From 21878560eecf2bf123ea65e6ca0869c07540da9f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 1 Aug 2023 11:33:13 +0200
Subject: [PATCH 01/28] Fixes #5481

---
 lib/core/settings.py | 2 +-
 lib/utils/hashdb.py  | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 44b3104f0..da65ad9c8 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.7.2"
+VERSION = "1.7.8.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py
index 10cf2dcc9..e9e72bc29 100644
--- a/lib/utils/hashdb.py
+++ b/lib/utils/hashdb.py
@@ -181,8 +181,11 @@ class HashDB(object):
             try:
                 self.cursor.execute("BEGIN TRANSACTION")
             except:
-                # Reference: http://stackoverflow.com/a/25245731
-                self.cursor.close()
+                try:
+                    # Reference: http://stackoverflow.com/a/25245731
+                    self.cursor.close()
+                except sqlite3.ProgrammingError:
+                    pass
                 threadData.hashDBCursor = None
                 self.cursor.execute("BEGIN TRANSACTION")
             finally:

From 5ad099c61db1804b1ada6c2ff82eb287c91c361a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 1 Aug 2023 11:45:20 +0200
Subject: [PATCH 02/28] Fixes #5479

---
 lib/core/settings.py | 2 +-
 lib/utils/search.py  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index da65ad9c8..06849e0e2 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.0"
+VERSION = "1.7.8.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/utils/search.py b/lib/utils/search.py
index 5ae11a10c..4e9d4abc1 100644
--- a/lib/utils/search.py
+++ b/lib/utils/search.py
@@ -106,7 +106,7 @@ def _search(dork):
 
     page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
 
-    page = getUnicode(page)  # Note: if upper function call fails (Issue #4202)
+    page = getUnicode(page)  # Note: if decodePage call fails (Issue #4202)
 
     retVal = [_urllib.parse.unquote(match.group(1) or match.group(2)) for match in re.finditer(GOOGLE_REGEX, page, re.I)]
 
@@ -171,6 +171,8 @@ def _search(dork):
             errMsg = "unable to connect"
             raise SqlmapConnectionException(errMsg)
 
+        page = getUnicode(page)  # Note: if decodePage call fails (Issue #4202)
+
         retVal = [_urllib.parse.unquote(match.group(1).replace("&amp;", "&")) for match in re.finditer(regex, page, re.I | re.S)]
 
         if not retVal and "issue with the Tor Exit Node you are currently using" in page:

From 89f9e5b1e0e84166b0d9b6e5453b24dca1d5745d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 5 Aug 2023 11:14:45 +0200
Subject: [PATCH 03/28] Fixes #5477

---
 lib/controller/checks.py |  4 ++++
 lib/core/datatype.py     | 13 +++++++++++++
 lib/core/settings.py     |  2 +-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index b0d5fd6b5..a58a51252 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -217,6 +217,7 @@ def checkSqlInjection(place, parameter, value):
                         if _ > 1:
                             __ = 2 * (_ - 1) + 1 if _ == lower else 2 * _
                             unionExtended = True
+                            test.request._columns = test.request.columns
                             test.request.columns = re.sub(r"\b%d\b" % _, str(__), test.request.columns)
                             title = re.sub(r"\b%d\b" % _, str(__), title)
                             test.title = re.sub(r"\b%d\b" % _, str(__), test.title)
@@ -819,6 +820,9 @@ def checkSqlInjection(place, parameter, value):
                     choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
                 conf.verbose = int(choice)
                 setVerbosity()
+                if hasattr(test.request, "columns") and hasattr(test.request, "_columns"):
+                    test.request.columns = test.request._columns
+                    delattr(test.request, "_columns")
                 tests.insert(0, test)
             elif choice == 'N':
                 return None
diff --git a/lib/core/datatype.py b/lib/core/datatype.py
index eadcb9cf7..c044055e8 100644
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -49,6 +49,19 @@ class AttribDict(dict):
             else:
                 return None
 
+    def __delattr__(self, item):
+        """
+        Deletes attributes
+        """
+
+        try:
+            return self.pop(item)
+        except KeyError:
+            if self.keycheck:
+                raise AttributeError("unable to access item '%s'" % item)
+            else:
+                return None
+
     def __setattr__(self, item, value):
         """
         Maps attributes to values
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 06849e0e2..581697ede 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.1"
+VERSION = "1.7.8.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From b836c36d686a9c464d2e6b3eb022e6ad431a0235 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 15 Aug 2023 10:58:12 +0200
Subject: [PATCH 04/28] Potential fix for #5485

---
 data/xml/queries.xml | 34 +++++++++++++++++-----------------
 lib/core/settings.py |  2 +-
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/data/xml/queries.xml b/data/xml/queries.xml
index 300e70975..62e9dc63f 100644
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -207,7 +207,7 @@
         </columns>
         <dump_table>
             <inband query="SELECT %s FROM %s.%s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
+            <blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM %s)x WHERE CAP=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
         </dump_table>
         <search_db>
             <inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
@@ -228,7 +228,7 @@
         <length query="LENGTH(%s)"/>
         <isnull query="NVL(%s,' ')"/>
         <delimiter query="||"/>
-        <limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/>
+        <limit query="ROWNUM AS CAP %s) WHERE CAP"/>
         <limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
         <limitgroupstart/>
         <limitgroupstop/>
@@ -261,11 +261,11 @@
         <is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
         <users>
             <inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
-            <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
+            <blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS CAP FROM SYS.ALL_USERS) WHERE CAP=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
         </users>
         <passwords>
             <inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/>
-            <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
+            <blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS CAP FROM SYS.USER$ WHERE NAME='%s') WHERE CAP=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
         </passwords>
         <!--
              NOTE: in Oracle to enumerate the privileges for the session user you can use:
@@ -273,7 +273,7 @@
         -->
         <privileges>
             <inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
+            <blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
         </privileges>
         <!--
              NOTE: in Oracle to enumerate the roles for the session user you can use:
@@ -281,20 +281,20 @@
         -->
         <roles>
             <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
-            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
+            <blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
         </roles>
         <statements>
             <inband query="SELECT SQL_TEXT FROM V$SQL"/>
-            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
+            <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS CAP FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE CAP=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
         </statements>
         <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
         <dbs>
             <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
-            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
+            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS CAP FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE CAP=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
         </dbs>
         <tables>
             <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/>
-            <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
+            <blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS CAP FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE CAP=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
         </tables>
         <columns>
             <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
@@ -302,7 +302,7 @@
         </columns>
         <dump_table>
             <inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
-            <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS CAP FROM %s qq ORDER BY ROWNUM) WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
         </dump_table>
         <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
         <search_db>
@@ -606,7 +606,7 @@
         <length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
         <isnull query="COALESCE(%s,' ')"/>
         <delimiter query="||"/>
-        <limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT"/>
+        <limit query="ROW_NUMBER() OVER () AS CAP %s) AS qq WHERE CAP"/>
         <limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
         <limitgroupstart/>
         <limitgroupstop/>
@@ -621,7 +621,7 @@
         <hex query="HEX(%s)"/>
         <inference query="SUBSTR((%s),%d,1)>'%c'"/>
         <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
-        <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/>
+        <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS CAP,versionnumber FROM sysibm.sysversions) AS qq WHERE CAP=1"/>
         <current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
         <!-- NOTE: On DB2 we use the current user as default schema (database) -->
         <current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
@@ -631,24 +631,24 @@
         <is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
         <users>
             <inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
-            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
+            <blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS CAP,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE CAP=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
         </users>
         <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        
         <passwords/>
         <privileges>
             <inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
-            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
+            <blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS CAP,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
         </privileges>
         <roles/>
         <statements/>
         <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
         <dbs>
             <inband query="SELECT schemaname FROM syscat.schemata"/>
-            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
+            <blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS CAP,schemaname FROM syscat.schemata) AS qq WHERE CAP=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
         </dbs>
         <tables>
             <inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/>
-            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
+            <blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS CAP,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE CAP=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
         </tables>
         <columns>
             <inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
@@ -656,7 +656,7 @@
         </columns>
         <dump_table>
             <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS CAP,%s AS ENTRY_VALUE FROM %s) AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
         </dump_table>
         <search_db>
             <inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 581697ede..0215b6ab6 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.2"
+VERSION = "1.7.8.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 2c767d7d1f2bb0bd7ed1475ecc235cecec8ff563 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 15 Aug 2023 11:06:28 +0200
Subject: [PATCH 05/28] Patch for #5484

---
 lib/controller/controller.py | 2 +-
 lib/core/settings.py         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 8441279a9..86a76442a 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -550,7 +550,7 @@ def start():
                             infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
                             logger.info(infoMsg)
 
-                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
+                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I) or re.search(conf.paramExclude, place, re.I)):
                             testSqlInj = False
 
                             infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0215b6ab6..9dcd8e377 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.3"
+VERSION = "1.7.8.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From b368b4a9f9422f63bcdd15e0958cf69a53d0b7cc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 16 Aug 2023 12:43:55 +0200
Subject: [PATCH 06/28] Fixes #5493

---
 lib/core/settings.py | 2 +-
 lib/core/target.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 9dcd8e377..0c77a3fad 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.4"
+VERSION = "1.7.8.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/core/target.py b/lib/core/target.py
index 480886af2..b39046aaa 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -637,7 +637,7 @@ def _createDumpDir():
     if not os.path.isdir(conf.dumpPath):
         try:
             os.makedirs(conf.dumpPath)
-        except OSError as ex:
+        except Exception as ex:
             tempDir = tempfile.mkdtemp(prefix="sqlmapdump")
             warnMsg = "unable to create dump directory "
             warnMsg += "'%s' (%s). " % (conf.dumpPath, getUnicode(ex))

From 3e98fabd23444d0310a86e629071fade2896f0d5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 19 Aug 2023 09:41:24 +0200
Subject: [PATCH 07/28] Fixes #5492

---
 lib/core/agent.py    | 2 +-
 lib/core/settings.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 26be9b450..f6a541b84 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -490,7 +490,7 @@ class Agent(object):
         if field and Backend.getIdentifiedDbms():
             rootQuery = queries[Backend.getIdentifiedDbms()]
 
-            if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast and not (field.startswith("COUNT(") and getTechnique() in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION) and Backend.getIdentifiedDbms() == DBMS.MSSQL):
+            if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast and not (field.startswith("COUNT(") and Backend.getIdentifiedDbms() == DBMS.MSSQL):
                 nulledCastedField = field
             else:
                 if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0c77a3fad..863d14e9f 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.5"
+VERSION = "1.7.8.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From ccc38abff6975034500790167714a22b3452a4eb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 19 Aug 2023 10:02:29 +0200
Subject: [PATCH 08/28] Dirty patch for #5488

---
 lib/core/agent.py    | 5 +++++
 lib/core/settings.py | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index f6a541b84..73a121c00 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -185,6 +185,11 @@ class Agent(object):
                 newValue = newValue.replace(BOUNDARY_BACKSLASH_MARKER, '\\')
                 newValue = self.adjustLateValues(newValue)
 
+            # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5488
+            if kb.customInjectionMark in origValue:
+                payload = newValue.replace(origValue, "")
+                newValue = origValue.replace(kb.customInjectionMark, payload)
+
             # TODO: support for POST_HINT
             newValue = "%s%s%s" % (BOUNDED_BASE64_MARKER, newValue, BOUNDED_BASE64_MARKER)
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 863d14e9f..03883b664 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.6"
+VERSION = "1.7.8.7"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From a7cf68f2435d41e2980b1418ff5c306127a172d4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 19 Aug 2023 10:24:20 +0200
Subject: [PATCH 09/28] Fixes #5483

---
 lib/core/common.py   | 1 +
 lib/core/settings.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index d235b838a..f6a745338 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -5079,6 +5079,7 @@ def resetCookieJar(cookieJar):
                 logger.info(infoMsg)
 
                 content = readCachedFileContent(conf.loadCookies)
+                content = re.sub("(?im)^#httpOnly_", "", content)
                 lines = filterNone(line.strip() for line in content.split("\n") if not line.startswith('#'))
                 handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR)
                 os.close(handle)
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 03883b664..0105141f0 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.7"
+VERSION = "1.7.8.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 2f66aa8ac112e313d50531972ec4ea426edca50c Mon Sep 17 00:00:00 2001
From: soka <romain.dereydellet@gmail.com>
Date: Sat, 26 Aug 2023 15:56:49 +0200
Subject: [PATCH 10/28] Add SQLite AND boolean-based blind payload (#5501)

---
 data/xml/payloads/boolean_blind.xml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/data/xml/payloads/boolean_blind.xml b/data/xml/payloads/boolean_blind.xml
index 67cf9940d..cd3f9c212 100644
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
@@ -596,6 +596,26 @@ Tag: <test>
             <dbms>Oracle</dbms>
         </details>
     </test>
+
+    <test>
+        <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (json)</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1</clause>
+        <where>1</where>
+        <vector>AND CASE WHEN [INFERENCE] THEN 1 ELSE json('') END </vector>
+        <request>
+            <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE json('') END</payload>
+        </request>
+        <response>
+            <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE json('') END</comparison>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+        </details>
+    </test>
+
     <!-- End of boolean-based blind tests - WHERE or HAVING clause -->
 
     <!-- Boolean-based blind tests - Parameter replace -->

From 6d472dc2b0203d10e4d5baa4c00fd8821d315c18 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 26 Aug 2023 16:02:17 +0200
Subject: [PATCH 11/28] Minor update of SQLite specific payload (#5501)

---
 data/xml/payloads/boolean_blind.xml | 29 ++++++++++++++++++++++++-----
 lib/core/settings.py                |  2 +-
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/data/xml/payloads/boolean_blind.xml b/data/xml/payloads/boolean_blind.xml
index cd3f9c212..b6d7a2efe 100644
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
@@ -598,18 +598,37 @@ Tag: <test>
     </test>
 
     <test>
-        <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (json)</title>
+        <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
         <stype>1</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1</clause>
         <where>1</where>
-        <vector>AND CASE WHEN [INFERENCE] THEN 1 ELSE json('') END </vector>
+        <vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
         <request>
-            <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE json('') END</payload>
+            <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
         </request>
         <response>
-            <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE json('') END</comparison>
+            <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
+        </response>
+        <details>
+            <dbms>SQLite</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
+        <request>
+            <payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
+        </request>
+        <response>
+            <comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
         </response>
         <details>
             <dbms>SQLite</dbms>
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0105141f0..d209d6773 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.8"
+VERSION = "1.7.8.9"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 89e8b6e5ce73b3d6fd5fca5958b49221d59f84ee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 31 Aug 2023 12:16:35 +0200
Subject: [PATCH 12/28] Fixes #5510

---
 lib/core/common.py   | 9 ++++++++-
 lib/core/settings.py | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index f6a745338..3d6360bb8 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -3182,7 +3182,14 @@ def isNumPosStrValue(value):
     False
     """
 
-    return ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
+    retVal = False
+
+    try:
+        retVal = ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
+    except ValueError:
+        pass
+
+    return retVal
 
 @cachedmethod
 def aliasToDbmsEnum(dbms):
diff --git a/lib/core/settings.py b/lib/core/settings.py
index d209d6773..fe9f40a19 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.9"
+VERSION = "1.7.8.10"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 4f2a883544667eae24266c8f33d21fe0649343ab Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 31 Aug 2023 12:22:11 +0200
Subject: [PATCH 13/28] Update for #5508

---
 lib/core/option.py   | 4 ----
 lib/core/settings.py | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 7fc2116df..63cfb6d3f 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2830,10 +2830,6 @@ def _basicOptionValidation():
         errMsg = "value for option '--time-sec' must be a positive integer"
         raise SqlmapSyntaxException(errMsg)
 
-    if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
-        errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
-        raise SqlmapSyntaxException(errMsg)
-
     if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)):
         errMsg = "option '--crack' should be used as a standalone"
         raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/settings.py b/lib/core/settings.py
index fe9f40a19..2bbf50715 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.10"
+VERSION = "1.7.8.11"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From be118e861ca926246512aebc8f7f8aa96ee04d16 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 4 Sep 2023 18:34:21 +0200
Subject: [PATCH 14/28] Implements option --union-values (#5508)

---
 lib/core/agent.py            |  8 +++++++-
 lib/core/option.py           | 12 ++++++++++++
 lib/core/optiondict.py       |  1 +
 lib/core/settings.py         |  2 +-
 lib/parse/cmdline.py         |  3 +++
 lib/techniques/union/test.py |  2 +-
 sqlmap.conf                  |  5 +++++
 7 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 73a121c00..d802f4c97 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -45,6 +45,7 @@ from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BOUNDED_BASE64_MARKER
 from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import BOUNDED_INJECTION_MARKER
+from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import GENERIC_SQL_COMMENT
@@ -890,11 +891,16 @@ class Agent(object):
             if element > 0:
                 unionQuery += ','
 
-            if element == position:
+            if conf.uValues:
+                unionQuery += conf.uValues.split(',')[element]
+            elif element == position:
                 unionQuery += query
             else:
                 unionQuery += char
 
+        if conf.uValues:
+            unionQuery = unionQuery.replace(CUSTOM_INJECTION_MARK_CHAR, query)
+
         if fromTable and not unionQuery.endswith(fromTable):
             unionQuery += fromTable
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 63cfb6d3f..951399fc0 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1801,6 +1801,9 @@ def _cleanupOptions():
                     conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None
                     break
 
+    if conf.uValues:
+        conf.uCols = "%d-%d" % (1 + conf.uValues.count(','), 1 + conf.uValues.count(','))
+
     if conf.testFilter:
         conf.testFilter = conf.testFilter.strip('*+')
         conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter)
@@ -2582,6 +2585,10 @@ def _basicOptionValidation():
         errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.uValues and conf.uChar:
+        errMsg = "option '--union-values' is incompatible with option '--union-char'"
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.base64Parameter and conf.tamper:
         errMsg = "option '--base64' is incompatible with option '--tamper'"
         raise SqlmapSyntaxException(errMsg)
@@ -2804,6 +2811,11 @@ def _basicOptionValidation():
         errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
         raise SqlmapSyntaxException(errMsg)
 
+    if conf.uValues and (not re.search(r"\A['\w\s.,()%s-]+\Z" % CUSTOM_INJECTION_MARK_CHAR, conf.uValues) or conf.uValues.count(CUSTOM_INJECTION_MARK_CHAR) != 1):
+        errMsg = "option '--union-values' must contain valid UNION column values, along with the injection position "
+        errMsg += "(e.g. 'NULL,1,%s,NULL')" % CUSTOM_INJECTION_MARK_CHAR
+        raise SqlmapSyntaxException(errMsg)
+
     if conf.skip and conf.testParameter:
         if intersect(conf.skip, conf.testParameter):
             errMsg = "option '--skip' is incompatible with option '-p'"
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 761ee9955..d41e85b5e 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -118,6 +118,7 @@ optDict = {
         "uCols": "string",
         "uChar": "string",
         "uFrom": "string",
+        "uValues": "string",
         "dnsDomain": "string",
         "secondUrl": "string",
         "secondReq": "string",
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 2bbf50715..a0f5f759c 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.8.11"
+VERSION = "1.7.9.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index b1074166c..95493b9b9 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -414,6 +414,9 @@ def cmdLineParser(argv=None):
         techniques.add_argument("--union-from", dest="uFrom",
             help="Table to use in FROM part of UNION query SQL injection")
 
+        techniques.add_argument("--union-values", dest="uValues",
+            help="Column values to use for UNION query SQL injection")
+
         techniques.add_argument("--dns-domain", dest="dnsDomain",
             help="Domain name used for DNS exfiltration attack")
 
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
index c7a3f5948..91ffa13b8 100644
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -340,7 +340,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
             warnMsg = "if UNION based SQL injection is not detected, "
             warnMsg += "please consider "
 
-            if not conf.uChar and count > 1 and kb.uChar == NULL:
+            if not conf.uChar and count > 1 and kb.uChar == NULL and conf.uValues is None:
                 message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] "
 
                 if not readInput(message, default='Y', boolean=True):
diff --git a/sqlmap.conf b/sqlmap.conf
index 895b60115..df95a9e7f 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -412,6 +412,11 @@ uChar =
 # Example: INFORMATION_SCHEMA.COLLATIONS
 uFrom = 
 
+# Column values to use for UNION query SQL injection.
+# Valid: string
+# Example: NULL,1,*,NULL
+uChar =
+
 # Domain name used for DNS exfiltration attack.
 # Valid: string
 dnsDomain =

From 6caba631a84e87043ad7c4f7013cd6be4b96bf59 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 4 Sep 2023 18:47:25 +0200
Subject: [PATCH 15/28] Minor patch (#5508)

---
 lib/core/settings.py | 2 +-
 sqlmap.conf          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index a0f5f759c..0d943f8ee 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.9.0"
+VERSION = "1.7.9.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/sqlmap.conf b/sqlmap.conf
index df95a9e7f..c74c20d34 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -415,7 +415,7 @@ uFrom =
 # Column values to use for UNION query SQL injection.
 # Valid: string
 # Example: NULL,1,*,NULL
-uChar =
+uValues =
 
 # Domain name used for DNS exfiltration attack.
 # Valid: string

From c62937485847bba650951888dc65ec1f30be92e7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 7 Sep 2023 11:03:01 +0200
Subject: [PATCH 16/28] Fixes #5521

---
 lib/core/settings.py        | 2 +-
 lib/request/inject.py       | 2 +-
 lib/techniques/error/use.py | 2 +-
 lib/techniques/union/use.py | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0d943f8ee..5370a2481 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.9.1"
+VERSION = "1.7.9.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 039ef1be3..2342837b3 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -274,7 +274,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
 
                         stopLimit = 1
 
-                    elif (not count or int(count) == 0):
+                    elif not isNumPosStrValue(count):
                         if not count:
                             warnMsg = "the SQL query provided does not "
                             warnMsg += "return any output"
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 343733dd2..749cef5d8 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -355,7 +355,7 @@ def errorUse(expression, dump=False):
 
                 stopLimit = 1
 
-            elif (not count or int(count) == 0):
+            elif not isNumPosStrValue(count):
                 if not count:
                     warnMsg = "the SQL query provided does not "
                     warnMsg += "return any output"
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index ef550d8da..1ad4ff813 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -308,7 +308,7 @@ def unionUse(expression, unpack=True, dump=False):
 
                 stopLimit = 1
 
-            elif (not count or int(count) == 0):
+            elif not isNumPosStrValue(count):
                 if not count:
                     warnMsg = "the SQL query provided does not "
                     warnMsg += "return any output"

From e0ec2fcdbdee71fba665f8c1b5b78fe2c4bb5499 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 28 Sep 2023 20:34:52 +0200
Subject: [PATCH 17/28] Implements option --time-limit (#5502)

---
 lib/core/convert.py    | 5 +++++
 lib/core/option.py     | 1 +
 lib/core/optiondict.py | 1 +
 lib/core/settings.py   | 2 +-
 lib/parse/cmdline.py   | 3 +++
 sqlmap.conf            | 7 +++++--
 6 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/lib/core/convert.py b/lib/core/convert.py
index c6f86aa1f..6478f98f2 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -16,6 +16,7 @@ import codecs
 import json
 import re
 import sys
+import time
 
 from lib.core.bigarray import BigArray
 from lib.core.compat import xrange
@@ -334,6 +335,10 @@ def getUnicode(value, encoding=None, noneToNull=False):
     True
     """
 
+    # Best position for --time-limit mechanism
+    if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit):
+        raise SystemExit
+
     if noneToNull and value is None:
         return NULL
 
diff --git a/lib/core/option.py b/lib/core/option.py
index 951399fc0..897b6724a 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -2171,6 +2171,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.smokeMode = False
     kb.reduceTests = None
     kb.sslSuccess = False
+    kb.startTime = time.time()
     kb.stickyDBMS = False
     kb.suppressResumeInfo = False
     kb.tableFrom = None
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index d41e85b5e..b4dd0af75 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -239,6 +239,7 @@ optDict = {
         "skipWaf": "boolean",
         "testFilter": "string",
         "testSkip": "string",
+        "timeLimit": "float",
         "webRoot": "string",
     },
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 5370a2481..b60fa79a8 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.9.2"
+VERSION = "1.7.9.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 95493b9b9..b62a79037 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -736,6 +736,9 @@ def cmdLineParser(argv=None):
         general.add_argument("--test-skip", dest="testSkip",
             help="Skip tests by payloads and/or titles (e.g. BENCHMARK)")
 
