.|[^\\\\>]+)+)?)?)?>))') + '(?::((?:\\\\.|[^\\\\>])+)?)?)?>))') def _itertokens(self, rule): offset, prefix = 0, '' for match in self.rule_syntax.finditer(rule): prefix += rule[offset:match.start()] g = match.groups() + if g[2] is not None: + depr(0, 13, "Use of old route syntax.", + "Use instead of :name in routes.") if len(g[0]) % 2: # Escaped wildcard prefix += match.group(0)[len(g[0]):] offset = match.end() @@ -431,9 +406,8 @@ class Router(object): try: re_pattern = re.compile('^(%s)$' % pattern) re_match = re_pattern.match - except re.error: - raise RouteSyntaxError("Could not add Route: %s (%s)" % - (rule, _e())) + except re.error as e: + raise RouteSyntaxError("Could not add Route: %s (%s)" % (rule, e)) if filters: @@ -489,18 +463,15 @@ class Router(object): query['anon%d' % i] = value url = ''.join([f(query.pop(n)) if n else f for (n, f) in builder]) return url if not query else url + '?' + urlencode(query) - except KeyError: - raise RouteBuildError('Missing URL argument: %r' % _e().args[0]) + except KeyError as E: + raise RouteBuildError('Missing URL argument: %r' % E.args[0]) def match(self, environ): """ Return a (target, url_args) tuple or raise HTTPError(400/404/405). """ verb = environ['REQUEST_METHOD'].upper() path = environ['PATH_INFO'] or '/' - if verb == 'HEAD': - methods = ['PROXY', verb, 'GET', 'ANY'] - else: - methods = ['PROXY', verb, 'ANY'] + methods = ('PROXY', 'HEAD', 'GET', 'ANY') if verb == 'HEAD' else ('PROXY', verb, 'ANY') for method in methods: if method in self.static and path in self.static[method]: @@ -518,7 +489,7 @@ class Router(object): nocheck = set(methods) for method in set(self.static) - nocheck: if path in self.static[method]: - allowed.add(verb) + allowed.add(method) for method in set(self.dyna_regexes) - allowed - nocheck: for combined, rules in self.dyna_regexes[method]: match = combined(path) @@ -535,7 +506,7 @@ class Router(object): class Route(object): """ This class wraps a route callback along with route specific metadata and configuration and applies Plugins on demand. It is also responsible for - turing an URL path rule into a regular expression usable by the Router. + turning an URL path rule into a regular expression usable by the Router. """ def __init__(self, app, rule, method, callback, @@ -559,7 +530,8 @@ class Route(object): #: Additional keyword arguments passed to the :meth:`Bottle.route` #: decorator are stored in this dictionary. Used for route-specific #: plugin configuration and meta-data. - self.config = ConfigDict().load_dict(config) + self.config = app.config._make_overlay() + self.config.load_dict(config) @cached_property def call(self): @@ -574,7 +546,7 @@ class Route(object): def prepare(self): """ Do all on-demand work immediately (useful for debugging).""" - self.call() + self.call def all_plugins(self): """ Yield all Plugins affecting this route. """ @@ -597,7 +569,7 @@ class Route(object): callback = plugin(callback) except RouteReset: # Try again with changed configuration. return self._make_callback() - if not callback is self.callback: + if callback is not self.callback: update_wrapper(callback, self.callback) return callback @@ -628,13 +600,14 @@ class Route(object): def get_config(self, key, default=None): """ Lookup a config field and return its value, first checking the route.config, then route.app.config.""" - for conf in (self.config, self.app.config): - if key in conf: return conf[key] - return default + depr(0, 13, "Route.get_config() is deprecated.", + "The Route.config property already includes values from the" + " application config for missing keys. Access it directly.") + return self.config.get(key, default) def __repr__(self): cb = self.get_undecorated_callback() - return '<%s %r %r>' % (self.method, self.rule, cb) + return '<%s %s -> %s:%s>' % (self.method, self.rule, cb.__module__, cb.__name__) ############################################################################### # Application Object ########################################################### @@ -650,14 +623,34 @@ class Bottle(object): let debugging middleware handle exceptions. """ - def __init__(self, catchall=True, autojson=True): + @lazy_attribute + def _global_config(cls): + cfg = ConfigDict() + cfg.meta_set('catchall', 'validate', bool) + return cfg + + def __init__(self, **kwargs): #: A :class:`ConfigDict` for app specific configuration. - self.config = ConfigDict() - self.config._on_change = functools.partial(self.trigger_hook, 'config') - self.config.meta_set('autojson', 'validate', bool) - self.config.meta_set('catchall', 'validate', bool) - self.config['catchall'] = catchall - self.config['autojson'] = autojson + self.config = self._global_config._make_overlay() + self.config._add_change_listener( + functools.partial(self.trigger_hook, 'config')) + + self.config.update({ + "catchall": True + }) + + if kwargs.get('catchall') is False: + depr(0, 13, "Bottle(catchall) keyword argument.", + "The 'catchall' setting is now part of the app " + "configuration. Fix: `app.config['catchall'] = False`") + self.config['catchall'] = False + if kwargs.get('autojson') is False: + depr(0, 13, "Bottle(autojson) keyword argument.", + "The 'autojson' setting is now part of the app " + "configuration. Fix: `app.config['json.enable'] = False`") + self.config['json.disable'] = True + + self._mounts = [] #: A :class:`ResourceManager` for application files self.resources = ResourceManager() @@ -668,15 +661,14 @@ class Bottle(object): # Core plugins self.plugins = [] # List of installed plugins. - if self.config['autojson']: - self.install(JSONPlugin()) + self.install(JSONPlugin()) self.install(TemplatePlugin()) #: If true, most exceptions are caught and returned as :exc:`HTTPError` catchall = DictProperty('config', 'catchall') __hook_names = 'before_request', 'after_request', 'app_reset', 'config' - __hook_reversed = 'after_request' + __hook_reversed = {'after_request'} @cached_property def _hooks(self): @@ -718,21 +710,10 @@ class Bottle(object): return decorator - def mount(self, prefix, app, **options): - """ Mount an application (:class:`Bottle` or plain WSGI) to a specific - URL prefix. Example:: - - root_app.mount('/admin/', admin_app) - - :param prefix: path prefix or `mount-point`. If it ends in a slash, - that slash is mandatory. - :param app: an instance of :class:`Bottle` or a WSGI application. - - All other parameters are passed to the underlying :meth:`route` call. - """ - + def _mount_wsgi(self, prefix, app, **options): segments = [p for p in prefix.split('/') if p] - if not segments: raise ValueError('Empty path prefix.') + if not segments: + raise ValueError('WSGI applications cannot be mounted to "/".') path_depth = len(segments) def mountpoint_wrapper(): @@ -743,6 +724,13 @@ class Bottle(object): def start_response(status, headerlist, exc_info=None): if exc_info: _raise(*exc_info) + if py3k: + # Errors here mean that the mounted WSGI app did not + # follow PEP-3333 (which requires latin1) or used a + # pre-encoding other than utf8 :/ + status = status.encode('latin1').decode('utf8') + headerlist = [(k, v.encode('latin1').decode('utf8')) + for (k, v) in headerlist] rs.status = status for name, value in headerlist: rs.add_header(name, value) @@ -763,6 +751,59 @@ class Bottle(object): if not prefix.endswith('/'): self.route('/' + '/'.join(segments), **options) + def _mount_app(self, prefix, app, **options): + if app in self._mounts or '_mount.app' in app.config: + depr(0, 13, "Application mounted multiple times. Falling back to WSGI mount.", + "Clone application before mounting to a different location.") + return self._mount_wsgi(prefix, app, **options) + + if options: + depr(0, 13, "Unsupported mount options. Falling back to WSGI mount.", + "Do not specify any route options when mounting bottle application.") + return self._mount_wsgi(prefix, app, **options) + + if not prefix.endswith("/"): + depr(0, 13, "Prefix must end in '/'. Falling back to WSGI mount.", + "Consider adding an explicit redirect from '/prefix' to '/prefix/' in the parent application.") + return self._mount_wsgi(prefix, app, **options) + + self._mounts.append(app) + app.config['_mount.prefix'] = prefix + app.config['_mount.app'] = self + for route in app.routes: + route.rule = prefix + route.rule.lstrip('/') + self.add_route(route) + + def mount(self, prefix, app, **options): + """ Mount an application (:class:`Bottle` or plain WSGI) to a specific + URL prefix. Example:: + + parent_app.mount('/prefix/', child_app) + + :param prefix: path prefix or `mount-point`. + :param app: an instance of :class:`Bottle` or a WSGI application. + + Plugins from the parent application are not applied to the routes + of the mounted child application. If you need plugins in the child + application, install them separately. + + While it is possible to use path wildcards within the prefix path + (:class:`Bottle` childs only), it is highly discouraged. + + The prefix path must end with a slash. If you want to access the + root of the child application via `/prefix` in addition to + `/prefix/`, consider adding a route with a 307 redirect to the + parent application. + """ + + if not prefix.startswith('/'): + raise ValueError("Prefix must start with '/'") + + if isinstance(app, Bottle): + return self._mount_app(prefix, app, **options) + else: + return self._mount_wsgi(prefix, app, **options) + def merge(self, routes): """ Merge the routes of another :class:`Bottle` application or a list of :class:`Route` objects into this application. The routes keep their @@ -824,7 +865,7 @@ class Bottle(object): run(self, **kwargs) def match(self, environ): - """ Search for a matching route and return a (:class:`Route` , urlargs) + """ Search for a matching route and return a (:class:`Route`, urlargs) tuple. The second value is a dictionary with parameters extracted from the URL. Raise :exc:`HTTPError` (404/405) on a non-match.""" return self.router.match(environ) @@ -912,56 +953,80 @@ class Bottle(object): """ Equals :meth:`route` with a ``PATCH`` method parameter. """ return self.route(path, method, **options) - def error(self, code=500): - """ Decorator: Register an output handler for a HTTP error code""" + def error(self, code=500, callback=None): + """ Register an output handler for a HTTP error code. Can + be used as a decorator or called directly :: - def wrapper(handler): - self.error_handler[int(code)] = handler - return handler + def error_handler_500(error): + return 'error_handler_500' - return wrapper + app.error(code=500, callback=error_handler_500) + + @app.error(404) + def error_handler_404(error): + return 'error_handler_404' + + """ + + def decorator(callback): + if isinstance(callback, basestring): callback = load(callback) + self.error_handler[int(code)] = callback + return callback + + return decorator(callback) if callback else decorator def default_error_handler(self, res): - return tob(template(ERROR_PAGE_TEMPLATE, e=res)) + return tob(template(ERROR_PAGE_TEMPLATE, e=res, template_settings=dict(name='__ERROR_PAGE_TEMPLATE'))) def _handle(self, environ): path = environ['bottle.raw_path'] = environ['PATH_INFO'] if py3k: environ['PATH_INFO'] = path.encode('latin1').decode('utf8', 'ignore') - def _inner_handle(): - # Maybe pass variables as locals for better performance? - try: - route, args = self.router.match(environ) - environ['route.handle'] = route - environ['bottle.route'] = route - environ['route.url_args'] = args - return route.call(**args) - except HTTPResponse: - return _e() - except RouteReset: - route.reset() - return _inner_handle() - except (KeyboardInterrupt, SystemExit, MemoryError): - raise - except Exception: - if not self.catchall: raise - stacktrace = format_exc() - environ['wsgi.errors'].write(stacktrace) - return HTTPError(500, "Internal Server Error", _e(), stacktrace) + environ['bottle.app'] = self + request.bind(environ) + response.bind() try: - out = None - environ['bottle.app'] = self - request.bind(environ) - response.bind() - self.trigger_hook('before_request') - out = _inner_handle() - return out; - finally: - if isinstance(out, HTTPResponse): - out.apply(response) - self.trigger_hook('after_request') + while True: # Remove in 0.14 together with RouteReset + out = None + try: + self.trigger_hook('before_request') + route, args = self.router.match(environ) + environ['route.handle'] = route + environ['bottle.route'] = route + environ['route.url_args'] = args + out = route.call(**args) + break + except HTTPResponse as E: + out = E + break + except RouteReset: + depr(0, 13, "RouteReset exception deprecated", + "Call route.call() after route.reset() and " + "return the result.") + route.reset() + continue + finally: + if isinstance(out, HTTPResponse): + out.apply(response) + try: + self.trigger_hook('after_request') + except HTTPResponse as E: + out = E + out.apply(response) + except (KeyboardInterrupt, SystemExit, MemoryError): + raise + except Exception as E: + if not self.catchall: raise + stacktrace = format_exc() + environ['wsgi.errors'].write(stacktrace) + environ['wsgi.errors'].flush() + environ['bottle.exc_info'] = sys.exc_info() + out = HTTPError(500, "Internal Server Error", E, stacktrace) + out.apply(response) + + return out def _cast(self, out, peek=None): """ Try to convert the parameter into something WSGI compatible and set @@ -1013,13 +1078,13 @@ class Bottle(object): first = next(iout) except StopIteration: return self._cast('') - except HTTPResponse: - first = _e() + except HTTPResponse as E: + first = E except (KeyboardInterrupt, SystemExit, MemoryError): raise - except: + except Exception as error: if not self.catchall: raise - first = HTTPError(500, 'Unhandled exception', _e(), format_exc()) + first = HTTPError(500, 'Unhandled exception', error, format_exc()) # These are the inner types allowed in iterator or generator objects. if isinstance(first, HTTPResponse): @@ -1045,19 +1110,23 @@ class Bottle(object): or environ['REQUEST_METHOD'] == 'HEAD': if hasattr(out, 'close'): out.close() out = [] - start_response(response._status_line, response.headerlist) + exc_info = environ.get('bottle.exc_info') + if exc_info is not None: + del environ['bottle.exc_info'] + start_response(response._wsgi_status_line(), response.headerlist, exc_info) return out except (KeyboardInterrupt, SystemExit, MemoryError): raise - except: + except Exception as E: if not self.catchall: raise err = '

Critical error while processing request: %s

' \ % html_escape(environ.get('PATH_INFO', '/')) if DEBUG: err += '

Error:

\n
\n%s\n
\n' \ '

Traceback:

\n
\n%s\n
\n' \ - % (html_escape(repr(_e())), html_escape(format_exc())) + % (html_escape(repr(E)), html_escape(format_exc())) environ['wsgi.errors'].write(err) + environ['wsgi.errors'].flush() headers = [('Content-Type', 'text/html; charset=UTF-8')] start_response('500 INTERNAL SERVER ERROR', headers, sys.exc_info()) return [tob(err)] @@ -1149,15 +1218,22 @@ class BaseRequest(object): cookies = SimpleCookie(self.environ.get('HTTP_COOKIE', '')).values() return FormsDict((c.key, c.value) for c in cookies) - def get_cookie(self, key, default=None, secret=None): + def get_cookie(self, key, default=None, secret=None, digestmod=hashlib.sha256): """ Return the content of a cookie. To read a `Signed Cookie`, the `secret` must match the one used to create the cookie (see :meth:`BaseResponse.set_cookie`). If anything goes wrong (missing cookie or wrong signature), return a default value. """ value = self.cookies.get(key) - if secret and value: - dec = cookie_decode(value, secret) # (key, value) tuple or None - return dec[1] if dec and dec[0] == key else default + if secret: + # See BaseResponse.set_cookie for details on signed cookies. + if value and value.startswith('!') and '?' in value: + sig, msg = map(tob, value[1:].split('?', 1)) + hash = hmac.new(tob(secret), msg, digestmod=digestmod).digest() + if _lscmp(sig, base64.b64encode(hash)): + dst = pickle.loads(base64.b64decode(msg)) + if dst and dst[0] == key: + return dst[1] + return default return value or default @DictProperty('environ', 'bottle.request.query', read_only=True) @@ -1179,6 +1255,7 @@ class BaseRequest(object): :class:`FormsDict`. All keys and values are strings. File uploads are stored separately in :attr:`files`. """ forms = FormsDict() + forms.recode_unicode = self.POST.recode_unicode for name, item in self.POST.allitems(): if not isinstance(item, FileUpload): forms[name] = item @@ -1202,6 +1279,7 @@ class BaseRequest(object): """ files = FormsDict() + files.recode_unicode = self.POST.recode_unicode for name, item in self.POST.allitems(): if isinstance(item, FileUpload): files[name] = item @@ -1209,13 +1287,15 @@ class BaseRequest(object): @DictProperty('environ', 'bottle.request.json', read_only=True) def json(self): - """ If the ``Content-Type`` header is ``application/json``, this - property holds the parsed content of the request body. Only requests - smaller than :attr:`MEMFILE_MAX` are processed to avoid memory - exhaustion. Invalid JSON raises a 400 error response. """ + """ If the ``Content-Type`` header is ``application/json`` or + ``application/json-rpc``, this property holds the parsed content + of the request body. Only requests smaller than :attr:`MEMFILE_MAX` + are processed to avoid memory exhaustion. + Invalid JSON raises a 400 error response. + """ ctype = self.environ.get('CONTENT_TYPE', '').lower().split(';')[0] - if ctype == 'application/json': - b = self._get_body_string() + if ctype in ('application/json', 'application/json-rpc'): + b = self._get_body_string(self.MEMFILE_MAX) if not b: return None try: @@ -1281,15 +1361,13 @@ class BaseRequest(object): body.seek(0) return