Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4a4fa07

Browse files
stamparmstamparm
committed
Minor update
1 parent a4ebd54 commit 4a4fa07

3 files changed

Lines changed: 9 additions & 6 deletions

File tree

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.1.7.6"
22+
VERSION = "1.1.7.7"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -453,6 +453,9 @@
453453
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
454454
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
455455

456+
# Keywords expected to be in UPPERCASE in getValue()
457+
GET_VALUE_UPPERCASE_KEYWORDS = ("SELECT", "FROM", "WHERE", "DISTINCT", "COUNT")
458+
456459
LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
457460

458461
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)

lib/request/inject.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@
4242
from lib.core.exception import SqlmapDataException
4343
from lib.core.exception import SqlmapNotVulnerableException
4444
from lib.core.exception import SqlmapUserQuitException
45+
from lib.core.settings import GET_VALUE_UPPERCASE_KEYWORDS
4546
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
4647
from lib.core.settings import SQL_SCALAR_REGEX
4748
from lib.core.threads import getCurrentThreadData
@@ -345,8 +346,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
345346
kb.safeCharEncode = safeCharEncode
346347
kb.resumeValues = resumeValue
347348

348-
# Note: following keywords are expected to be in uppercase
349-
for keyword in ("SELECT", "FROM", "WHERE"):
349+
for keyword in GET_VALUE_UPPERCASE_KEYWORDS:
350350
expression = re.sub("(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)
351351

352352
if suppressOutput is not None:
@@ -418,7 +418,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
418418
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
419419

420420
if found and conf.dnsDomain:
421-
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
421+
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {'E': PAYLOAD.TECHNIQUE.ERROR, 'Q': PAYLOAD.TECHNIQUE.QUERY, 'U': PAYLOAD.TECHNIQUE.UNION}.items())))
422422
warnMsg = "option '--dns-domain' will be ignored "
423423
warnMsg += "as faster techniques are usable "
424424
warnMsg += "(%s) " % _

txt/checksum.md5

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
4646
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
4747
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
4848
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
49-
7d6af4ab9aa4b6c10cefe0062409a228 lib/core/settings.py
49+
938c43b15900804e53882140493ffb71 lib/core/settings.py
5050
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
5151
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
5252
baa3f47efa6701076d026e43a6874a51 lib/core/target.py
@@ -73,7 +73,7 @@ fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
7373
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
7474
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
7575
310efc965c862cfbd7b0da5150a5ad36 lib/request/__init__.py
76-
62b01fc81e0ee708d1b92add612f659e lib/request/inject.py
76+
f7660e11e23e977b00922e241b1a3000 lib/request/inject.py
7777
dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
7878
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
7979
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py

0 commit comments

Comments
 (0)