+        general.add_argument("--time-limit", dest="timeLimit", type=float,
+            help="Run with a time limit in seconds (e.g. 3600)")
+
         general.add_argument("--web-root", dest="webRoot",
             help="Web server document root directory (e.g. \"/var/www\")")
 
diff --git a/sqlmap.conf b/sqlmap.conf
index c74c20d34..114324e8d 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -820,12 +820,15 @@ skipWaf = False
 # Default: sqlmap
 tablePrefix = sqlmap
 
-# Select tests by payloads and/or titles (e.g. ROW)
+# Select tests by payloads and/or titles (e.g. ROW).
 testFilter =
 
-# Skip tests by payloads and/or titles (e.g. BENCHMARK)
+# Skip tests by payloads and/or titles (e.g. BENCHMARK).
 testSkip =
 
+# Run with a time limit in seconds (e.g. 3600).
+timeLimit =
+
 # Web server document root directory (e.g. "/var/www").
 webRoot =
 

From 1740f6332e96fb85585e185d5c47aebbb78740c1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 6 Oct 2023 19:48:30 +0200
Subject: [PATCH 18/28] Fixes #5536

---
 lib/core/settings.py           |  2 +-
 lib/request/connect.py         |  2 +-
 lib/request/redirecthandler.py | 12 ++++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index b60fa79a8..a0b72050d 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.9.3"
+VERSION = "1.7.10.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 4b1a8d6d5..23ac53c4e 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -641,7 +641,7 @@ class Connect(object):
                     responseHeaders = conn.info()
                     responseHeaders[URI_HTTP_HEADER] = conn.geturl() if hasattr(conn, "geturl") else url
 
-                    if hasattr(conn, "redurl"):
+                    if getattr(conn, "redurl", None) is not None:
                         responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl
 
                     responseHeaders = patchHeaders(responseHeaders)
diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py
index a305906b2..406ce6b69 100644
--- a/lib/request/redirecthandler.py
+++ b/lib/request/redirecthandler.py
@@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission
 """
 
 import io
+import re
 import time
 import types
 
@@ -71,6 +72,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
     def http_error_302(self, req, fp, code, msg, headers):
         start = time.time()
         content = None
+        forceRedirect = False
         redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None
 
         try:
@@ -111,12 +113,18 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
                     redurl = _urllib.parse.urljoin(req.get_full_url(), redurl)
 
                 self._infinite_loop_check(req)
-                self._ask_redirect_choice(code, redurl, req.get_method())
+                if conf.scope:
+                    if not re.search(conf.scope, redurl, re.I):
+                        redurl = None
+                    else:
+                        forceRedirect = True
+                else:
+                    self._ask_redirect_choice(code, redurl, req.get_method())
             except ValueError:
                 redurl = None
                 result = fp
 
-        if redurl and kb.choices.redirect == REDIRECTION.YES:
+        if redurl and (kb.choices.redirect == REDIRECTION.YES or forceRedirect):
             parseResponse(content, headers)
 
             req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)

From 90cbaa1249ab5bffc0591f5b5b1eacc3b26ce14c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 9 Oct 2023 11:07:09 +0200
Subject: [PATCH 19/28] Fixes #5539

---
 lib/core/settings.py   | 2 +-
 lib/request/connect.py | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index a0b72050d..e59f1d371 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.0"
+VERSION = "1.7.10.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 23ac53c4e..fb5c861c9 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -122,6 +122,7 @@ from lib.core.settings import PLAIN_TEXT_CONTENT_TYPE
 from lib.core.settings import RANDOM_INTEGER_MARKER
 from lib.core.settings import RANDOM_STRING_MARKER
 from lib.core.settings import REPLACEMENT_MARKER
+from lib.core.settings import SAFE_HEX_MARKER
 from lib.core.settings import TEXT_CONTENT_TYPE_REGEX
 from lib.core.settings import UNENCODED_ORIGINAL_VALUE
 from lib.core.settings import UNICODE_ENCODING
@@ -1069,7 +1070,9 @@ class Connect(object):
                 if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
                     # payloads in SOAP/XML should have chars > and < replaced
                     # with their HTML encoded counterparts
+                    payload = payload.replace("&#", SAFE_HEX_MARKER)
                     payload = payload.replace('&', "&amp;").replace('>', "&gt;").replace('<', "&lt;").replace('"', "&quot;").replace("'", "&apos;")  # Reference: https://stackoverflow.com/a/1091953
+                    payload = payload.replace(SAFE_HEX_MARKER, "&#")
                 elif kb.postHint == POST_HINT.JSON:
                     payload = escapeJsonValue(payload)
                 elif kb.postHint == POST_HINT.JSON_LIKE:

From 3d244ea9c31e522d988c8a0b0181ea12301a67a8 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 20 Oct 2023 15:24:41 +0200
Subject: [PATCH 20/28] Fixes #5549