body - def _get_body_string(self): - """ read body until content-length or MEMFILE_MAX into a string. Raise - HTTPError(413) on requests that are to large. """ - clen = self.content_length - if clen > self.MEMFILE_MAX: + def _get_body_string(self, maxread): + """ Read body into a string. Raise HTTPError(413) on requests that are + to large. """ + if self.content_length > maxread: raise HTTPError(413, 'Request entity too large') - if clen < 0: clen = self.MEMFILE_MAX + 1 - data = self.body.read(clen) - if len(data) > self.MEMFILE_MAX: # Fail fast + data = self.body.read(maxread + 1) + if len(data) > maxread: raise HTTPError(413, 'Request entity too large') return data @@ -1322,8 +1400,8 @@ class BaseRequest(object): # We default to application/x-www-form-urlencoded for everything that # is not multipart and take the fast path (also: 3.1 workaround) if not self.content_type.startswith('multipart/'): - pairs = _parse_qsl(tonat(self._get_body_string(), 'latin1')) - for key, value in pairs: + body = tonat(self._get_body_string(self.MEMFILE_MAX), 'latin1') + for key, value in _parse_qsl(body): post[key] = value return post @@ -1331,21 +1409,19 @@ class BaseRequest(object): for key in ('REQUEST_METHOD', 'CONTENT_TYPE', 'CONTENT_LENGTH'): if key in self.environ: safe_env[key] = self.environ[key] args = dict(fp=self.body, environ=safe_env, keep_blank_values=True) - if py31: - args['fp'] = NCTextIOWrapper(args['fp'], - encoding='utf8', - newline='\n') - elif py3k: + + if py3k: args['encoding'] = 'utf8' + post.recode_unicode = False data = cgi.FieldStorage(**args) self['_cgi.FieldStorage'] = data #http://bugs.python.org/issue18394 data = data.list or [] for item in data: - if item.filename: + if item.filename is None: + post[item.name] = item.value + else: post[item.name] = FileUpload(item.file, item.name, item.filename, item.headers) - else: - post[item.name] = item.value return post @property @@ -1528,26 +1604,36 @@ class BaseRequest(object): except KeyError: raise AttributeError("Attribute not defined: %s" % name) -def _hkey(s): - return s.title().replace('_', '-') + +def _hkey(key): + if '\n' in key or '\r' in key or '\0' in key: + raise ValueError("Header names must not contain control characters: %r" % key) + return key.title().replace('_', '-') + + +def _hval(value): + value = tonat(value) + if '\n' in value or '\r' in value or '\0' in value: + raise ValueError("Header value must not contain control characters: %r" % value) + return value class HeaderProperty(object): - def __init__(self, name, reader=None, writer=str, default=''): + def __init__(self, name, reader=None, writer=None, default=''): self.name, self.default = name, default self.reader, self.writer = reader, writer self.__doc__ = 'Current value of the %r header.' % name.title() def __get__(self, obj, _): if obj is None: return self - value = obj.headers.get(self.name, self.default) + value = obj.get_header(self.name, self.default) return self.reader(value) if self.reader else value def __set__(self, obj, value): - obj.headers[self.name] = self.writer(value) + obj[self.name] = self.writer(value) if self.writer else value def __delete__(self, obj): - del obj.headers[self.name] + del obj[self.name] class BaseResponse(object): @@ -1572,8 +1658,8 @@ class BaseResponse(object): # Header blacklist for specific response codes # (rfc2616 section 10.2.3 and 10.3.5) bad_headers = { - 204: set(('Content-Type', )), - 304: set(('Allow', 'Content-Encoding', 'Content-Language', + 204: frozenset(('Content-Type', 'Content-Length')), + 304: frozenset(('Allow', 'Content-Encoding', 'Content-Language', 'Content-Length', 'Content-Range', 'Content-Type', 'Content-Md5', 'Last-Modified')) } @@ -1600,8 +1686,10 @@ class BaseResponse(object): copy.status = self.status copy._headers = dict((k, v[:]) for (k, v) in self._headers.items()) if self._cookies: - copy._cookies = SimpleCookie() - copy._cookies.load(self._cookies.output(header='')) + cookies = copy._cookies = SimpleCookie() + for k,v in self._cookies.items(): + cookies[k] = v.value + cookies[k].update(v) # also copy cookie attributes return copy def __iter__(self): @@ -1625,6 +1713,8 @@ class BaseResponse(object): if isinstance(status, int): code, status = status, _HTTP_STATUS_LINES.get(status) elif ' ' in status: + if '\n' in status or '\r' in status or '\0' in status: + raise ValueError('Status line must not include control chars.') status = status.strip() code = int(status.split()[0]) else: @@ -1664,8 +1754,7 @@ class BaseResponse(object): return self._headers[_hkey(name)][-1] def __setitem__(self, name, value): - self._headers[_hkey(name)] = [value if isinstance(value, unicode) else - str(value)] + self._headers[_hkey(name)] = [_hval(value)] def get_header(self, name, default=None): """ Return the value of a previously defined header. If there is no @@ -1675,19 +1764,23 @@ class BaseResponse(object): def set_header(self, name, value): """ Create a new response header, replacing any previously defined headers with the same name. """ - self._headers[_hkey(name)] = [value if isinstance(value, unicode) - else str(value)] + self._headers[_hkey(name)] = [_hval(value)] def add_header(self, name, value): """ Add an additional response header, not removing duplicates. """ - self._headers.setdefault(_hkey(name), []).append( - value if isinstance(value, unicode) else str(value)) + self._headers.setdefault(_hkey(name), []).append(_hval(value)) def iter_headers(self): """ Yield (header, value) tuples, skipping headers that are not allowed with the current response status code. """ return self.headerlist + def _wsgi_status_line(self): + """ WSGI conform status line (latin1-encodeable) """ + if py3k: + return self._status_line.encode('utf8').decode('latin1') + return self._status_line + @property def headerlist(self): """ WSGI conform list of (header, value) tuples. """ @@ -1701,15 +1794,13 @@ class BaseResponse(object): out += [(name, val) for (name, vals) in headers for val in vals] if self._cookies: for c in self._cookies.values(): - out.append(('Set-Cookie', c.OutputString())) + out.append(('Set-Cookie', _hval(c.OutputString()))) if py3k: - return [(k, v.encode('utf8').decode('latin1')) for (k, v) in out] - else: - return [(k, v.encode('utf8') if isinstance(v, unicode) else v) - for (k, v) in out] + out = [(k, v.encode('utf8').decode('latin1')) for (k, v) in out] + return out content_type = HeaderProperty('Content-Type') - content_length = HeaderProperty('Content-Length', reader=int) + content_length = HeaderProperty('Content-Length', reader=int, default=-1) expires = HeaderProperty( 'Expires', reader=lambda x: datetime.utcfromtimestamp(parse_date(x)), @@ -1722,7 +1813,7 @@ class BaseResponse(object): return self.content_type.split('charset=')[-1].split(';')[0].strip() return default - def set_cookie(self, name, value, secret=None, **options): + def set_cookie(self, name, value, secret=None, digestmod=hashlib.sha256, **options): """ Create a new cookie or replace an old one. If the `secret` parameter is set, create a `Signed Cookie` (described below). @@ -1733,7 +1824,7 @@ class BaseResponse(object): Additionally, this method accepts all RFC 2109 attributes that are supported by :class:`cookie.Morsel`, including: - :param max_age: maximum age in seconds. (default: None) + :param maxage: maximum age in seconds. (default: None) :param expires: a datetime object or UNIX timestamp. (default: None) :param domain: the domain that is allowed to read the cookie. (default: current domain) @@ -1741,8 +1832,10 @@ class BaseResponse(object): :param secure: limit the cookie to HTTPS connections (default: off). :param httponly: prevents client-side javascript to read this cookie (default: off, requires Python 2.6 or newer). + :param samesite: Control or disable third-party use for this cookie. + Possible values: `lax`, `strict` or `none` (default). - If neither `expires` nor `max_age` is set (default), the cookie will + If neither `expires` nor `maxage` is set (default), the cookie will expire at the end of the browser session (as soon as the browser window is closed). @@ -1750,6 +1843,11 @@ class BaseResponse(object): cryptographically signed to prevent manipulation. Keep in mind that cookies are limited to 4kb in most browsers. + Warning: Pickle is a potentially dangerous format. If an attacker + gains access to the secret key, he could forge cookies that execute + code on server side if unpickled. Using pickle is discouraged and + support for it will be removed in later versions of bottle. + Warning: Signed cookies are not encrypted (the client can still see the content) and not copy-protected (the client can restore an old cookie). The main intention is to make pickling and unpickling @@ -1758,10 +1856,22 @@ class BaseResponse(object): if not self._cookies: self._cookies = SimpleCookie() + # Monkey-patch Cookie lib to support 'SameSite' parameter + # https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1 + if py < (3, 8, 0): + Morsel._reserved.setdefault('samesite', 'SameSite') + if secret: - value = touni(cookie_encode((name, value), secret)) + if not isinstance(value, basestring): + depr(0, 13, "Pickling of arbitrary objects into cookies is " + "deprecated.", "Only store strings in cookies. " + "JSON strings are fine, too.") + encoded = base64.b64encode(pickle.dumps([name, value], -1)) + sig = base64.b64encode(hmac.new(tob(secret), encoded, + digestmod=digestmod).digest()) + value = touni(tob('!') + sig + tob('?') + encoded) elif not isinstance(value, basestring): - raise TypeError('Secret key missing for non-string Cookie.') + raise TypeError('Secret key required for non-string cookies.') # Cookie size plus options must not exceed 4kb. if len(name) + len(value) > 3800: @@ -1770,18 +1880,19 @@ class BaseResponse(object): self._cookies[name] = value for key, value in options.items(): - if key == 'max_age': + if key in ('max_age', 'maxage'): # 'maxage' variant added in 0.13 + key = 'max-age' if isinstance(value, timedelta): value = value.seconds + value.days * 24 * 3600 if key == 'expires': - if isinstance(value, (datedate, datetime)): - value = value.timetuple() - elif isinstance(value, (int, float)): - value = time.gmtime(value) - value = time.strftime("%a, %d %b %Y %H:%M:%S GMT", value) + value = http_date(value) + if key in ('same_site', 'samesite'): # 'samesite' variant added in 0.13 + key, value = 'samesite', (value or "none").lower() + if value not in ('lax', 'strict', 'none'): + raise CookieError("Invalid value for SameSite") if key in ('secure', 'httponly') and not value: continue - self._cookies[name][key.replace('_', '-')] = value + self._cookies[name][key] = value def delete_cookie(self, key, **kwargs): """ Delete a cookie. Be sure to use the same `domain` and `path` @@ -1883,15 +1994,27 @@ class JSONPlugin(object): def __init__(self, json_dumps=json_dumps): self.json_dumps = json_dumps - def apply(self, callback, _): + def setup(self, app): + app.config._define('json.enable', default=True, validate=bool, + help="Enable or disable automatic dict->json filter.") + app.config._define('json.ascii', default=False, validate=bool, + help="Use only 7-bit ASCII characters in output.") + app.config._define('json.indent', default=True, validate=bool, + help="Add whitespace to make json more readable.") + app.config._define('json.dump_func', default=None, + help="If defined, use this function to transform" + " dict into json. The other options no longer" + " apply.") + + def apply(self, callback, route): dumps = self.json_dumps - if not dumps: return callback + if not self.json_dumps: return callback def wrapper(*a, **ka): try: rv = callback(*a, **ka) - except HTTPError: - rv = _e() + except HTTPResponse as resp: + rv = resp if isinstance(rv, dict): #Attempt to serialize, raises exception on failure @@ -2113,7 +2236,6 @@ class FormsDict(MultiDict): return super(FormsDict, self).__getattr__(name) return self.getunicode(name, default=default) - class HeaderDict(MultiDict): """ A case-insensitive version of :class:`MultiDict` that defaults to replace the old value instead of appending it. """ @@ -2132,16 +2254,13 @@ class HeaderDict(MultiDict): return self.dict[_hkey(key)][-1] def __setitem__(self, key, value): - self.dict[_hkey(key)] = [value if isinstance(value, unicode) else - str(value)] + self.dict[_hkey(key)] = [_hval(value)] def append(self, key, value): - self.dict.setdefault(_hkey(key), []).append( - value if isinstance(value, unicode) else str(value)) + self.dict.setdefault(_hkey(key), []).append(_hval(value)) def replace(self, key, value): - self.dict[_hkey(key)] = [value if isinstance(value, unicode) else - str(value)] + self.dict[_hkey(key)] = [_hval(value)] def getall(self, key): return self.dict.get(_hkey(key)) or [] @@ -2150,7 +2269,7 @@ class HeaderDict(MultiDict): return MultiDict.get(self, _hkey(key), default, index) def filter(self, names): - for name in [_hkey(n) for n in names]: + for name in (_hkey(n) for n in names): if name in self.dict: del self.dict[name] @@ -2214,48 +2333,99 @@ class WSGIHeaderDict(DictMixin): def __contains__(self, key): return self._ekey(key) in self.environ +_UNSET = object() class ConfigDict(dict): """ A dict-like configuration storage with additional support for - namespaces, validators, meta-data, on_change listeners and more. + namespaces, validators, meta-data, overlays and more. + + This dict-like class is heavily optimized for read access. All read-only + methods as well as item access should be as fast as the built-in dict. """ - __slots__ = ('_meta', '_on_change') + __slots__ = ('_meta', '_change_listener', '_overlays', '_virtual_keys', '_source', '__weakref__') def __init__(self): self._meta = {} - self._on_change = lambda name, value: None + self._change_listener = [] + #: Weak references of overlays that need to be kept in sync. + self._overlays = [] + #: Config that is the source for this overlay. + self._source = None + #: Keys of values copied from the source (values we do not own) + self._virtual_keys = set() - def load_module(self, path, squash): - """ Load values from a Python module. - :param squash: Squash nested dicts into namespaces by using - load_dict(), otherwise use update() - Example: load_config('my.app.settings', True) - Example: load_config('my.app.settings', False) + def load_module(self, path, squash=True): + """Load values from a Python module. + + Example modue ``config.py``:: + + DEBUG = True + SQLITE = { + "db": ":memory:" + } + + + >>> c = ConfigDict() + >>> c.load_module('config') + {DEBUG: True, 'SQLITE.DB': 'memory'} + >>> c.load_module("config", False) + {'DEBUG': True, 'SQLITE': {'DB': 'memory'}} + + :param squash: If true (default), dictionary values are assumed to + represent namespaces (see :meth:`load_dict`). """ - config_obj = __import__(path) - obj = dict([(key, getattr(config_obj, key)) - for key in dir(config_obj) if key.isupper()]) + config_obj = load(path) + obj = {key: getattr(config_obj, key) for key in dir(config_obj) + if key.isupper()} + if squash: self.load_dict(obj) else: self.update(obj) return self - def load_config(self, filename): + def load_config(self, filename, **options): """ Load values from an ``*.ini`` style config file. - If the config file contains sections, their names are used as - namespaces for the values within. The two special sections - ``DEFAULT`` and ``bottle`` refer to the root namespace (no prefix). + A configuration file consists of sections, each led by a + ``[section]`` header, followed by key/value entries separated by + either ``=`` or ``:``. Section names and keys are case-insensitive. + Leading and trailing whitespace is removed from keys and values. + Values can be omitted, in which case the key/value delimiter may + also be left out. Values can also span multiple lines, as long as + they are indented deeper than the first line of the value. Commands + are prefixed by ``#`` or ``;`` and may only appear on their own on + an otherwise empty line. + + Both section and key names may contain dots (``.``) as namespace + separators. The actual configuration parameter name is constructed + by joining section name and key name together and converting to + lower case. + + The special sections ``bottle`` and ``ROOT`` refer to the root + namespace and the ``DEFAULT`` section defines default values for all + other sections. + + With Python 3, extended string interpolation is enabled. + + :param filename: The path of a config file, or a list of paths. + :param options: All keyword parameters are passed to the underlying + :class:`python:configparser.ConfigParser` constructor call. + """ - conf = ConfigParser() + options.setdefault('allow_no_value', True) + if py3k: + options.setdefault('interpolation', + configparser.ExtendedInterpolation()) + conf = configparser.ConfigParser(**options) conf.read(filename) for section in conf.sections(): - for key, value in conf.items(section): - if section not in ('DEFAULT', 'bottle'): + for key in conf.options(section): + value = conf.get(section, key) + if section not in ('bottle', 'ROOT'): key = section + '.' + key - self[key] = value + self[key.lower()] = value return self def load_dict(self, source, namespace=''): @@ -2280,7 +2450,10 @@ class ConfigDict(dict): def update(self, *a, **ka): """ If the first parameter is a string, all keys are prefixed with this namespace. Apart from that it works just as the usual dict.update(). - Example: ``update('some.namespace', key='value')`` """ + + >>> c = ConfigDict() + >>> c.update('some.namespace', key='value') + """ prefix = '' if a and isinstance(a[0], basestring): prefix = a[0].strip('.') + '.' @@ -2296,38 +2469,141 @@ class ConfigDict(dict): def __setitem__(self, key, value): if not isinstance(key, basestring): raise TypeError('Key has type %r (not a string)' % type(key)) + + self._virtual_keys.discard(key) + value = self.meta_get(key, 'filter', lambda x: x)(value) if key in self and self[key] is value: return + self._on_change(key, value) dict.