diff --git a/lib/core/option.py b/lib/core/option.py index 9fef8f3e6..b55574e04 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1875,6 +1875,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.followSitemapRecursion = None kb.forcedDbms = None kb.forcePartialUnion = False + kb.forceThreads = None kb.forceWhere = None kb.futileUnion = None kb.heavilyDynamic = False diff --git a/lib/core/settings.py b/lib/core/settings.py index 663ffb035..6ccc6c6d9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.6.4" +VERSION = "1.3.6.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index fa889c9eb..a5ba73f65 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -721,9 +721,6 @@ def cmdLineParser(argv=None): parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true", help=SUPPRESS_HELP) - parser.add_option("--force-threads", dest="forceThreads", action="store_true", - help=SUPPRESS_HELP) - parser.add_option("--smoke-test", dest="smokeTest", action="store_true", help=SUPPRESS_HELP) diff --git a/lib/request/inject.py b/lib/request/inject.py index 3c52bd6b7..0b46717fc 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -91,7 +91,7 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) if not (timeBasedCompare and kb.dnsTest): - if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not conf.forceThreads): + if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not kb.forceThreads): if field and re.search(r"\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I): expression = "SELECT %s FROM (%s)" % (field, expression) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index d0ccf66d8..8f132b548 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -24,6 +24,7 @@ from lib.core.common import getPartRun from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite from lib.core.common import incrementCounter +from lib.core.common import readInput from lib.core.common import safeStringFormat from lib.core.common import singleTimeWarnMessage from lib.core.data import conf @@ -163,12 +164,15 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if showEta: progress = ProgressBar(maxValue=length) - if timeBasedCompare and conf.threads > 1 and not conf.forceThreads: - warnMsg = "multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically" - singleTimeWarnMessage(warnMsg) + if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None: + msg = "multi-threading is considered unsafe in " + msg += "time-based data retrieval. Are you sure " + msg += "of your choice (breaking warranty) [y/N] " + + kb.forceThreads = readInput(msg, default='N', boolean=True) if numThreads > 1: - if not timeBasedCompare or conf.forceThreads: + if not timeBasedCompare or kb.forceThreads: debugMsg = "starting %d thread%s" % (numThreads, ("s" if numThreads > 1 else "")) logger.debug(debugMsg) else: