Minor bug fixes

2026-06-24 10:37:51 +00:00 · 2026-06-14 21:44:04 +02:00 · 2026-06-14 21:44:04 +02:00 · 03fb84c5be
commit 03fb84c5be
parent 10c464cd6f
4 changed files with 6 additions and 9 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.101"
+VERSION = "1.10.6.102"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -1626,10 +1626,7 @@ class Connect(object):
                        if payload is None:
                            value = value.replace(kb.customInjectionMark, "")
                        else:
-                            try:
-                                value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value)
-                            except re.error:
-                                value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), re.escape(payload), value)
+                            value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), lambda _: payload, value)  # Note: function replacement inserts payload literally - avoids re.sub interpreting backslashes / group refs (e.g. \1, \g<...>) in the payload
                    return value
                page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)

--- a/lib/utils/api.py
+++ b/lib/utils/api.py
@ -331,7 +331,7 @@ def check_authentication():
            request.environ["PATH_INFO"] = "/error/401"
        else:
            username, password = creds.split(':', 1)
-            if username.strip() != (DataStore.username or "") or password.strip() != (DataStore.password or ""):
+            if not (safeCompareStrings(username.strip(), DataStore.username or "") and safeCompareStrings(password.strip(), DataStore.password or "")):  # Note: constant-time comparison (mirrors is_admin) to avoid a timing side-channel on the credentials
                request.environ["PATH_INFO"] = "/error/401"

@hook("after_request")