__setitem__(self, key, value) + for overlay in self._iter_overlays(): + overlay._set_virtual(key, value) + def __delitem__(self, key): - self._on_change(key, None) + if key not in self: + raise KeyError(key) + if key in self._virtual_keys: + raise KeyError("Virtual keys cannot be deleted: %s" % key) + + if self._source and key in self._source: + # Not virtual, but present in source -> Restore virtual value + dict.__delitem__(self, key) + self._set_virtual(key, self._source[key]) + else: # not virtual, not present in source. This is OUR value + self._on_change(key, None) + dict.__delitem__(self, key) + for overlay in self._iter_overlays(): + overlay._delete_virtual(key) + + def _set_virtual(self, key, value): + """ Recursively set or update virtual keys. Do nothing if non-virtual + value is present. """ + if key in self and key not in self._virtual_keys: + return # Do nothing for non-virtual keys. + + self._virtual_keys.add(key) + if key in self and self[key] is not value: + self._on_change(key, value) + dict.__setitem__(self, key, value) + for overlay in self._iter_overlays(): + overlay._set_virtual(key, value) + + def _delete_virtual(self, key): + """ Recursively delete virtual entry. Do nothing if key is not virtual. + """ + if key not in self._virtual_keys: + return # Do nothing for non-virtual keys. + + if key in self: + self._on_change(key, None) dict.__delitem__(self, key) + self._virtual_keys.discard(key) + for overlay in self._iter_overlays(): + overlay._delete_virtual(key) + + def _on_change(self, key, value): + for cb in self._change_listener: + if cb(self, key, value): + return True + + def _add_change_listener(self, func): + self._change_listener.append(func) + return func def meta_get(self, key, metafield, default=None): """ Return the value of a meta field for a key. """ return self._meta.get(key, {}).get(metafield, default) def meta_set(self, key, metafield, value): - """ Set the meta field for a key to a new value. This triggers the - on-change handler for existing keys. """ + """ Set the meta field for a key to a new value. """ self._meta.setdefault(key, {})[metafield] = value - if key in self: - self[key] = self[key] def meta_list(self, key): """ Return an iterable of meta field names defined for a key. """ return self._meta.get(key, {}).keys() + def _define(self, key, default=_UNSET, help=_UNSET, validate=_UNSET): + """ (Unstable) Shortcut for plugins to define own config parameters. """ + if default is not _UNSET: + self.setdefault(key, default) + if help is not _UNSET: + self.meta_set(key, 'help', help) + if validate is not _UNSET: + self.meta_set(key, 'validate', validate) + + def _iter_overlays(self): + for ref in self._overlays: + overlay = ref() + if overlay is not None: + yield overlay + + def _make_overlay(self): + """ (Unstable) Create a new overlay that acts like a chained map: Values + missing in the overlay are copied from the source map. Both maps + share the same meta entries. + + Entries that were copied from the source are called 'virtual'. You + can not delete virtual keys, but overwrite them, which turns them + into non-virtual entries. Setting keys on an overlay never affects + its source, but may affect any number of child overlays. + + Other than collections.ChainMap or most other implementations, this + approach does not resolve missing keys on demand, but instead + actively copies all values from the source to the overlay and keeps + track of virtual and non-virtual keys internally. This removes any + lookup-overhead. Read-access is as fast as a build-in dict for both + virtual and non-virtual keys. + + Changes are propagated recursively and depth-first. A failing + on-change handler in an overlay stops the propagation of virtual + values and may result in an partly updated tree. Take extra care + here and make sure that on-change handlers never fail. + + Used by Route.config + """ + # Cleanup dead references + self._overlays[:] = [ref for ref in self._overlays if ref() is not None] + + overlay = ConfigDict() + overlay._meta = self._meta + overlay._source = self + self._overlays.append(weakref.ref(overlay)) + for key in self: + overlay._set_virtual(key, self[key]) + return overlay + + + class AppStack(list): """ A stack-like list. Calling it returns the head of the stack. """ def __call__(self): """ Return the current default application. """ - return self[-1] + return self.default def push(self, value=None): """ Add a new :class:`Bottle` instance to the stack """ @@ -2335,20 +2611,28 @@ class AppStack(list): value = Bottle() self.append(value) return value + new_app = push + + @property + def default(self): + try: + return self[-1] + except IndexError: + return self.push() class WSGIFileWrapper(object): def __init__(self, fp, buffer_size=1024 * 64): self.fp, self.buffer_size = fp, buffer_size - for attr in ('fileno', 'close', 'read', 'readlines', 'tell', 'seek'): + for attr in 'fileno', 'close', 'read', 'readlines', 'tell', 'seek': if hasattr(fp, attr): setattr(self, attr, getattr(fp, attr)) def __iter__(self): buff, read = self.buffer_size, self.read - while True: - part = read(buff) - if not part: return + part = read(buff) + while part: yield part + part = read(buff) class _closeiter(object): @@ -2433,7 +2717,7 @@ class ResourceManager(object): """ Search for a resource and return an absolute file path, or `None`. The :attr:`path` list is searched in order. The first match is - returend. Symlinks are followed. The result is cached to speed up + returned. Symlinks are followed. The result is cached to speed up future lookups. """ if name not in self.cache or DEBUG: for path in self.path: @@ -2468,6 +2752,10 @@ class FileUpload(object): content_type = HeaderProperty('Content-Type') content_length = HeaderProperty('Content-Length', reader=int, default=-1) + def get_header(self, name, default=None): + """ Return the value of a header within the multipart part. """ + return self.headers.get(name, default) + @cached_property def filename(self): """ Name of the file on the client file system, but normalized to ensure @@ -2537,42 +2825,61 @@ def redirect(url, code=None): raise res -def _file_iter_range(fp, offset, bytes, maxread=1024 * 1024): - """ Yield chunks from a range in a file. No chunk is bigger than maxread.""" +def _file_iter_range(fp, offset, bytes, maxread=1024 * 1024, close=False): + """ Yield chunks from a range in a file, optionally closing it at the end. + No chunk is bigger than maxread. """ fp.seek(offset) while bytes > 0: part = fp.read(min(bytes, maxread)) - if not part: break + if not part: + break bytes -= len(part) yield part + if close: + fp.close() def static_file(filename, root, - mimetype='auto', + mimetype=True, download=False, - charset='UTF-8'): - """ Open a file in a safe way and return :exc:`HTTPResponse` with status - code 200, 305, 403 or 404. The ``Content-Type``, ``Content-Encoding``, - ``Content-Length`` and ``Last-Modified`` headers are set if possible. - Special support for ``If-Modified-Since``, ``Range`` and ``HEAD`` - requests. + charset='UTF-8', + etag=None, + headers=None): + """ Open a file in a safe way and return an instance of :exc:`HTTPResponse` + that can be sent back to the client. - :param filename: Name or path of the file to send. + :param filename: Name or path of the file to send, relative to ``root``. :param root: Root path for file lookups. Should be an absolute directory path. - :param mimetype: Defines the content-type header (default: guess from + :param mimetype: Provide the content-type header (default: guess from file extension) :param download: If True, ask the browser to open a `Save as...` dialog instead of opening the file with the associated program. You can specify a custom filename as a string. If not specified, the original filename is used (default: False). - :param charset: The charset to use for files with a ``text/*`` - mime-type. (default: UTF-8) + :param charset: The charset for files with a ``text/*`` mime-type. + (default: UTF-8) + :param etag: Provide a pre-computed ETag header. If set to ``False``, + ETag handling is disabled. (default: auto-generate ETag header) + :param headers: Additional headers dict to add to the response. + + While checking user input is always a good idea, this function provides + additional protection against malicious ``filename`` parameters from + breaking out of the ``root`` directory and leaking sensitive information + to an attacker. + + Read-protected files or files outside of the ``root`` directory are + answered with ``403 Access Denied``. Missing files result in a + ``404 Not Found`` response. Conditional requests (``If-Modified-Since``, + ``If-None-Match``) are answered with ``304 Not Modified`` whenever + possible. ``HEAD`` and ``Range`` requests (used by download managers to + check or continue partial downloads) are also handled automatically. + """ - root = os.path.abspath(root) + os.sep + root = os.path.join(os.path.abspath(root), '') filename = os.path.abspath(os.path.join(root, filename.strip('/\\'))) - headers = dict() + headers = headers.copy() if headers else {} if not filename.startswith(root): return HTTPError(403, "Access denied.") @@ -2581,47 +2888,61 @@ def static_file(filename, root, if not os.access(filename, os.R_OK): return HTTPError(403, "You do not have permission to access this file.") - if mimetype == 'auto': - if download and download != True: + if mimetype is True: + if download and download is not True: mimetype, encoding = mimetypes.guess_type(download) else: mimetype, encoding = mimetypes.guess_type(filename) - if encoding: headers['Content-Encoding'] = encoding + if encoding: + headers['Content-Encoding'] = encoding if mimetype: - if mimetype[:5] == 'text/' and charset and 'charset' not in mimetype: + if (mimetype[:5] == 'text/' or mimetype == 'application/javascript')\ + and charset and 'charset' not in mimetype: mimetype += '; charset=%s' % charset headers['Content-Type'] = mimetype if download: - download = os.path.basename(filename if download == True else download) + download = os.path.basename(filename if download is True else download) headers['Content-Disposition'] = 'attachment; filename="%s"' % download stats = os.stat(filename) headers['Content-Length'] = clen = stats.st_size - lm = time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime(stats.st_mtime)) - headers['Last-Modified'] = lm + headers['Last-Modified'] = email.utils.formatdate(stats.st_mtime, + usegmt=True) + headers['Date'] = email.utils.formatdate(time.time(), usegmt=True) - ims = request.environ.get('HTTP_IF_MODIFIED_SINCE') + getenv = request.environ.get + + if etag is None: + etag = '%d:%d:%d:%d:%s' % (stats.st_dev, stats.st_ino, stats.st_mtime, + clen, filename) + etag = hashlib.sha1(tob(etag)).hexdigest() + + if etag: + headers['ETag'] = etag + check = getenv('HTTP_IF_NONE_MATCH') + if check and check == etag: + return HTTPResponse(status=304, **headers) + + ims = getenv('HTTP_IF_MODIFIED_SINCE') if ims: ims = parse_date(ims.split(";")[0].strip()) if ims is not None and ims >= int(stats.st_mtime): - headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT", - time.gmtime()) return HTTPResponse(status=304, **headers) body = '' if request.method == 'HEAD' else open(filename, 'rb') headers["Accept-Ranges"] = "bytes" - ranges = request.environ.get('HTTP_RANGE') - if 'HTTP_RANGE' in request.environ: - ranges = list(parse_range_header(request.environ['HTTP_RANGE'], clen)) + range_header = getenv('HTTP_RANGE') + if range_header: + ranges = list(parse_range_header(range_header, clen)) if not ranges: return HTTPError(416, "Requested Range Not Satisfiable") offset, end = ranges[0] headers["Content-Range"] = "bytes %d-%d/%d" % (offset, end - 1, clen) headers["Content-Length"] = str(end - offset) - if body: body = _file_iter_range(body, offset, end - offset) + if body: body = _file_iter_range(body, offset, end - offset, close=True) return HTTPResponse(body, status=206, **headers) return HTTPResponse(body, **headers) @@ -2634,25 +2955,31 @@ def debug(mode=True): """ Change the debug level. There is only one debug level supported at the moment.""" global DEBUG - #if mode: warnings.simplefilter('default') # neutralizing already set warning filters (e.g. DeprecationWarning inside sqlmapapi.py) + if mode: warnings.simplefilter('default') DEBUG = bool(mode) def http_date(value): - if isinstance(value, (datedate, datetime)): + if isinstance(value, basestring): + return value + if isinstance(value, datetime): + # aware datetime.datetime is converted to UTC time + # naive datetime.datetime is treated as UTC time value = value.utctimetuple() - elif isinstance(value, (int, float)): - value = time.gmtime(value) - if not isinstance(value, basestring): - value = time.strftime("%a, %d %b %Y %H:%M:%S GMT", value) - return value + elif isinstance(value, datedate): + # datetime.date is naive, and is treated as UTC time + value = value.timetuple() + if not isinstance(value, (int, float)): + # convert struct_time in UTC to UNIX timestamp + value = calendar.timegm(value) + return email.utils.formatdate(value, usegmt=True) def parse_date(ims): """ Parse rfc1123, rfc850 and asctime timestamps and return UTC epoch. """ try: ts = email.utils.parsedate_tz(ims) - return time.mktime(ts[:8] + (0, )) - (ts[9] or 0) - time.timezone + return calendar.timegm(ts[:8] + (0, )) - (ts[9] or 0) except (TypeError, ValueError, IndexError, OverflowError): return None @@ -2687,9 +3014,45 @@ def parse_range_header(header, maxlen=0): pass +#: Header tokenizer used by _parse_http_header() +_hsplit = re.compile('(?:(?:"((?:[^"\\\\]|\\\\.)*)")|([^;,=]+))([;,=]?)').findall + +def _parse_http_header(h): + """ Parses a typical multi-valued and parametrised HTTP header (e.g. Accept headers) and returns a list of values + and parameters. For non-standard or broken input, this implementation may return partial results. + :param h: A header string (e.g. ``text/html,text/plain;q=0.9,*/*;q=0.8``) + :return: List of (value, params) tuples. The second element is a (possibly empty) dict. + """ + values = [] + if '"' not in h: # INFO: Fast path without regexp (~2x faster) + for value in h.split(','): + parts = value.split(';') + values.append((parts[0].strip(), {})) + for attr in parts[1:]: + name, value = attr.split('=', 1) + values[-1][1][name.strip()] = value.strip() + else: + lop, key, attrs = ',', None, {} + for quoted, plain, tok in _hsplit(h): + value = plain.strip() if plain else quoted.replace('\\"', '"') + if lop == ',': + attrs = {} + values.append((value, attrs)) + elif lop == ';': + if tok == '=': + key = value + else: + attrs[value] = '' + elif lop == '=' and key: + attrs[key] = value + key = None + lop = tok + return values + + def _parse_qsl(qs): r = [] - for pair in qs.replace(';', '&').split('&'): + for pair in qs.split('&'): if not pair: continue nv = pair.split('=', 1) if len(nv) != 2: nv.append('') @@ -2706,25 +3069,34 @@ def _lscmp(a, b): for x, y in zip(a, b)) and len(a) == len(b) -def cookie_encode(data, key): +def cookie_encode(data, key, digestmod=None): """ Encode and sign a pickle-able object. Return a (byte) string """ + depr(0, 13, "cookie_encode() will be removed soon.", + "Do not use this API directly.") + digestmod = digestmod or hashlib.sha256 msg = base64.b64encode(pickle.dumps(data, -1)) - sig = base64.b64encode(hmac.new(tob(key), msg).digest()) + sig = base64.b64encode(hmac.new(tob(key), msg, digestmod=digestmod).digest()) return tob('!') + sig + tob('?') + msg -def cookie_decode(data, key): +def cookie_decode(data, key, digestmod=None): """ Verify and decode an encoded string. Return an object or None.""" + depr(0, 13, "cookie_decode() will be removed soon.", + "Do not use this API directly.") data = tob(data) if cookie_is_encoded(data): sig, msg = data.split(tob('?'), 1) - if _lscmp(sig[1:], base64.b64encode(hmac.new(tob(key), msg).digest())): + digestmod = digestmod or hashlib.sha256 + hashed = hmac.new(tob(key), msg, digestmod=digestmod).digest() + if _lscmp(sig[1:], base64.b64encode(hashed)): return pickle.loads(base64.b64decode(msg)) return None def cookie_is_encoded(data): """ Return True if the argument looks like a encoded cookie.""" + depr(0, 13, "cookie_is_encoded() will be removed soon.", + "Do not use this API directly.") return bool(data.startswith(tob('!')) and tob('?') in data) @@ -2841,6 +3213,9 @@ url = make_default_app_wrapper('get_url') # Server Adapter ############################################################### ############################################################################### +# Before you edit or add a server adapter, please read: +# - https://github.com/bottlepy/bottle/pull/647#issuecomment-60152870 +# - https://github.com/bottlepy/bottle/pull/865#issuecomment-242795341 class ServerAdapter(object): quiet = False @@ -2854,8 +3229,8 @@ class ServerAdapter(object): pass def __repr__(self): - args = ', '.join(['%s=%s' % (k, repr(v)) - for k, v in self.options.items()]) + args = ', '.join('%s=%s' % (k, repr(v)) + for k, v in self.options.items()) return "%s(%s)" % (self.__class__.