---
 lib/core/settings.py | 2 +-
 tamper/if2case.py    | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index e59f1d371..3edf1e75d 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.1"
+VERSION = "1.7.10.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/if2case.py b/tamper/if2case.py
index 9e82459fa..533e1e210 100644
--- a/tamper/if2case.py
+++ b/tamper/if2case.py
@@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
 
 from lib.core.compat import xrange
 from lib.core.enums import PRIORITY
+from lib.core.settings import REPLACEMENT_MARKER
 
 __priority__ = PRIORITY.HIGHEST
 
@@ -36,6 +37,7 @@ def tamper(payload, **kwargs):
     """
 
     if payload and payload.find("IF") > -1:
+        payload = payload.replace("()", REPLACEMENT_MARKER)
         while payload.find("IF(") > -1:
             index = payload.find("IF(")
             depth = 1
@@ -64,4 +66,6 @@ def tamper(payload, **kwargs):
             else:
                 break
 
+        payload = payload.replace(REPLACEMENT_MARKER, "()")
+
     return payload

From 57900d899c17698f782aca7c6b67eb957f6b99e2 Mon Sep 17 00:00:00 2001
From: GH05T HUNTER5 <108191615+GH05T-HUNTER5@users.noreply.github.com>
Date: Sun, 22 Oct 2023 14:41:33 +0530
Subject: [PATCH 21/28] Create README-in-HI.md (#5551)

---
 doc/translations/README-in-HI.md | 50 ++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 doc/translations/README-in-HI.md

diff --git a/doc/translations/README-in-HI.md b/doc/translations/README-in-HI.md
new file mode 100644
index 000000000..623f1c797
--- /dev/null
+++ b/doc/translations/README-in-HI.md
@@ -0,0 +1,50 @@
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
+
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं।
+
+चित्रसंवाद
+----
+
+![स्क्रीनशॉट](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं।
+
+स्थापना
+----
+
+आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं।
+
+प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं:
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
+
+उपयोग
+----
+
+मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए:
+
+    python sqlmap.py -h
+
+सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए:
+
+    python sqlmap.py -hh
+
+आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है।
+
+लिंक
+----
+
+* मुखपृष्ठ: https://sqlmap.org
+* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues
+* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki
+* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* ट्विटर: [@sqlmap](https://twitter.com/sqlmap)
+* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+* 

From e267c8fd5728e757fe302da07efef56f65fe31dd Mon Sep 17 00:00:00 2001
From: GH05T HUNTER5 <108191615+GH05T-HUNTER5@users.noreply.github.com>
Date: Sun, 22 Oct 2023 14:41:50 +0530
Subject: [PATCH 22/28] Update README.md (#5552)

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9cc4603d5..c2f7885b2 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,7 @@ Translations
 * [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
 * [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
+* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
 * [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
@@ -73,4 +74,4 @@ Translations
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
 * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
 * [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
-* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md)
\ No newline at end of file
+* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md)

From 7a6abb56d29225b73d333df00ce06012517c5553 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 22 Oct 2023 11:13:17 +0200
Subject: [PATCH 23/28] Minor patch

---
 README.md                                              | 4 ++--
 doc/translations/{README-de-GER.md => README-de-DE.md} | 0
 doc/translations/{README-ru-RUS.md => README-ru-RU.md} | 0
 lib/core/settings.py                                   | 2 +-
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename doc/translations/{README-de-GER.md => README-de-DE.md} (100%)
 rename doc/translations/{README-ru-RUS.md => README-ru-RU.md} (100%)

diff --git a/README.md b/README.md
index c2f7885b2..772c3d087 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ Translations
 * [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
 * [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
 * [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
-* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
+* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
 * [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
 * [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
 * [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
@@ -68,7 +68,7 @@ Translations
 * [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
 * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
-* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
+* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
 * [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
 * [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
 * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
diff --git a/doc/translations/README-de-GER.md b/doc/translations/README-de-DE.md
similarity index 100%
rename from doc/translations/README-de-GER.md
rename to doc/translations/README-de-DE.md
diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RU.md
similarity index 100%
rename from doc/translations/README-ru-RUS.md
rename to doc/translations/README-ru-RU.md
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 3edf1e75d..3a88b2da6 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.2"
+VERSION = "1.7.10.3"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 9d85d3005a877d12ae9fbfc708a00610f49af606 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 27 Oct 2023 15:17:47 +0200
Subject: [PATCH 24/28] Minor update of fingerprinting payloads

---
 lib/core/settings.py                   | 2 +-
 plugins/dbms/mysql/fingerprint.py      | 5 +++--
 plugins/dbms/oracle/fingerprint.py     | 2 +-
 plugins/dbms/postgresql/fingerprint.py | 4 +++-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 3a88b2da6..0868a444e 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.3"
+VERSION = "1.7.10.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
index abdb94fd7..042bcf5a0 100644
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -45,9 +45,10 @@ class Fingerprint(GenericFingerprint):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
-            (80000, 80033),  # MySQL 8.0
+            (80100, 80102),  # MySQL 8.1
+            (80000, 80035),  # MySQL 8.0
             (60000, 60014),  # MySQL 6.0
-            (50700, 50742),  # MySQL 5.7
+            (50700, 50744),  # MySQL 5.7
             (50600, 50652),  # MySQL 5.6
             (50500, 50563),  # MySQL 5.5
             (50400, 50404),  # MySQL 5.4
diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py
index 370d45408..784460aaf 100644
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -105,7 +105,7 @@ class Fingerprint(GenericFingerprint):
             logger.info(infoMsg)
 