__name__, args) @@ -2914,7 +3289,11 @@ class WSGIRefServer(ServerAdapter): class CherryPyServer(ServerAdapter): def run(self, handler): # pragma: no cover - from cherrypy import wsgiserver + depr(0, 13, "The wsgi server part of cherrypy was split into a new " + "project called 'cheroot'.", "Use the 'cheroot' server " + "adapter instead of cherrypy.") + from cherrypy import wsgiserver # This will fail for CherryPy >= 9 + self.options['bind_addr'] = (self.host, self.port) self.options['wsgi_app'] = handler @@ -2937,10 +3316,29 @@ class CherryPyServer(ServerAdapter): server.stop() +class CherootServer(ServerAdapter): + def run(self, handler): # pragma: no cover + from cheroot import wsgi + from cheroot.ssl import builtin + self.options['bind_addr'] = (self.host, self.port) + self.options['wsgi_app'] = handler + certfile = self.options.pop('certfile', None) + keyfile = self.options.pop('keyfile', None) + chainfile = self.options.pop('chainfile', None) + server = wsgi.Server(**self.options) + if certfile and keyfile: + server.ssl_adapter = builtin.BuiltinSSLAdapter( + certfile, keyfile, chainfile) + try: + server.start() + finally: + server.stop() + + class WaitressServer(ServerAdapter): def run(self, handler): from waitress import serve - serve(handler, host=self.host, port=self.port, _quiet=self.quiet) + serve(handler, host=self.host, port=self.port, _quiet=self.quiet, **self.options) class PasteServer(ServerAdapter): @@ -2964,6 +3362,7 @@ class FapwsServer(ServerAdapter): """ Extremely fast webserver using libev. See http://www.fapws.org/ """ def run(self, handler): # pragma: no cover + depr(0, 13, "fapws3 is not maintained and support will be dropped.") import fapws._evwsgi as evwsgi from fapws import base, config port = self.port @@ -2973,8 +3372,8 @@ class FapwsServer(ServerAdapter): evwsgi.start(self.host, port) # fapws3 never releases the GIL. Complain upstream. I tried. No luck. if 'BOTTLE_CHILD' in os.environ and not self.quiet: - _stderr("WARNING: Auto-reloading does not work with Fapws3.\n") - _stderr(" (Fapws3 breaks python thread support)\n") + _stderr("WARNING: Auto-reloading does not work with Fapws3.") + _stderr(" (Fapws3 breaks python thread support)") evwsgi.set_base_module(base) def app(environ, start_response): @@ -3001,6 +3400,8 @@ class AppEngineServer(ServerAdapter): quiet = True def run(self, handler): + depr(0, 13, "AppEngineServer no longer required", + "Configure your application directly in your app.yaml") from google.appengine.ext.webapp import util # A main() function in the handler script enables 'App Caching'. # Lets makes sure it is there. This _really_ improves performance. @@ -3030,6 +3431,7 @@ class DieselServer(ServerAdapter): """ Untested. """ def run(self, handler): + depr(0, 13, "Diesel is not tested or supported and will be removed.") from diesel.protocols.wsgi import WSGIApplication app = WSGIApplication(handler, port=self.port) app.run() @@ -3038,45 +3440,41 @@ class DieselServer(ServerAdapter): class GeventServer(ServerAdapter): """ Untested. Options: - * `fast` (default: False) uses libevent's http server, but has some - issues: No streaming, no pipelining, no SSL. * See gevent.wsgi.WSGIServer() documentation for more options. """ def run(self, handler): - from gevent import wsgi, pywsgi, local + from gevent import pywsgi, local if not isinstance(threading.local(), local.local): msg = "Bottle requires gevent.monkey.patch_all() (before import)" raise RuntimeError(msg) - if not self.options.pop('fast', None): wsgi = pywsgi - self.options['log'] = None if self.quiet else 'default' + if self.quiet: + self.options['log'] = None address = (self.host, self.port) - server = wsgi.WSGIServer(address, handler, **self.options) + server = pywsgi.WSGIServer(address, handler, **self.options) if 'BOTTLE_CHILD' in os.environ: import signal signal.signal(signal.SIGINT, lambda s, f: server.stop()) server.serve_forever() -class GeventSocketIOServer(ServerAdapter): - def run(self, handler): - from socketio import server - address = (self.host, self.port) - server.SocketIOServer(address, handler, **self.options).serve_forever() - - class GunicornServer(ServerAdapter): """ Untested. See http://gunicorn.org/configure.html for options. """ def run(self, handler): - from gunicorn.app.base import Application + from gunicorn.app.base import BaseApplication + + if self.host.startswith("unix:"): + config = {'bind': self.host} + else: + config = {'bind': "%s:%d" % (self.host, self.port)} - config = {'bind': "%s:%d" % (self.host, int(self.port))} config.update(self.options) - class GunicornApplication(Application): - def init(self, parser, opts, args): - return config + class GunicornApplication(BaseApplication): + def load_config(self): + for key, value in config.items(): + self.cfg.set(key, value) def load(self): return handler @@ -3114,57 +3512,53 @@ class EventletServer(ServerAdapter): wsgi.server(listen(address), handler) -class RocketServer(ServerAdapter): - """ Untested. """ - - def run(self, handler): - from rocket import Rocket - server = Rocket((self.host, self.port), 'wsgi', {'wsgi_app': handler}) - server.start() - - class BjoernServer(ServerAdapter): """ Fast server written in C: https://github.com/jonashaag/bjoern """ def run(self, handler): from bjoern import run - run(handler, self.host, self.port) + run(handler, self.host, self.port, reuse_port=True) +class AsyncioServerAdapter(ServerAdapter): + """ Extend ServerAdapter for adding custom event loop """ + def get_event_loop(self): + pass -class AiohttpServer(ServerAdapter): - """ Untested. - aiohttp +class AiohttpServer(AsyncioServerAdapter): + """ Asynchronous HTTP client/server framework for asyncio https://pypi.python.org/pypi/aiohttp/ + https://pypi.org/project/aiohttp-wsgi/ """ + def get_event_loop(self): + import asyncio + return asyncio.new_event_loop() + def run(self, handler): import asyncio - from aiohttp.wsgi import WSGIServerHttpProtocol - self.loop = asyncio.new_event_loop() + from aiohttp_wsgi.wsgi import serve + self.loop = self.get_event_loop() asyncio.set_event_loop(self.loop) - protocol_factory = lambda: WSGIServerHttpProtocol( - handler, - readpayload=True, - debug=(not self.quiet)) - self.loop.run_until_complete(self.loop.create_server(protocol_factory, - self.host, - self.port)) - if 'BOTTLE_CHILD' in os.environ: import signal signal.signal(signal.SIGINT, lambda s, f: self.loop.stop()) - try: - self.loop.run_forever() - except KeyboardInterrupt: - self.loop.stop() + serve(handler, host=self.host, port=self.port) +class AiohttpUVLoopServer(AiohttpServer): + """uvloop + https://github.com/MagicStack/uvloop + """ + def get_event_loop(self): + import uvloop + return uvloop.new_event_loop() + class AutoServer(ServerAdapter): """ Untested. """ adapters = [WaitressServer, PasteServer, TwistedServer, CherryPyServer, - WSGIRefServer] + CherootServer, WSGIRefServer] def run(self, handler): for sa in self.adapters: @@ -3180,6 +3574,7 @@ server_names = { 'wsgiref': WSGIRefServer, 'waitress': WaitressServer, 'cherrypy': CherryPyServer, + 'cheroot': CherootServer, 'paste': PasteServer, 'fapws3': FapwsServer, 'tornado': TornadoServer, @@ -3190,10 +3585,9 @@ server_names = { 'gunicorn': GunicornServer, 'eventlet': EventletServer, 'gevent': GeventServer, - 'geventSocketIO': GeventSocketIOServer, - 'rocket': RocketServer, 'bjoern': BjoernServer, 'aiohttp': AiohttpServer, + 'uvloop': AiohttpUVLoopServer, 'auto': AutoServer, } @@ -3269,22 +3663,26 @@ def run(app=None, if NORUN: return if reloader and not os.environ.get('BOTTLE_CHILD'): import subprocess - lockfile = None + fd, lockfile = tempfile.mkstemp(prefix='bottle.', suffix='.lock') + environ = os.environ.copy() + environ['BOTTLE_CHILD'] = 'true' + environ['BOTTLE_LOCKFILE'] = lockfile + args = [sys.executable] + sys.argv + # If a package was loaded with `python -m`, then `sys.argv` needs to be + # restored to the original value, or imports might break. See #1336 + if getattr(sys.modules.get('__main__'), '__package__', None): + args[1:1] = ["-m", sys.modules['__main__'].__package__] + try: - fd, lockfile = tempfile.mkstemp(prefix='bottle.', suffix='.lock') - os.close(fd) # We only need this file to exist. We never write to it + os.close(fd) # We never write to this file while os.path.exists(lockfile): - args = [sys.executable] + sys.argv - environ = os.environ.copy() - environ['BOTTLE_CHILD'] = 'true' - environ['BOTTLE_LOCKFILE'] = lockfile p = subprocess.Popen(args, env=environ) - while p.poll() is None: # Busy wait... - os.utime(lockfile, None) # I am alive! + while p.poll() is None: + os.utime(lockfile, None) # Tell child we are still alive time.sleep(interval) - if p.poll() != 3: - if os.path.exists(lockfile): os.unlink(lockfile) - sys.exit(p.poll()) + if p.returncode == 3: # Child wants to be restarted + continue + sys.exit(p.returncode) except KeyboardInterrupt: pass finally: @@ -3319,11 +3717,14 @@ def run(app=None, server.quiet = server.quiet or quiet if not server.quiet: - _stderr("Bottle v%s server starting up (using %s)...\n" % + _stderr("Bottle v%s server starting up (using %s)..." % (__version__, repr(server))) - _stderr("Listening on http://%s:%d/\n" % - (server.host, server.port)) - _stderr("Hit Ctrl-C to quit.\n\n") + if server.host.startswith("unix:"): + _stderr("Listening on %s" % server.host) + else: + _stderr("Listening on http://%s:%d/" % + (server.host, server.port)) + _stderr("Hit Ctrl-C to quit.\n") if reloader: lockfile = os.environ.get('BOTTLE_LOCKFILE') @@ -3348,7 +3749,7 @@ def run(app=None, class FileCheckerThread(threading.Thread): """ Interrupt main-thread as soon as a changed module file is detected, - the lockfile gets deleted or gets to old. """ + the lockfile gets deleted or gets too old. """ def __init__(self, lockfile, interval): threading.Thread.__init__(self) @@ -3363,7 +3764,7 @@ class FileCheckerThread(threading.Thread): files = dict() for module in list(sys.modules.values()): - path = getattr(module, '__file__', '') + path = getattr(module, '__file__', '') or '' if path[-4:] in ('.pyo', '.pyc'): path = path[:-1] if path and exists(path): files[path] = mtime(path) @@ -3392,9 +3793,8 @@ class FileCheckerThread(threading.Thread): ############################################################################### -class TemplateError(HTTPError): - def __init__(self, message): - HTTPError.__init__(self, 500, message) +class TemplateError(BottleException): + pass class BaseTemplate(object): @@ -3438,13 +3838,11 @@ class BaseTemplate(object): """ Search name in all directories specified in lookup. First without, then with common extensions. Return first hit. """ if not lookup: - depr('The template lookup path list should not be empty.', - True) #0.12 - lookup = ['.'] + raise depr(0, 12, "Empty template lookup path.", "Configure a template lookup path.") - if os.path.isabs(name) and os.path.isfile(name): - depr('Absolute template path names are deprecated.', True) #0.12 - return os.path.abspath(name) + if os.path.isabs(name): + raise depr(0, 12, "Use of absolute path for template name.", + "Refer to templates with names or paths relative to the lookup path.") for spath in lookup: spath = os.path.abspath(spath) + os.sep @@ -3534,7 +3932,7 @@ class Jinja2Template(BaseTemplate): if self.source: self.tpl = self.env.from_string(self.source) else: - self.tpl = self.env.get_template(self.filename) + self.tpl = self.env.get_template(self.name) def render(self, *args, **kwargs): for dictarg in args: @@ -3544,10 +3942,13 @@ class Jinja2Template(BaseTemplate): return self.tpl.render(**_defaults) def loader(self, name): - fname = self.search(name, self.lookup) + if name == self.filename: + fname = name + else: + fname = self.search(name, self.lookup) if not fname: return with open(fname, "rb") as f: - return f.read().decode(self.encoding) + return (f.read().decode(self.encoding), fname, lambda: False) class SimpleTemplate(BaseTemplate): @@ -3576,8 +3977,7 @@ class SimpleTemplate(BaseTemplate): try: source, encoding = touni(source), 'utf8' except UnicodeError: - depr('Template encodings other than utf8 are not supported.') #0.11 - source, encoding = touni(source, 'latin1'), 'latin1' + raise depr(0, 11, 'Unsupported template encodings.', 'Use utf-8 for templates.') parser = StplParser(source, encoding=encoding, syntax=self.syntax) code = parser.translate() self.encoding = parser.encoding @@ -3590,7 +3990,7 @@ class SimpleTemplate(BaseTemplate): env = _env.copy() env.update(kwargs) if _name not in self.cache: - self.cache[_name] = self.__class__(name=_name, lookup=self.lookup) + self.cache[_name] = self.__class__(name=_name, lookup=self.lookup, syntax=self.syntax) return self.cache[_name].execute(env['_stdout'], env) def execute(self, _stdout, kwargs): @@ -3608,7 +4008,7 @@ class SimpleTemplate(BaseTemplate): 'setdefault': env.setdefault, 'defined': env.__contains__ }) - eval(self.co, env) + exec(self.co, env) if env.get('_rebase'): subtpl, rargs = env.pop('_rebase') rargs['base'] = ''.join(_stdout) #copy stdout @@ -3628,7 +4028,6 @@ class SimpleTemplate(BaseTemplate): class StplSyntaxError(TemplateError): - pass @@ -3639,7 +4038,7 @@ class StplParser(object): # This huge pile of voodoo magic splits python code into 8 different tokens. # We use the verbose (?x) regex mode to make this more manageable - _re_tok = _re_inl = r'''((?mx) # verbose and dot-matches-newline mode + _re_tok = r'''( [urbURB]* (?: ''(?!') |""(?!") @@ -3679,7 +4078,13 @@ class StplParser(object): # Match the start tokens of code areas in a template _re_split = r'''(?m)^[ \t]*(\\?)((%(line_start)s)|(%(block_start)s))''' # Match inline statements (may contain python strings) - _re_inl = r'''%%(inline_start)s((?:%s|[^'"\n]+?)*?)%%(inline_end)s''' % _re_inl + _re_inl = r'''%%(inline_start)s((?:%s|[^'"\n])*?)%%(inline_end)s''' % _re_inl + + # add the flag in front of the regexp to avoid Deprecation warning (see Issue #949) + # verbose and dot-matches-newline mode + _re_tok = '(?mx)' + _re_tok + _re_inl = '(?mx)' + _re_inl + default_syntax = '<% %> % {{ }}' @@ -3698,7 +4103,7 @@ class StplParser(object): def set_syntax(self, syntax): self._syntax = syntax self._tokens = syntax.split() - if not syntax in self._re_cache: + if syntax not in self._re_cache: names = 'block_start block_close line_start inline_start inline_end' etokens = map(re.escape, self._tokens) pattern_vars = dict(zip(names.split(), etokens)) @@ -3764,15 +4169,18 @@ class StplParser(object): self.paren_depth -= 1 code_line += _pc elif _blk1: # Start-block keyword (if/for/while/def/try/...) - code_line, self.indent_mod = _blk1, -1 + code_line = _blk1 self.indent += 1 + self.indent_mod -= 1 elif _blk2: # Continue-block keyword (else/elif/except/...) - code_line, self.indent_mod = _blk2, -1 - elif _end: # The non-standard 'end'-keyword (ends a block) - self.indent -= 1 + code_line = _blk2 + self.indent_mod -= 1 elif _cend: # The end-code-block template token (usually '%>') if multiline: multiline = False else: code_line += _cend + elif _end: + self.indent -= 1 + self.indent_mod += 1 else: # \n self.write_code(code_line.strip(), comment) self.lineno += 1 @@ -3822,6 +4230,8 @@ def template(*args, **kwargs): or directly (as keyword arguments). """ tpl = args[0] if args else None + for dictarg in args[1:]: + kwargs.update(dictarg) adapter = kwargs.pop('template_adapter', SimpleTemplate) lookup = kwargs.pop('template_lookup', TEMPLATE_PATH) tplid = (id(lookup), tpl) @@ -3836,8 +4246,6 @@ def template(*args, **kwargs): TEMPLATES[tplid] = adapter(name=tpl, lookup=lookup, **settings) if not TEMPLATES[tplid]: abort(500, 'Template (%s) not found' % tpl) - for dictarg in args[1:]: - kwargs.update(dictarg) return TEMPLATES[tplid].render(kwargs) @@ -3895,6 +4303,7 @@ HTTP_CODES[418] = "I'm a teapot" # RFC 2324 HTTP_CODES[428] = "Precondition Required" HTTP_CODES[429] = "Too Many Requests" HTTP_CODES[431] = "Request Header Fields Too Large" +HTTP_CODES[451] = "Unavailable For Legal Reasons" # RFC 7725 HTTP_CODES[511] = "Network Authentication Required" _HTTP_STATUS_LINES = dict((k, '%d %s' % (k, v)) for (k, v) in HTTP_CODES.items()) @@ -3921,7 +4330,12 @@ ERROR_PAGE_TEMPLATE = """ 
{{e.body}}
%%if DEBUG and e.exception:

Exception:

- 
{{repr(e.exception)}}
+ %%try: + %%exc = repr(e.exception) + %%except: + %%exc = '' %% type(e.exception).__name__ + %%end + 
{{exc}}
%%end %%if DEBUG and e.traceback:

Traceback:

@@ -3947,10 +4361,9 @@ response = LocalResponse() #: A thread-safe namespace. Not used by Bottle. local = threading.local() -# Initialize app stack (create first empty Bottle app) +# Initialize app stack (create first empty Bottle app now deferred until needed) # BC: 0.6.4 and needed for run() -app = default_app = AppStack() -app.push() +apps = app = default_app = AppStack() #: A virtual package that redirects import statements. #: Example: ``import bottle.ext.sqlite`` actually imports `bottle_sqlite`. @@ -3958,58 +4371,59 @@ ext = _ImportRedirect('bottle.ext' if __name__ == '__main__' else __name__ + ".ext", 'bottle_%s').module +def _main(argv): # pragma: no coverage + args, parser = _cli_parse(argv) -if __name__ == '__main__': - opt, args, parser = _cli_parse(sys.argv) - - def _cli_error(msg): + def _cli_error(cli_msg): parser.print_help() - _stderr('\nError: %s\n' % msg) + _stderr('\nError: %s\n' % cli_msg) sys.exit(1) - if opt.version: - _stdout('Bottle %s\n' % __version__) + if args.version: + print('Bottle %s' % __version__) sys.exit(0) - if not args: + if not args.app: _cli_error("No application entry point specified.") sys.path.insert(0, '.') sys.modules.setdefault('bottle', sys.modules['__main__']) - host, port = (opt.bind or 'localhost'), 8080 + host, port = (args.bind or 'localhost'), 8080 if ':' in host and host.rfind(']') < host.rfind(':'): host, port = host.rsplit(':', 1) host = host.strip('[]') config = ConfigDict() - for cfile in opt.conf or []: + for cfile in args.conf or []: try: if cfile.endswith('.json'): with open(cfile, 'rb') as fp: config.load_dict(json_loads(fp.read())) else: config.load_config(cfile) - except ConfigParserError: - _cli_error(str(_e())) + except configparser.Error as parse_error: + _cli_error(parse_error) except IOError: _cli_error("Unable to read config file %r" % cfile) - except (UnicodeError, TypeError, ValueError): - _cli_error("Unable to parse config file %r: %s" % (cfile, _e())) + except (UnicodeError, TypeError, ValueError) as error: + _cli_error("Unable to parse config file %r: %s" % (cfile, error)) - for cval in opt.param or []: + for cval in args.param or []: if '=' in cval: config.update((cval.split('=', 1),)) else: config[cval] = True - run(args[0], + run(args.app, host=host, port=int(port), - server=opt.server, - reloader=opt.reload, - plugins=opt.plugin, - debug=opt.debug, + server=args.server, + reloader=args.reload, + plugins=args.plugin, + debug=args.debug, config=config) -# THE END + +if __name__ == '__main__': # pragma: no coverage + _main(sys.argv) From 5fae5c3787863e8ac1f59ad38195d909fef36277 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Sep 2021 20:27:45 +0200 Subject: [PATCH 48/92] Minor improvement of sqlmapapi client --- lib/core/settings.py | 2 +- lib/utils/api.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 089634b68..d0056df47 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.2" +VERSION = "1.5.9.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index c16aa72be..18930eedf 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -23,6 +23,7 @@ from lib.core.common import dataToStdout from lib.core.common import getSafeExString from lib.core.common import openFile from lib.core.common import saveConfig +from lib.core.common import setColor from lib.core.common import unArrayizeValue from lib.core.compat import xrange from lib.core.convert import decodeBase64 @@ -778,6 +779,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non return commands = ("help", "new", "use", "data", "log", "status", "option", "stop", "kill", "list", "flush", "version", "exit", "bye", "quit") + colors = ('red', 'green', 'yellow', 'blue', 'magenta', 'cyan', 'lightgrey', 'lightred', 'lightgreen', 'lightyellow', 'lightblue', 'lightmagenta', 'lightcyan') autoCompletion(AUTOCOMPLETE_TYPE.API, commands=commands) taskid = None @@ -785,7 +787,8 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non while True: try: - command = _input("api%s> " % (" (%s)" % taskid if taskid else "")).strip() + color = colors[int(taskid or "0", 16) % len(colors)] + command = _input("api%s> " % (" (%s)" % setColor(taskid, color) if taskid else "")).strip() command = re.sub(r"\A(\w+)", lambda match: match.group(1).lower(), command) except (EOFError, KeyboardInterrupt): print() From 8f84b740dad7355aecd16e2ee4779c0dd98d05ac Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Sep 2021 20:47:32 +0200 Subject: [PATCH 49/92] Minor update --- data/txt/common-files.txt | 14 +++++++++++--- data/txt/common-outputs.txt | 15 +++++++++++++++ lib/core/settings.py | 2 +- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/data/txt/common-files.txt b/data/txt/common-files.txt index 859b81806..c8804441b 100644 --- a/data/txt/common-files.txt +++ b/data/txt/common-files.txt @@ -1,6 +1,12 @@ # Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) # See the file 'LICENSE' for copying permission +# CTFs + +/flag +/flag.txt +/readflag + # Reference: https://gist.github.com/sckalath/78ad449346171d29241a /apache/logs/access.log @@ -1718,6 +1724,7 @@ /etc/php4/apache2/php.ini /etc/php5/apache/php.ini /etc/php5/apache2/php.ini +/etc/php/7.4/apache2/php.ini /etc/php/php.ini /usr/local/apache/conf/modsec.conf /var/cpanel/cpanel.config @@ -1793,9 +1800,10 @@ # Misc -/etc/lib/nfs/etab /app/app.js /app/configure.js /app/config/config.json -/flag.txt -/readflag +/etc/grafana/grafana.ini +/opt/kibana/config/kibana.yml +/etc/kibana/kibana.yml +/etc/elasticsearch/elasticsearch.yml diff --git a/data/txt/common-outputs.txt b/data/txt/common-outputs.txt index 560cd2a0d..a3ea71dac 100644 --- a/data/txt/common-outputs.txt +++ b/data/txt/common-outputs.txt @@ -12,7 +12,9 @@ 5.1. 5.5. 5.6. +5.7. 6.0. +8.0. # PostgreSQL PostgreSQL 7.0 @@ -30,6 +32,13 @@ PostgreSQL 9.0 PostgreSQL 9.1 PostgreSQL 9.2 PostgreSQL 9.3 +PostgreSQL 9.4 +PostgreSQL 9.5 +PostgreSQL 9.6 +PostgreSQL 10. +PostgreSQL 11. +PostgreSQL 12. +PostgreSQL 13. # Oracle Oracle Database 9i Standard Edition Release @@ -49,12 +58,18 @@ Oracle Database 11g Express Edition Release Oracle Database 11g Express Edition Release 11. Oracle Database 11g Enterprise Edition Release Oracle Database 11g Enterprise Edition Release 11. +Oracle Database 12c # Microsoft SQL Server Microsoft SQL Server 7.0 Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2008 +Microsoft SQL Server 2012 +Microsoft SQL Server 2014 +Microsoft SQL Server 2016 +Microsoft SQL Server 2017 +Microsoft SQL Server 2019 [Users] diff --git a/lib/core/settings.py b/lib/core/settings.py index d0056df47..5ab1d0f6e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.3" +VERSION = "1.5.9.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From f322306cb2033a042e4db159376858a03999c4ab Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 15 Sep 2021 11:14:43 +0200 Subject: [PATCH 50/92] Fixes #4803 --- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5ab1d0f6e..978504872 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.4" +VERSION = "1.5.9.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index db895f10c..317990af4 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -764,6 +764,10 @@ class Connect(object): singleTimeWarnMessage(warnMsg) conf.chunked = kwargs["chunked"] = False return Connect.getPage(**kwargs) + elif ex.code == _http_client.REQUEST_URI_TOO_LONG: + warnMsg = "request URI is marked as too long by the target. " + warnMsg += "you are advised to try a switch '--no-cast' and/or '--no-escape'" + singleTimeWarnMessage(warnMsg) elif ex.code == _http_client.NOT_FOUND: if raise404: errMsg = "page not found (%d)" % code From 24e3b6a84e7a5b69f15b957514d247923552c490 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 16 Sep 2021 13:59:42 +0200 Subject: [PATCH 51/92] Fixes #4801 --- lib/core/settings.py | 2 +- lib/core/subprocessng.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 978504872..351025068 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.5" +VERSION = "1.5.9.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index 2a8f46b23..cd8c8113a 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -99,8 +99,8 @@ class Popen(subprocess.Popen): (_, written) = WriteFile(x, input) except ValueError: return self._close('stdin') - except (subprocess.pywintypes.error, Exception) as ex: - if ex.args[0] in (109, errno.ESHUTDOWN): + except Exception as ex: + if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN): return self._close('stdin') raise @@ -120,8 +120,8 @@ class Popen(subprocess.Popen): (_, read) = ReadFile(x, nAvail, None) except (ValueError, NameError): return self._close(which) - except (subprocess.pywintypes.error, Exception) as ex: - if ex.args[0] in (109, errno.ESHUTDOWN): + except Exception as ex: + if getattr(ex, "args", None) and ex.args[0] in (109, errno.ESHUTDOWN): return self._close(which) raise From db2e34f6e06a69ac5b881a80e440059620c8147f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 24 Sep 2021 12:40:07 +0200 Subject: [PATCH 52/92] Minor update --- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 351025068..df9131212 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.6" +VERSION = "1.5.9.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 71a2235b5..9104ae625 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -363,7 +363,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if not timeBasedCompare and getTechniqueData() is not None: unexpectedCode |= threadData.lastCode not in (getTechniqueData().falseCode, getTechniqueData().trueCode) if unexpectedCode: - warnMsg = "unexpected HTTP code '%s' detected. Will use (extra) validation step in similar cases" % threadData.lastCode + if threadData.lastCode is not None: + warnMsg = "unexpected HTTP code '%s' detected." % threadData.lastCode + else: + warnMsg = "unexpected response detected." % threadData.lastCode + + warnMsg += " Will use (extra) validation step in similar cases" + singleTimeWarnMessage(warnMsg) if result: From 79e0fc76029d5b0f20da645a04e681b13160efc8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 26 Sep 2021 01:10:02 +0200 Subject: [PATCH 53/92] Fixes #4824 --- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index df9131212..8d5e96c96 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.7" +VERSION = "1.5.9.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 9104ae625..eba260aa7 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -366,7 +366,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if threadData.lastCode is not None: warnMsg = "unexpected HTTP code '%s' detected." % threadData.lastCode else: - warnMsg = "unexpected response detected." % threadData.lastCode + warnMsg = "unexpected response detected." warnMsg += " Will use (extra) validation step in similar cases" From c24e4a70869d5fc6535263e3be399626b423acea Mon Sep 17 00:00:00 2001 From: tanaydin sirin Date: Tue, 28 Sep 2021 14:25:27 +0200 Subject: [PATCH 54/92] Update README-tr-TR.md (#4832) Small fix for documentation. --- doc/translations/README-tr-TR.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/translations/README-tr-TR.md b/doc/translations/README-tr-TR.md index 485a1fcd9..f2508202a 100644 --- a/doc/translations/README-tr-TR.md +++ b/doc/translations/README-tr-TR.md @@ -37,9 +37,9 @@ Bütün seçenekleri gösterir python sqlmap.py -hh -Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası içinsqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz +Program ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz -Links +Bağlantılar ---- * Anasayfa: https://sqlmap.org From c90b243b50c6f2e1db38f5675c4743d43f3d4453 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 15:15:31 +0200 Subject: [PATCH 55/92] Minor patch --- lib/core/settings.py | 2 +- lib/core/testing.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8d5e96c96..3a1f3f24c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.8" +VERSION = "1.5.9.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 2c05ec11e..12706246c 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -44,7 +44,7 @@ def vulnTest(): ("-u --data='code=1' --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")), (u"-c --flush-session --output-dir=\"\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")), (u"-u --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), - ("-m --flush-session --technique=B --banner", ("URL 3:", "back-end DBMS: SQLite", "banner: '3.")), + ("-m --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")), ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), ("-u '&id2=1' -p id2 -v 5 --flush-session --level=5 --text-only --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'", ("~1AND",)), ("--list-tampers", ("between", "MySQL", "xforwardedfor")), @@ -74,7 +74,7 @@ def vulnTest(): ("-u '&echo=foobar*' --flush-session", ("might be vulnerable to cross-site scripting",)), ("-u '&query=*' --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), ("-d --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), - ("-d --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "[*] 987654321",)), + ("-d --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)), ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")), ) From 7f8e38bacf7d2c20a42e2d56638d0068693f2cd6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 15:22:37 +0200 Subject: [PATCH 56/92] Fixes #4817 --- lib/core/settings.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3a1f3f24c..8a1aa74c1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.9" +VERSION = "1.5.9.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -331,7 +331,7 @@ REFERER_ALIASES = ("ref", "referer", "referrer") HOST_ALIASES = ("host",) # DBMSes with upper case identifiers -UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.MAXDB, DBMS.H2, DBMS.DERBY, DBMS.ALTIBASE)) +UPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.DERBY, DBMS.ALTIBASE)) # Default schemas to use (when unable to enumerate) H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" From 7bb91805db0bb232c3e9bc2232b352004cd6df47 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 15:43:13 +0200 Subject: [PATCH 57/92] Create tests.yml --- .github/workflows/tests.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..1c1c6ea42 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,25 @@ +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.6', 'pypy-3.7' ] + steps: + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Basic import test + run: python -c "import sqlmap; import sqlmapapi" + - name: Smoke test + run: python sqlmap.py --smoke + - name: Vuln test + run: python sqlmap.py --vuln From 72572d2b97ac152b3af5cfc86eac9b594c3b8e08 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 15:43:28 +0200 Subject: [PATCH 58/92] Delete .travis.yml --- .travis.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 158eab760..000000000 --- a/.travis.yml +++ /dev/null @@ -1,19 +0,0 @@ -language: python -jobs: - include: - - python: 2.6 - dist: trusty - - python: 2.7 - dist: trusty - - python: 3.3 - dist: trusty - - python: 3.6 - dist: trusty - - python: nightly - dist: bionic -git: - depth: 1 -script: - - python -c "import sqlmap; import sqlmapapi" - - python sqlmap.py --smoke - - python sqlmap.py --vuln From e6532f3faf135f26fd8f0aaf2a7a9ba047e0977a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 15:54:59 +0200 Subject: [PATCH 59/92] Trying smth out --- lib/core/common.py | 2 ++ lib/core/settings.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index ec82ad733..82de0f3f6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2271,6 +2271,8 @@ def isMultiThreadMode(): Checks if running in multi-thread(ing) mode >>> import time + >>> threading.activeCount() + 1 >>> isMultiThreadMode() False >>> _ = lambda: time.sleep(0.1) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8a1aa74c1..9f113c5c9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.10" +VERSION = "1.5.9.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 1d6d2c1892f91a450b97c41c46c416bc397e0ab1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 16:13:13 +0200 Subject: [PATCH 60/92] Some refactoring (isMultiThreadMode fuzz) --- lib/core/common.py | 21 +----------------- lib/core/dump.py | 3 +-- lib/core/option.py | 1 + lib/core/settings.py | 2 +- lib/core/threads.py | 50 +++++++++++++++++++++++------------------- lib/request/connect.py | 3 +-- 6 files changed, 32 insertions(+), 48 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 82de0f3f6..7de61f0ff 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1016,7 +1016,7 @@ def dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=C if not kb.get("threadException"): if forceOutput or not (getCurrentThreadData().disableStdOut or kb.get("wizardMode")): - multiThreadMode = isMultiThreadMode() + multiThreadMode = kb.get("multiThreadMode") if multiThreadMode: logging._acquireLock() @@ -2266,25 +2266,6 @@ def isHexEncodedString(subject): return re.match(r"\A[0-9a-fA-Fx]+\Z", subject) is not None -def isMultiThreadMode(): - """ - Checks if running in multi-thread(ing) mode - - >>> import time - >>> threading.activeCount() - 1 - >>> isMultiThreadMode() - False - >>> _ = lambda: time.sleep(0.1) - >>> thread = threading.Thread(target=_) - >>> thread.daemon = True - >>> thread.start() - >>> isMultiThreadMode() - True - """ - - return threading.activeCount() > 1 - @cachedmethod def getConsoleWidth(default=80): """ diff --git a/lib/core/dump.py b/lib/core/dump.py index 6e02df5b8..d20584450 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -19,7 +19,6 @@ from lib.core.common import dataToStdout from lib.core.common import filterNone from lib.core.common import getSafeExString from lib.core.common import isListLike -from lib.core.common import isMultiThreadMode from lib.core.common import isNoneValue from lib.core.common import normalizeUnicode from lib.core.common import openFile @@ -80,7 +79,7 @@ class Dump(object): elif console: dataToStdout(text) - multiThreadMode = isMultiThreadMode() + multiThreadMode = kb.multiThreadMode if multiThreadMode: self._lock.acquire() diff --git a/lib/core/option.py b/lib/core/option.py index 3b6a1ceab..e23f51347 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2090,6 +2090,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.matchRatio = None kb.maxConnectionsFlag = False kb.mergeCookies = None + kb.multiThreadMode = False kb.multipleCtrlC = False kb.negativeLogic = False kb.nchar = True diff --git a/lib/core/settings.py b/lib/core/settings.py index 9f113c5c9..eae0324c5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.11" +VERSION = "1.5.9.