             # Reference: https://en.wikipedia.org/wiki/Oracle_Database
-            for version in ("21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"):
+            for version in ("23c", "21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"):
                 number = int(re.search(r"([\d]+)", version).group(1))
                 output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
 
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
index e72a38bd7..979d9ff5b 100644
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -131,7 +131,9 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
             logger.info(infoMsg)
 
-            if inject.checkBooleanExpression("REGEXP_COUNT(NULL,NULL) IS NULL"):
+            if inject.checkBooleanExpression("RANDOM_NORMAL(0.0, 1.0) IS NOT NULL"):
+                Backend.setVersion(">= 16.0")
+            elif inject.checkBooleanExpression("REGEXP_COUNT(NULL,NULL) IS NULL"):
                 Backend.setVersion(">= 15.0")
             elif inject.checkBooleanExpression("BIT_COUNT(NULL) IS NULL"):
                 Backend.setVersion(">= 14.0")

From bb1772c8b89cbadca67eded8f9064618ae21d9bd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 31 Oct 2023 15:16:15 +0100
Subject: [PATCH 25/28] Fixes #5560

---
 lib/controller/controller.py | 2 +-
 lib/core/settings.py         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 86a76442a..0c06b5153 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -513,7 +513,7 @@ def start():
                         paramKey = (conf.hostname, conf.path, place, parameter)
 
                         if kb.processUserMarks:
-                            if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
+                            if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI):
                                 if kb.processNonCustom is None:
                                     message = "other non-custom parameters found. "
                                     message += "Do you want to process them too? [Y/n/q] "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0868a444e..c97bd4507 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.4"
+VERSION = "1.7.10.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 124c3902cca07c1850dd081d79eab8784e236d35 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Nov 2023 20:03:53 +0100
Subject: [PATCH 26/28] Fixes #5565

---
 lib/core/settings.py         | 2 +-
 lib/techniques/union/test.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index c97bd4507..e38f2acf7 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.5"
+VERSION = "1.7.11.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
index 91ffa13b8..a9a6358a7 100644
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -133,7 +133,8 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
             items.append((count, ratio))
 
         if not isNullValue(kb.uChar):
-            for regex in (kb.uChar.strip("'"), r'>\s*%s\s*<' % kb.uChar.strip("'")):
+            value = re.escape(kb.uChar.strip("'"))
+            for regex in (value, r'>\s*%s\s*<' % value):
                 contains = [count for count, content in pages.items() if re.search(regex, content or "", re.IGNORECASE) is not None]
                 if len(contains) == 1:
                     retVal = contains[0]

From acce97bfcbf29bd07000056689a6a58fd25b7a34 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Nov 2023 20:25:42 +0100
Subject: [PATCH 27/28] Patch related to the #5567

---
 lib/core/option.py   | 6 +++---
 lib/core/settings.py | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index 897b6724a..612b855c8 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -929,7 +929,7 @@ def _setPreprocessFunctions():
             else:
                 try:
                     function(_urllib.request.Request("http://localhost"))
-                except:
+                except Exception as ex:
                     tbMsg = traceback.format_exc()
 
                     if conf.debug:
@@ -943,8 +943,8 @@ def _setPreprocessFunctions():
 
                     errMsg = "function 'preprocess(req)' "
                     errMsg += "in preprocess script '%s' " % script
-                    errMsg += "appears to be invalid "
-                    errMsg += "(Note: find template script at '%s')" % filename
+                    errMsg += "had issues in a test run ('%s'). " % getSafeExString(ex)
+                    errMsg += "You can find a template script at '%s'" % filename
                     raise SqlmapGenericException(errMsg)
 
 def _setPostprocessFunctions():
diff --git a/lib/core/settings.py b/lib/core/settings.py
index e38f2acf7..e05d9d581 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.11.0"
+VERSION = "1.7.11.1"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From de66b69f41e70a36d31dfa51b0947bbc9a29ea40 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 12 Nov 2023 20:38:47 +0100
Subject: [PATCH 28/28] Fixes #5566

---
 lib/core/settings.py   | 2 +-
 lib/request/connect.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index e05d9d581..5fec2e407 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.11.1"
+VERSION = "1.7.11.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/connect.py b/lib/request/connect.py
index fb5c861c9..57805c7fa 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -1030,6 +1030,8 @@ class Connect(object):
                     conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
                     contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
                     conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
+                    if "urlencoded" in contentType:
+                        postUrlEncode = True
 
         if payload:
             delimiter = conf.paramDel or (DEFAULT_GET_POST_DELIMITER if place != PLACE.COOKIE else DEFAULT_COOKIE_DELIMITER)