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index e8e4f5cdc..be1f6d622 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -123,31 +123,32 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio kb.threadContinue = True kb.threadException = False kb.technique = ThreadData.technique - - if threadChoice and conf.threads == numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)): - while True: - message = "please enter number of threads? [Enter for %d (current)] " % numThreads - choice = readInput(message, default=str(numThreads)) - if choice: - skipThreadCheck = False - - if choice.endswith('!'): - choice = choice[:-1] - skipThreadCheck = True - - if isDigit(choice): - if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck: - errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS - logger.critical(errMsg) - else: - conf.threads = numThreads = int(choice) - break - - if numThreads == 1: - warnMsg = "running in a single-thread mode. This could take a while" - logger.warn(warnMsg) + kb.multiThreadMode = False try: + if threadChoice and conf.threads == numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)): + while True: + message = "please enter number of threads? [Enter for %d (current)] " % numThreads + choice = readInput(message, default=str(numThreads)) + if choice: + skipThreadCheck = False + + if choice.endswith('!'): + choice = choice[:-1] + skipThreadCheck = True + + if isDigit(choice): + if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck: + errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS + logger.critical(errMsg) + else: + conf.threads = numThreads = int(choice) + break + + if numThreads == 1: + warnMsg = "running in a single-thread mode. This could take a while" + logger.warn(warnMsg) + if numThreads > 1: if startThreadMsg: infoMsg = "starting %d threads" % numThreads @@ -156,6 +157,8 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio threadFunction() return + kb.multiThreadMode = True + # Start the threads for numThread in xrange(numThreads): thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[threadFunction]) @@ -225,6 +228,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio traceback.print_exc() finally: + kb.multiThreadMode = False kb.threadContinue = True kb.threadException = False kb.technique = None diff --git a/lib/request/connect.py b/lib/request/connect.py index 317990af4..f88be5783 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -43,7 +43,6 @@ from lib.core.common import getHeader from lib.core.common import getHostHeader from lib.core.common import getRequestHeader from lib.core.common import getSafeExString -from lib.core.common import isMultiThreadMode from lib.core.common import logHTTPTraffic from lib.core.common import openFile from lib.core.common import popValue @@ -884,7 +883,7 @@ class Connect(object): else: logger.debug(warnMsg) return Connect._retryProxy(**kwargs) - elif kb.testMode or isMultiThreadMode(): + elif kb.testMode or kb.multiThreadMode: logger.critical(warnMsg) return None, None, None else: From a9f998273c27a694de37afebfa1500568ff9ceea Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 16:33:52 +0200 Subject: [PATCH 61/92] Fine-tuning for Github Actions --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- lib/core/testing.py | 3 ++- lib/parse/cmdline.py | 3 +++ 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index e23f51347..944b11372 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -416,7 +416,7 @@ def _doSearch(): conf.googlePage += 1 def _setStdinPipeTargets(): - if isinstance(conf.stdinPipe, _collections.Iterable): + if isinstance(conf.stdinPipe, _collections.Iterable) and not conf.testing: infoMsg = "using 'STDIN' for parsing targets list" logger.info(infoMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index eae0324c5..955313237 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.12" +VERSION = "1.5.9.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 12706246c..be60eb099 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -143,7 +143,7 @@ def vulnTest(): for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): options = options.replace(tag, value) - cmd = "%s \"%s\" %s --batch --non-interactive --debug" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) + cmd = "%s \"%s\" %s --batch --non-interactive --testing --debug" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) if "" in cmd: handle, tmp = tempfile.mkstemp() @@ -153,6 +153,7 @@ def vulnTest(): if "" in cmd: cmd = re.sub(r"\s*", "", cmd) cmd = "echo %s | %s" % (url, cmd) + cmd = cmd.replace("--testing ", "") output = shellExec(cmd) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 5dacb84b5..eb55d21bc 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -815,6 +815,9 @@ def cmdLineParser(argv=None): parser.add_argument("--non-interactive", dest="nonInteractive", action="store_true", help=SUPPRESS) + parser.add_argument("--testing", dest="testing", action="store_true", + help=SUPPRESS) + parser.add_argument("--gui", dest="gui", action="store_true", help=SUPPRESS) From 94706bd7fc78fc8f1261098ed041a9645842b702 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 16:41:58 +0200 Subject: [PATCH 62/92] More fine-tuning for Github Actions --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 944b11372..e23f51347 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -416,7 +416,7 @@ def _doSearch(): conf.googlePage += 1 def _setStdinPipeTargets(): - if isinstance(conf.stdinPipe, _collections.Iterable) and not conf.testing: + if isinstance(conf.stdinPipe, _collections.Iterable): infoMsg = "using 'STDIN' for parsing targets list" logger.info(infoMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 955313237..3afcc4813 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.13" +VERSION = "1.5.9.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index eb55d21bc..299b44d86 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1063,7 +1063,7 @@ def cmdLineParser(argv=None): if args.dummy: args.url = args.url or DUMMY_URL - if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv: + if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv and "--testing" not in sys.argv: args.stdinPipe = iter(sys.stdin.readline, None) else: args.stdinPipe = None From 353a6251dd11ea20739976e5ee28f3cbe7e496a8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 17:00:24 +0200 Subject: [PATCH 63/92] Adding faketty for Github Actions --- .github/workflows/tests.yml | 2 ++ lib/core/settings.py | 2 +- lib/core/testing.py | 3 +-- lib/parse/cmdline.py | 5 +---- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1c1c6ea42..f8fa2add2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,6 +13,8 @@ jobs: python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.6', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 + - name: faketty + uses: Yuri6037/Action-FakeTTY@v1.1 - name: Set up Python uses: actions/setup-python@v2 with: diff --git a/lib/core/settings.py b/lib/core/settings.py index 3afcc4813..6c7a4cf64 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.14" +VERSION = "1.5.9.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index be60eb099..12706246c 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -143,7 +143,7 @@ def vulnTest(): for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): options = options.replace(tag, value) - cmd = "%s \"%s\" %s --batch --non-interactive --testing --debug" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) + cmd = "%s \"%s\" %s --batch --non-interactive --debug" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) if "" in cmd: handle, tmp = tempfile.mkstemp() @@ -153,7 +153,6 @@ def vulnTest(): if "" in cmd: cmd = re.sub(r"\s*", "", cmd) cmd = "echo %s | %s" % (url, cmd) - cmd = cmd.replace("--testing ", "") output = shellExec(cmd) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 299b44d86..5dacb84b5 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -815,9 +815,6 @@ def cmdLineParser(argv=None): parser.add_argument("--non-interactive", dest="nonInteractive", action="store_true", help=SUPPRESS) - parser.add_argument("--testing", dest="testing", action="store_true", - help=SUPPRESS) - parser.add_argument("--gui", dest="gui", action="store_true", help=SUPPRESS) @@ -1063,7 +1060,7 @@ def cmdLineParser(argv=None): if args.dummy: args.url = args.url or DUMMY_URL - if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv and "--testing" not in sys.argv: + if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv: args.stdinPipe = iter(sys.stdin.readline, None) else: args.stdinPipe = None From cfa5042358b68da1e0b993180c9c3bfaebac3284 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 17:09:23 +0200 Subject: [PATCH 64/92] Still fighting with Github Actions --- .github/workflows/tests.yml | 2 -- lib/core/settings.py | 2 +- lib/core/testing.py | 5 ----- lib/parse/cmdline.py | 2 +- 4 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f8fa2add2..1c1c6ea42 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,8 +13,6 @@ jobs: python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.6', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 - - name: faketty - uses: Yuri6037/Action-FakeTTY@v1.1 - name: Set up Python uses: actions/setup-python@v2 with: diff --git a/lib/core/settings.py b/lib/core/settings.py index 6c7a4cf64..9f04ce98e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.15" +VERSION = "1.5.9.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 12706246c..36881a9b8 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -50,7 +50,6 @@ def vulnTest(): ("--list-tampers", ("between", "MySQL", "xforwardedfor")), ("-r --flush-session -v 5 --test-skip='heavy' --save=", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")), ("-c ", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")), - (" -r -l --flush-session --banner --technique=B", ("banner: '3.", "STDIN")), ("-l --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")), ("-l --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")), ("-u --flush-session --data='id=1&_=Eewef6oh' --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), @@ -150,10 +149,6 @@ def vulnTest(): os.close(handle) cmd = cmd.replace("", tmp) - if "" in cmd: - cmd = re.sub(r"\s*", "", cmd) - cmd = "echo %s | %s" % (url, cmd) - output = shellExec(cmd) if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks) or "unhandled exception" in output: diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 5dacb84b5..91d889a09 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1060,7 +1060,7 @@ def cmdLineParser(argv=None): if args.dummy: args.url = args.url or DUMMY_URL - if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv: + if hasattr(sys.stdin, "fileno") and not os.isatty(sys.stdin.fileno()) and '-' not in sys.argv and "GITHUB_ACTIONS" not in os.environ: args.stdinPipe = iter(sys.stdin.readline, None) else: args.stdinPipe = None From 564c5a24944f36bb52ee4075d758ca44439f21ba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 17:23:38 +0200 Subject: [PATCH 65/92] Removing --fuzz-test --- lib/core/settings.py | 2 +- lib/core/testing.py | 65 -------------------------------------------- lib/parse/cmdline.py | 5 +--- sqlmap.py | 3 -- 4 files changed, 2 insertions(+), 73 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9f04ce98e..24fe6d429 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.16" +VERSION = "1.5.9.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 36881a9b8..5a5375b30 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -166,71 +166,6 @@ def vulnTest(): return retVal -def fuzzTest(): - count = 0 - address, port = "127.0.0.10", random.randint(1025, 65535) - - def _thread(): - vulnserver.init(quiet=True) - vulnserver.run(address=address, port=port) - - thread = threading.Thread(target=_thread) - thread.daemon = True - thread.start() - - while True: - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - try: - s.connect((address, port)) - break - except: - time.sleep(1) - - handle, config = tempfile.mkstemp(suffix=".conf") - os.close(handle) - - url = "http://%s:%d/?id=1" % (address, port) - - content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url) - open(config, "w+").write(content) - - while True: - lines = content.split("\n") - - for i in xrange(20): - j = random.randint(0, len(lines) - 1) - - if any(_ in lines[j] for _ in ("googleDork",)): - continue - - if re.search(r"= (True|False)", lines[j]): - lines[j] = lines[j].replace(" = False", " = True") - continue - - if lines[j].strip().endswith('='): - lines[j] += random.sample(("True", "False", randomStr(), str(randomInt())), 1)[0] - - k = random.randint(0, len(lines) - 1) - if '=' in lines[k] and not re.search(r"= (True|False)", lines[k]): - lines[k] += chr(random.randint(0, 255)) - - open(config, "w+").write("\n".join(lines)) - - cmd = "%s %s -c %s --non-interactive --answers='Github=n' --flush-session --technique=%s --banner" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), config, random.sample("BEUQ", 1)[0]) - output = shellExec(cmd) - - if "Traceback" in output: - dataToStdout("---\n\n$ %s\n" % cmd) - dataToStdout("%s---\n" % output, coloring=False) - - handle, config = tempfile.mkstemp(prefix="sqlmapcrash", suffix=".conf") - os.close(handle) - open(config, "w+").write("\n".join(lines)) - else: - dataToStdout("\r%d\r" % count) - - count += 1 - def smokeTest(): """ Runs the basic smoke testing of a program diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 91d889a09..39cf89ed8 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -824,9 +824,6 @@ def cmdLineParser(argv=None): parser.add_argument("--vuln-test", dest="vulnTest", action="store_true", help=SUPPRESS) - parser.add_argument("--fuzz-test", dest="fuzzTest", action="store_true", - help=SUPPRESS) - # API options parser.add_argument("--api", dest="api", action="store_true", help=SUPPRESS) @@ -1065,7 +1062,7 @@ def cmdLineParser(argv=None): else: args.stdinPipe = None - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.fuzzTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). " errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg) diff --git a/sqlmap.py b/sqlmap.py index 1e6d4ec37..daff96616 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -175,9 +175,6 @@ def main(): elif conf.vulnTest: from lib.core.testing import vulnTest os._exitcode = 1 - (vulnTest() or 0) - elif conf.fuzzTest: - from lib.core.testing import fuzzTest - fuzzTest() else: from lib.controller.controller import start if conf.profile: From 95e0b368f2621b6cd2288dbe6c3546c9a56bf2a9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 17:26:38 +0200 Subject: [PATCH 66/92] Fixing a MacOS problem with --vuln --- lib/core/settings.py | 2 +- lib/core/testing.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 24fe6d429..638f2c779 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.17" +VERSION = "1.5.9.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 5a5375b30..111ee24c7 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -79,7 +79,7 @@ def vulnTest(): retVal = True count = 0 - address, port = "127.0.0.10", random.randint(1025, 65535) + address, port = "127.0.0.1", random.randint(1025, 65535) def _thread(): vulnserver.init(quiet=True) From 3d01a9106ebcbe88c785cc23645df11d11e6d8e8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 17:46:32 +0200 Subject: [PATCH 67/92] Fixing pypy bug with multiple targets and SQLite cursor --- lib/core/settings.py | 2 +- lib/core/target.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 638f2c779..dc78b8fde 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.18" +VERSION = "1.5.9.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index a160815a7..cb695ae78 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -73,6 +73,7 @@ from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.settings import USER_AGENT_ALIASES from lib.core.settings import XML_RECOGNITION_REGEX +from lib.core.threads import getCurrentThreadData from lib.utils.hashdb import HashDB from thirdparty import six from thirdparty.odict import OrderedDict @@ -708,6 +709,9 @@ def initTargetEnv(): if conf.cj: resetCookieJar(conf.cj) + threadData = getCurrentThreadData() + threadData.reset() + conf.paramDict = {} conf.parameters = {} conf.hashDBFile = None From 95b69d2c61bcd14967fe9ab81055b5bda040732b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 18:09:59 +0200 Subject: [PATCH 68/92] Minor patch for Python drei --- extra/vulnserver/vulnserver.py | 1 + lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index e2b51526c..16917d25b 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -110,6 +110,7 @@ class ReqHandler(BaseHTTPRequestHandler): elif self.data.startswith('<') and self.data.endswith('>'): params.update(dict((_[0], _[1].replace("'", "'").replace(""", '"').replace("<", '<').replace(">", '>').replace("&", '&')) for _ in re.findall(r'name="([^"]+)" value="([^"]*)"', self.data))) else: + self.data = self.data.replace(';', '&') # Note: seems that Python3 started ignoring parameter splitting with ';' params.update(parse_qs(self.data)) for name in self.headers: diff --git a/lib/core/settings.py b/lib/core/settings.py index dc78b8fde..b9b5bf7d7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.19" +VERSION = "1.5.9.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 374f38fdce309a796b1583fd5179f115acd56e70 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 19:45:04 +0200 Subject: [PATCH 69/92] Minor patch of doctests for Windows machine --- lib/core/common.py | 14 +++++--------- lib/core/settings.py | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 7de61f0ff..9506e68bb 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -5017,18 +5017,14 @@ def decloakToTemp(filename): """ Decloaks content of a given file to a temporary file with similar name and extension - >>> _ = decloakToTemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.asp_")) - >>> openFile(_, "rb", encoding=None).read().startswith(b'<%') + NOTE: using in-memory decloak() in docTests because of the "problem" on Windows platform + + >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.asp_")).startswith(b'<%') True - >>> os.remove(_) - >>> _ = decloakToTemp(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.asp_")) - >>> openFile(_, "rb", encoding=None).read().startswith(b'<%') + >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.asp_")).startswith(b'<%') True - >>> os.remove(_) - >>> _ = decloakToTemp(os.path.join(paths.SQLMAP_UDF_PATH, "postgresql", "linux", "64", "11", "lib_postgresqludf_sys.so_")) - >>> b'sys_eval' in openFile(_, "rb", encoding=None).read() + >>> b'sys_eval' in decloak(os.path.join(paths.SQLMAP_UDF_PATH, "postgresql", "linux", "64", "11", "lib_postgresqludf_sys.so_")) True - >>> os.remove(_) """ content = decloak(filename) diff --git a/lib/core/settings.py b/lib/core/settings.py index b9b5bf7d7..2b15aa668 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.20" +VERSION = "1.5.9.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 5ea5fc896bd28e9b3514fe8aa06b85aa374370a0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 20:05:07 +0200 Subject: [PATCH 70/92] Fixing a problem with pypy (explicit flush needed) --- lib/core/settings.py | 2 +- lib/core/testing.py | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2b15aa668..78c972a28 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.21" +VERSION = "1.5.9.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 111ee24c7..6fab147cb 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -121,9 +121,14 @@ def vulnTest(): os.close(handle) content = "POST / HTTP/1.0\nUser-agent: foobar\nHost: %s:%s\n\nid=1\n" % (address, port) + with open(request, "w+") as f: + f.write(content) + f.flush() - open(request, "w+").write(content) - open(log, "w+").write('%d' % (port, encodeBase64(content, binary=False))) + content = '%d' % (port, encodeBase64(content, binary=False)) + with open(log, "w+") as f: + f.write(content) + f.flush() base = "http://%s:%d/" % (address, port) url = "%s?id=1" % base @@ -131,9 +136,14 @@ def vulnTest(): tmpdir = tempfile.mkdtemp() content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url) - open(config, "w+").write(content) + with open(config, "w+") as f: + f.write(content) + f.flush() - open(multiple, "w+").write("%s?%s=%d\n%s?%s=%d\n%s&%s=1" % (base, randomStr(), randomInt(), base, randomStr(), randomInt(), url, randomStr())) + content = "%s?%s=%d\n%s?%s=%d\n%s&%s=1" % (base, randomStr(), randomInt(), base, randomStr(), randomInt(), url, randomStr()) + with open(multiple, "w+") as f: + f.write(content) + f.flush() for options, checks in TESTS: status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS))) From fc0ba39045b290ef6db2c084572cad7c7389ca52 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 20:29:36 +0200 Subject: [PATCH 71/92] Adapting testing module for Windows OS --- lib/core/settings.py | 2 +- lib/core/testing.py | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 78c972a28..12556108e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.22" +VERSION = "1.5.9.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 6fab147cb..fa28ecb0c 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -40,29 +40,29 @@ def vulnTest(): TESTS = ( ("-h", ("to see full list of options run with '-hh'",)), ("--dependencies --deprecations", ("sqlmap requires", "third-party library", "~DeprecationWarning:")), - ("-u --data='reflect=1' --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), - ("-u --data='code=1' --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")), + ("-u --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), + ("-u --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")), (u"-c --flush-session --output-dir=\"\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")), (u"-u --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), ("-m --flush-session --technique=B --banner", ("/3] URL:", "back-end DBMS: SQLite", "banner: '3.")), ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), - ("-u '&id2=1' -p id2 -v 5 --flush-session --level=5 --text-only --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'", ("~1AND",)), + ("-u \"&id2=1\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\"", ("~1AND",)), ("--list-tampers", ("between", "MySQL", "xforwardedfor")), - ("-r --flush-session -v 5 --test-skip='heavy' --save=", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")), + ("-r --flush-session -v 5 --test-skip=\"heavy\" --save=", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")), ("-c ", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")), ("-l --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")), ("-l --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")), - ("-u --flush-session --data='id=1&_=Eewef6oh' --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), - ("-u -p id --base64=id --data='base64=true' --flush-session --banner --technique=B", ("banner: '3.",)), - ("-u -p id --base64=id --data='base64=true' --flush-session --tables --technique=U", (" users ",)), - ("-u --flush-session --banner --technique=B --disable-precon --not-string 'no results'", ("banner: '3.",)), + ("-u --flush-session --data=\"id=1&_=Eewef6oh\" --chunked --randomize=_ --random-agent --banner", ("fetched random HTTP User-Agent header value", "Parameter: id (POST)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), + ("-u -p id --base64=id --data=\"base64=true\" --flush-session --banner --technique=B", ("banner: '3.",)), + ("-u -p id --base64=id --data=\"base64=true\" --flush-session --tables --technique=U", (" users ",)), + ("-u --flush-session --banner --technique=B --disable-precon --not-string \"no results\"", ("banner: '3.",)), ("-u --flush-session --encoding=gbk --banner --technique=B --first=1 --last=2", ("banner: '3.'",)), ("-u --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")), - ("-u --flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), - ("-u --flush-session -H 'Foo: Bar' -H 'Sna: Fu' --data='' --union-char=1 --mobile --answers='smartphone=3' --banner --smart -v 5", ("might be injectable", "Payload: --flush-session --method=PUT --data='a=1;id=1;b=2' --param-del=';' --skip-static --har= --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")), - ("-u --flush-session -H 'id: 1*' --tables -t ", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), - ("-u --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter='OR boolean' --tamper=space2dash", ("banner: '3.", " LIKE ")), + ("-u --flush-session --data=\"{\\\"id\\\": 1}\" --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), + ("-u --flush-session -H \"Foo: Bar\" -H \"Sna: Fu\" --data=\"\" --union-char=1 --mobile --answers=\"smartphone=3\" --banner --smart -v 5", ("might be injectable", "Payload: --flush-session --method=PUT --data=\"a=1;id=1;b=2\" --param-del=\";\" --skip-static --har= --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")), + ("-u --flush-session -H \"id: 1*\" --tables -t ", ("might be injectable", "Parameter: id #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), + ("-u --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")), ("-u --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")), ("-u --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")), ("-u --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")), @@ -70,8 +70,8 @@ def vulnTest(): ("-u --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")), ("-u --flush-session --all", ("5 entries", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")), ("-u -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")), - ("-u '&echo=foobar*' --flush-session", ("might be vulnerable to cross-site scripting",)), - ("-u '&query=*' --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), + ("-u \"&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)), + ("-u \"&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), ("-d --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), ("-d --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)), ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")), From d8b15c14b67d5f9e4d4445a62c42176c08721b50 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 20:59:10 +0200 Subject: [PATCH 72/92] Some more testing module adaption --- lib/core/settings.py | 2 +- lib/core/testing.py | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 12556108e..cca83adf3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.23" +VERSION = "1.5.9.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index fa28ecb0c..05bf8d3e2 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -31,6 +31,7 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries from lib.core.patch import unisonRandom +from lib.core.settings import IS_WIN def vulnTest(): """ @@ -72,8 +73,8 @@ def vulnTest(): ("-u -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")), ("-u \"&echo=foobar*\" --flush-session", ("might be vulnerable to cross-site scripting",)), ("-u \"&query=*\" --flush-session --technique=Q --banner", ("Title: SQLite inline queries", "banner: '3.")), - ("-d --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), - ("-d --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)), + ("-d \"\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \"id=3\"", ("7775", "179ad45c6ce2cb97cf1029e212046e81 (testpass)", "dumped to SQLITE database")), + ("-d \"\" --flush-session --banner --schema --sql-query=\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "5, foobar, nameisnull", "'987654321'",)), ("--purge -v 3", ("~ERROR", "~CRITICAL", "deleting the whole directory tree")), ) @@ -149,6 +150,10 @@ def vulnTest(): status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS))) dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) + if IS_WIN and "uraj" in options: + options = options.replace(u"\u0161u\u0107uraj", "sucuraj") + checks = [check.replace(u"\u0161u\u0107uraj", "sucuraj") for check in checks] + for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): options = options.replace(tag, value) From a48ce3c12a4057986d6dcdd25ea17ab010115a21 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 21:15:15 +0200 Subject: [PATCH 73/92] Minor patch for Windows OS --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 9506e68bb..2e4a69ce4 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1531,7 +1531,7 @@ def parseTargetDirect(): remote = False for dbms in SUPPORTED_DBMS: - details = re.search(r"^(?P%s)://(?P(?P.*?)\:(?P.*)\@)?(?P(?P[\w.-]+?)\:(?P[\d]+)\/)?(?P[\w\d\ \:\.\_\-\/\\]*)$" % dbms, conf.direct, re.I) + details = re.search(r"^(?P%s)://(?P(?P.*?)\:(?P.*)\@)?(?P(?P[\w.-]+?)\:(?P[\d]+)\/)?(?P[\w\d\ \:\.\_~\-\/\\]*)$" % dbms, conf.direct, re.I) if details: conf.dbms = details.group("dbms") diff --git a/lib/core/settings.py b/lib/core/settings.py index cca83adf3..27d0abc4a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.24" +VERSION = "1.5.9.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From c8d06d109998b549898e4a6b26ed685139bd3958 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 21:38:59 +0200 Subject: [PATCH 74/92] Minor patch --- lib/core/settings.py | 2 +- sqlmap.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 27d0abc4a..11f95ff68 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.25" +VERSION = "1.5.9.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index daff96616..da9cdfd26 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -515,6 +515,7 @@ def main(): if conf.get("hashDB"): conf.hashDB.flush(True) + conf.hashDB.close() # NOTE: because of PyPy if conf.get("harFile"): try: From 08eeb0fd88623e6b15fcbfe8fc2b1abf0dcdc9f2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 22:24:30 +0200 Subject: [PATCH 75/92] Minor update --- lib/core/settings.py | 2 +- lib/core/target.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 11f95ff68..773dbb362 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.26" +VERSION = "1.5.9.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index cb695ae78..b92dc815b 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -432,6 +432,9 @@ def _setHashDB(): if os.path.exists(conf.hashDBFile): if conf.flushSession: + if conf.hashDB: + conf.hashDB.close() + try: os.remove(conf.hashDBFile) logger.info("flushing session file") From aeaa776ca93a99ce0b969e9d0dc336eff751e137 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 23:01:32 +0200 Subject: [PATCH 76/92] PyPy patch for testing module --- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- lib/core/testing.py | 2 +- lib/utils/hashdb.py | 10 ++++++++++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 773dbb362..c051186da 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.27" +VERSION = "1.5.9.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index b92dc815b..2c4cc0719 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -433,7 +433,7 @@ def _setHashDB(): if os.path.exists(conf.hashDBFile): if conf.flushSession: if conf.hashDB: - conf.hashDB.close() + conf.hashDB.closeAll() try: os.remove(conf.hashDBFile) diff --git a/lib/core/testing.py b/lib/core/testing.py index 05bf8d3e2..7fb4039f0 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -157,7 +157,7 @@ def vulnTest(): for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): options = options.replace(tag, value) - cmd = "%s \"%s\" %s --batch --non-interactive --debug" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) + cmd = "%s \"%s\" %s --batch --non-interactive --debug" % (sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) if "" in cmd: handle, tmp = tempfile.mkstemp() diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 5fa0b26b5..7efb68571 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -33,6 +33,7 @@ class HashDB(object): self.filepath = filepath self._write_cache = {} self._cache_lock = threading.Lock() + self._connections = [] def _get_cursor(self): threadData = getCurrentThreadData() @@ -40,6 +41,7 @@ class HashDB(object): if threadData.hashDBCursor is None: try: connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None) + self._connections.append(connection) threadData.hashDBCursor = connection.cursor() threadData.hashDBCursor.execute("CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)") connection.commit() @@ -66,6 +68,14 @@ class HashDB(object): except: pass + def closeAll(self): + for connection in self._connections: + try: + connection.commit() + connection.close() + except: + pass + @staticmethod def hashKey(key): key = getBytes(key if isinstance(key, six.text_type) else repr(key), errors="xmlcharrefreplace") From 3ff4bb893847adf193caf88771001c9cd7b968ed Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Sep 2021 23:50:06 +0200 Subject: [PATCH 77/92] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ed2cd3be5..bb7ac3f5a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sqlmap ![](https://i.imgur.com/fe85aVR.png) -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections. From dec550b1c9bdb7bac9d5945ad49eae7f68214fae Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Sep 2021 08:36:07 +0200 Subject: [PATCH 78/92] Minor patch for Windows OS --- lib/core/settings.py | 2 +- lib/core/testing.py | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c051186da..a55b327e4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.28" +VERSION = "1.5.9.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 7fb4039f0..31fd2cd8a 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -80,7 +80,16 @@ def vulnTest(): retVal = True count = 0 - address, port = "127.0.0.1", random.randint(1025, 65535) + + while True: + address, port = "127.0.0.1", random.randint(10000, 65535) + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + if s.connect_ex((address, port)): + break + finally: + s.close() + time.sleep(1) def _thread(): vulnserver.init(quiet=True) From 7878c22cd2af10619ad033977a7c9b6e5aa74e9d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Sep 2021 08:36:59 +0200 Subject: [PATCH 79/92] Minor refactoring --- lib/core/settings.py | 2 +- lib/core/testing.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a55b327e4..5fc82cbd0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.29" +VERSION = "1.5.9.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 31fd2cd8a..e766dea7b 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -87,9 +87,10 @@ def vulnTest(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if s.connect_ex((address, port)): break + else: + time.sleep(1) finally: s.close() - time.sleep(1) def _thread(): vulnserver.init(quiet=True) From 6ce9e40a90c99232ec358706cea2dbf9111b4bad Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Sep 2021 21:23:40 +0200 Subject: [PATCH 80/92] Trying smth out --- lib/core/settings.py | 2 +- lib/core/testing.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5fc82cbd0..73ed370b4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.30" +VERSION = "1.5.9.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index e766dea7b..99f5eaa22 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -167,7 +167,7 @@ def vulnTest(): for tag, value in (("", url), ("", base), ("", direct), ("", tmpdir), ("", request), ("", log), ("", multiple), ("", config), ("", url.replace("id=1", "id=MZ=%3d"))): options = options.replace(tag, value) - cmd = "%s \"%s\" %s --batch --non-interactive --debug" % (sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) + cmd = "%s \"%s\" %s --batch --non-interactive --debug --time-sec=1" % (sys.executable if ' ' not in sys.executable else '"%s"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options) if "" in cmd: handle, tmp = tempfile.mkstemp() From 954a8e6ee7f34fa461a347c9f8c2c234031ede6e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 09:02:44 +0200 Subject: [PATCH 81/92] Struggling with Github Actions --- extra/vulnserver/vulnserver.py | 5 +++++ lib/core/settings.py | 2 +- lib/core/testing.py | 11 ++++++++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index 16917d25b..4cce7f933 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -60,6 +60,7 @@ _conn = None _cursor = None _lock = None _server = None +_alive = False def init(quiet=False): global _conn @@ -236,14 +237,18 @@ class ReqHandler(BaseHTTPRequestHandler): return def run(address=LISTEN_ADDRESS, port=LISTEN_PORT): + global _alive global _server try: + _alive = True _server = ThreadingServer((address, port), ReqHandler) print("[i] running HTTP server at 'http://%s:%d'" % (address, port)) _server.serve_forever() except KeyboardInterrupt: _server.socket.close() raise + finally: + _alive = False if __name__ == "__main__": try: diff --git a/lib/core/settings.py b/lib/core/settings.py index 73ed370b4..1f4917b3f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.9.31" +VERSION = "1.5.10.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 99f5eaa22..50211523d 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -31,6 +31,7 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries from lib.core.patch import unisonRandom +from lib.core.settings import MAX_CONSECUTIVE_CONNECTION_ERRORS from lib.core.settings import IS_WIN def vulnTest(): @@ -100,18 +101,26 @@ def vulnTest(): thread.daemon = True thread.start() - while True: + success = False + for i in xrange(MAX_CONSECUTIVE_CONNECTION_ERRORS): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((address, port)) s.send(b"GET / HTTP/1.0\r\n\r\n") if b"vulnserver" in s.recv(4096): + success = True break except: time.sleep(1) finally: s.close() + if not success: + logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s', alive: %s)" % (address, port, vulnserver._alive)) + return False + else: + logger.info("vulnserver running at 'http://%s:%s'..." % (address, port)) + handle, config = tempfile.mkstemp(suffix=".conf") os.close(handle) From c712e9c22f6163ef640533da61f03a17d35bf21a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 09:05:06 +0200 Subject: [PATCH 82/92] Minor update --- lib/core/settings.py | 2 +- lib/core/testing.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1f4917b3f..4d887ebde 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.0" +VERSION = "1.5.10.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 50211523d..573263254 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -111,9 +111,11 @@ def vulnTest(): success = True break except: - time.sleep(1) + pass finally: s.close() + if not success: + time.sleep(1) if not success: logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s', alive: %s)" % (address, port, vulnserver._alive)) From 9ac251142cce92334796634391f50aa74851a750 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 09:11:57 +0200 Subject: [PATCH 83/92] Minor refactoring --- lib/core/settings.py | 2 +- lib/core/testing.py | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4d887ebde..87556d20c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.1" +VERSION = "1.5.10.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 573263254..f950820e6 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -31,7 +31,6 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries from lib.core.patch import unisonRandom -from lib.core.settings import MAX_CONSECUTIVE_CONNECTION_ERRORS from lib.core.settings import IS_WIN def vulnTest(): @@ -97,28 +96,27 @@ def vulnTest(): vulnserver.init(quiet=True) vulnserver.run(address=address, port=port) + vulnserver._alive = True + thread = threading.Thread(target=_thread) thread.daemon = True thread.start() - success = False - for i in xrange(MAX_CONSECUTIVE_CONNECTION_ERRORS): + while vulnserver._alive: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((address, port)) s.send(b"GET / HTTP/1.0\r\n\r\n") if b"vulnserver" in s.recv(4096): - success = True break except: pass finally: s.close() - if not success: - time.sleep(1) + time.sleep(1) - if not success: - logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s', alive: %s)" % (address, port, vulnserver._alive)) + if not vulnserver._alive: + logger.error("problem occurred in vulnserver instantiation (address: 'http://%s:%s')" % (address, port)) return False else: logger.info("vulnserver running at 'http://%s:%s'..." % (address, port)) From 7f7e78a5173db0543b8a7b4b3894af6c657c24e4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 09:40:45 +0200 Subject: [PATCH 84/92] Minor update --- .github/workflows/tests.yml | 4 ++-- lib/core/settings.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1c1c6ea42..d6b35f219 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -9,8 +9,8 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.6', 'pypy-3.7' ] + os: [ubuntu-latest, macos-latest] + python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/lib/core/settings.py b/lib/core/settings.py index 87556d20c..5eda30d67 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.2" +VERSION = "1.5.10.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 59bd03f1a973cdc668850a930307c25dc630cb38 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 10:10:12 +0200 Subject: [PATCH 85/92] Trying smth simple --- .github/workflows/tests.yml | 5 ++--- lib/core/settings.py | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d6b35f219..c42921aa5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -6,11 +6,10 @@ on: jobs: build: - runs-on: ${{ matrix.os }} + runs-on: ubuntu-latest strategy: matrix: - os: [ubuntu-latest, macos-latest] - python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.7' ] + python-version: [ '3.x', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/lib/core/settings.py b/lib/core/settings.py index 5eda30d67..a7073dabc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.3" +VERSION = "1.5.10.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 7d31de112424017bdf76a8f61e64bf4489235404 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2021 10:15:57 +0200 Subject: [PATCH 86/92] Revert as it might work at the end --- .github/workflows/tests.yml | 5 +++-- lib/core/settings.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c42921aa5..d6b35f219 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -6,10 +6,11 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} strategy: matrix: - python-version: [ '3.x', 'pypy-3.7' ] + os: [ubuntu-latest, macos-latest] + python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/lib/core/settings.py b/lib/core/settings.py index a7073dabc..c208bfc7e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.4" +VERSION = "1.5.10.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 69900a6c6efac5c8b43fcee5d8d03dc2afb063b5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Oct 2021 00:29:31 +0200 Subject: [PATCH 87/92] Fixes #4849 --- lib/core/common.py | 4 ++-- lib/core/compat.py | 5 +++++ lib/core/settings.py | 2 +- lib/core/testing.py | 1 - lib/request/httpshandler.py | 4 ++-- plugins/dbms/mysql/takeover.py | 6 +++--- plugins/dbms/postgresql/takeover.py | 6 +++--- sqlmap.py | 4 ++-- 8 files changed, 18 insertions(+), 14 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 2e4a69ce4..a6d9acaad 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -11,7 +11,6 @@ import binascii import codecs import contextlib import copy -import distutils.version import functools import getpass import hashlib @@ -47,6 +46,7 @@ from extra.beep.beep import beep from extra.cloak.cloak import decloak from lib.core.bigarray import BigArray from lib.core.compat import cmp +from lib.core.compat import LooseVersion from lib.core.compat import round from lib.core.compat import xrange from lib.core.convert import base64pickle @@ -591,7 +591,7 @@ class Backend(object): if Backend.getVersion() is not None and version is not None: try: - retVal = distutils.version.LooseVersion(Backend.getVersion()) >= distutils.version.LooseVersion(version) + retVal = LooseVersion(Backend.getVersion()) >= LooseVersion(version) except: retVal = str(Backend.getVersion()) >= str(version) diff --git a/lib/core/compat.py b/lib/core/compat.py index 3e8c168fe..50d18695d 100644 --- a/lib/core/compat.py +++ b/lib/core/compat.py @@ -257,3 +257,8 @@ if sys.version_info >= (3, 0): else: xrange = xrange buffer = buffer + +try: + from pkg_resources import parse_version as LooseVersion +except ImportError: + from distutils.version import LooseVersion diff --git a/lib/core/settings.py b/lib/core/settings.py index c208bfc7e..ab12e789b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.5" +VERSION = "1.5.10.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index f950820e6..3c5014c1d 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -24,7 +24,6 @@ from lib.core.common import randomInt from lib.core.common import randomStr from lib.core.common import shellExec from lib.core.compat import round -from lib.core.compat import xrange from lib.core.convert import encodeBase64 from lib.core.data import kb from lib.core.data import logger diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index dcd429afc..26f359d3f 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -5,12 +5,12 @@ Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import distutils.version import re import socket from lib.core.common import filterNone from lib.core.common import getSafeExString +from lib.core.compat import LooseVersion from lib.core.compat import xrange from lib.core.data import conf from lib.core.data import kb @@ -109,7 +109,7 @@ class HTTPSConnection(_http_client.HTTPSConnection): if not success: errMsg = "can't establish SSL connection" # Reference: https://docs.python.org/2/library/ssl.html - if distutils.version.LooseVersion(PYVERSION) < distutils.version.LooseVersion("2.7.9"): + if LooseVersion(PYVERSION) < LooseVersion("2.7.9"): errMsg += " (please retry with Python >= 2.7.9)" if kb.sslSuccess and not self.retrying: diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 1444436dc..b59598443 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import distutils.version import os from lib.core.agent import agent @@ -17,6 +16,7 @@ from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import randomStr from lib.core.common import unArrayizeValue +from lib.core.compat import LooseVersion from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths @@ -38,13 +38,13 @@ class Takeover(GenericTakeover): banVer = kb.bannerFp["dbmsVersion"] - if banVer and distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("5.0.67"): + if banVer and LooseVersion(banVer) >= LooseVersion("5.0.67"): if self.__plugindir is None: logger.info("retrieving MySQL plugin directory absolute path") self.__plugindir = unArrayizeValue(inject.getValue("SELECT @@plugin_dir")) # On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0 - if self.__plugindir is None and distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("5.1.19"): + if self.__plugindir is None and LooseVersion(banVer) >= LooseVersion("5.1.19"): logger.info("retrieving MySQL base directory absolute path") # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 187a0686f..cfa142d2d 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import distutils.version import os from lib.core.common import Backend @@ -17,6 +16,7 @@ from lib.core.common import isListLike from lib.core.common import isNoneValue from lib.core.common import isStackingAvailable from lib.core.common import randomStr +from lib.core.compat import LooseVersion from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths @@ -54,9 +54,9 @@ class Takeover(GenericTakeover): if not banVer or not banVer[0].isdigit(): errMsg = "unsupported feature on unknown version of PostgreSQL" raise SqlmapUnsupportedFeatureException(errMsg) - elif distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("10"): + elif LooseVersion(banVer) >= LooseVersion("10"): majorVer = banVer.split('.')[0] - elif distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("8.2") and '.' in banVer: + elif LooseVersion(banVer) >= LooseVersion("8.2") and '.' in banVer: majorVer = '.'.join(banVer.split('.')[:2]) else: errMsg = "unsupported feature on versions of PostgreSQL before 8.2" diff --git a/sqlmap.py b/sqlmap.py index da9cdfd26..4999a344d 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -18,7 +18,6 @@ try: sys.exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details") import bdb - import distutils import glob import inspect import json @@ -64,6 +63,7 @@ try: from lib.core.common import MKSTEMP_PREFIX from lib.core.common import setColor from lib.core.common import unhandledExceptionMessage + from lib.core.compat import LooseVersion from lib.core.compat import xrange from lib.core.exception import SqlmapBaseException from lib.core.exception import SqlmapShellQuitException @@ -114,7 +114,7 @@ def checkEnvironment(): logger.critical(errMsg) raise SystemExit - if distutils.version.LooseVersion(VERSION) < distutils.version.LooseVersion("1.0"): + if LooseVersion(VERSION) < LooseVersion("1.0"): errMsg = "your runtime environment (e.g. PYTHONPATH) is " errMsg += "broken. Please make sure that you are not running " errMsg += "newer versions of sqlmap with runtime scripts for older " From f1621d0d89960b0b5edd81de183ebda87b0dc56d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Oct 2021 00:32:35 +0200 Subject: [PATCH 88/92] Minor update --- .github/workflows/tests.yml | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d6b35f219..21e4bd514 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,7 +10,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest] - python-version: [ '2.x', '3.x', 'pypy-2.7', 'pypy-3.7' ] + python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/lib/core/settings.py b/lib/core/settings.py index ab12e789b..8db7f6e16 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.6" +VERSION = "1.5.10.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From c4680b7e04640ebcbaa232e8d46fbd699e73fe1d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Oct 2021 00:39:54 +0200 Subject: [PATCH 89/92] Bug fix --- lib/core/settings.py | 2 +- lib/core/testing.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8db7f6e16..efc95a099 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.7" +VERSION = "1.5.10.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 3c5014c1d..6f87bd84c 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -105,8 +105,15 @@ def vulnTest(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((address, port)) - s.send(b"GET / HTTP/1.0\r\n\r\n") - if b"vulnserver" in s.recv(4096): + s.sendall(b"GET / HTTP/1.1\r\n\r\n") + result = b"" + while True: + current = s.recv(1024) + if not current: + break + else: + result += current + if b"vulnserver" in result: break except: pass From 182c06e26b81f005538d1463603096dcce4814c9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Oct 2021 00:41:09 +0200 Subject: [PATCH 90/92] Trying out --- .github/workflows/tests.yml | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 21e4bd514..acb3cacae 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -9,7 +9,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-latest, windows-latest] python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ] steps: - uses: actions/checkout@v2 diff --git a/lib/core/settings.py b/lib/core/settings.py index efc95a099..8461fff84 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.8" +VERSION = "1.5.10.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From e9d7a770e163c068781c3fce669c713d655537af Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Oct 2021 00:45:55 +0200 Subject: [PATCH 91/92] Fixing a DeprecationWarning with activeCount() --- lib/core/settings.py | 2 +- lib/core/threads.py | 2 +- sqlmap.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8461fff84..c210c632e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.10.9" +VERSION = "1.5.10.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index be1f6d622..153c55c7a 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -198,7 +198,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio if numThreads > 1: logger.info("waiting for threads to finish%s" % (" (Ctrl+C was pressed)" if isinstance(ex, KeyboardInterrupt) else "")) try: - while (threading.activeCount() > 1): + while (threading.active_count() > 1): pass except KeyboardInterrupt: diff --git a/sqlmap.py b/sqlmap.py index 4999a344d..047aee9e3 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -533,7 +533,7 @@ def main(): # short delay for thread finalization _ = time.time() - while threading.activeCount() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT: + while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT: time.sleep(0.01) if cmdLineOptions.get("sqlmapShell"): @@ -554,7 +554,7 @@ if __name__ == "__main__": traceback.print_exc() finally: # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program - if threading.activeCount() > 1: + if threading.active_count() > 1: os._exit(getattr(os, "_exitcode", 0)) else: sys.exit(getattr(os, "_exitcode", 0)) From aec527dbee12aa1546d4d5f029d357cbb6f8f75a Mon Sep 17 00:00:00 2001 From: za Date: Fri, 8 Oct 2021 21:18:25 +0700 Subject: [PATCH 92/92] Added more ID word in common-columns.txt (#4852) --- data/txt/common-columns.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/data/txt/common-columns.txt b/data/txt/common-columns.txt index a3a52ce06..1b2d7cbfb 100644 --- a/data/txt/common-columns.txt +++ b/data/txt/common-columns.txt @@ -2674,6 +2674,7 @@ jeda jenis jml judul +jumlah kata_kunci kata_sandi katakunci @@ -2686,6 +2687,7 @@ kunci lahir nama nama_akun +nama_ibu_kandung nama_pengguna namaakun namapengguna @@ -2695,6 +2697,7 @@ pengguna penjelasan perusahaan ponsel +profesi ruang sandi soal @@ -2702,6 +2705,7 @@ surat_elektronik surel tanggal tanggal_lahir +telepon tempat tempat_lahir tmp_lahir