Couple of improvements

This commit is contained in:
Miroslav Štampar 2026-06-18 17:46:40 +02:00
parent 8a458fc8d0
commit 8de9c5899d
18 changed files with 108 additions and 51 deletions

View file

@ -827,7 +827,7 @@ class Agent(object):
def forgeUnionQuery(self, query, position, count, comment, prefix, suffix, char, where, multipleUnions=None, limited=False, fromTable=None):
"""
Take in input an query (pseudo query) string and return its
Take in input a query (pseudo query) string and return its
processed UNION ALL SELECT query.
Examples:

View file

@ -210,9 +210,9 @@ class BigArray(list):
except (OSError, IOError) as ex:
errMsg = "exception occurred while storing data "
errMsg += "to a temporary file ('%s'). Please " % ex
errMsg += "make sure that there is enough disk space left. If problem persists, "
errMsg += "make sure that there is enough disk space left. If the problem persists, "
errMsg += "try to set environment variable 'TEMP' to a location "
errMsg += "writeable by the current user"
errMsg += "writable by the current user"
raise SqlmapSystemException(errMsg)
def _checkcache(self, index):

View file

@ -2761,7 +2761,7 @@ def getPartRun(alias=True):
def longestCommonPrefix(*sequences):
"""
Returns longest common prefix occuring in given sequences
Returns longest common prefix occurring in given sequences
# Reference: http://boredzo.org/blog/archives/2007-01-06/longest-common-prefix-in-python-2
@ -3158,7 +3158,7 @@ def getPublicTypeMembers(type_, onlyValues=False):
def enumValueToNameLookup(type_, value_):
"""
Returns name of a enum member with a given value
Returns name of an enum member with a given value
>>> enumValueToNameLookup(SORT_ORDER, 100)
'LAST'

View file

@ -608,7 +608,7 @@ def _setMetasploit():
else:
warnMsg = "the provided Metasploit Framework path "
warnMsg += "'%s' is not valid. The cause could " % conf.msfPath
warnMsg += "be that the path does not exists or that one "
warnMsg += "be that the path does not exist or that one "
warnMsg += "or more of the needed Metasploit executables "
warnMsg += "within msfcli, msfconsole, msfencode and "
warnMsg += "msfpayload do not exist"
@ -1675,9 +1675,9 @@ def _createTemporaryDirectory():
except Exception as ex:
warnMsg = "there has been a problem while accessing "
warnMsg += "system's temporary directory location(s) ('%s'). Please " % getSafeExString(ex)
warnMsg += "make sure that there is enough disk space left. If problem persists, "
warnMsg += "make sure that there is enough disk space left. If the problem persists, "
warnMsg += "try to set environment variable 'TEMP' to a location "
warnMsg += "writeable by the current user"
warnMsg += "writable by the current user"
logger.warning(warnMsg)
if "sqlmap" not in (tempfile.tempdir or "") or conf.tmpDir and tempfile.tempdir == conf.tmpDir:

View file

@ -100,7 +100,7 @@ optDict = {
"prefix": "string",
"suffix": "string",
"tamper": "string",
"prove": "boolean",
"proof": "boolean",
},
"Detection": {

View file

@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10.6.122"
VERSION = "1.10.6.123"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -54,6 +54,11 @@ IPS_WAF_CHECK_RATIO = 0.5
# Timeout used in heuristic check for WAF/IPS protected targets
IPS_WAF_CHECK_TIMEOUT = 10
# HTTP status codes a WAF/IPS typically returns when it blocks a request. Used to reject a boolean
# "injection" whose only TRUE/FALSE difference is the always-true payload being blocked (a status-code
# false positive) rather than the back-end actually answering.
WAF_BLOCK_HTTP_CODES = (403, 406, 429, 451, 501, 503)
# Candidate tamper scripts for automatic WAF-bypass, ordered by empirical WAF-bypass value
# (structural token-substitution first, camouflage last; per identYwaf data). The back-end DBMS
# is not pre-filtered here: semantics-preservation is verified at runtime by re-running detection

View file

@ -61,7 +61,7 @@ def vulnTest():
("-u <url> --data=\"security_level=3\" -p id --flush-session --technique=B", ("bypassed the WAF/IPS by using tamper script", "Type: boolean-based blind")), # automatic WAF-bypass: SQL-tamper dimension at a stricter signature threshold
("-u <url> --data=\"security_level=4\" -p id --flush-session --technique=B --banner", ("random (non-scanner) User-Agent and browser-like headers to bypass the WAF/IPS", "Type: boolean-based blind", "banner: '3.")), # automatic WAF-bypass against a libinjection-class WAF: tampers cannot help, only the non-scanner User-Agent does
("-u <url> --data=\"security_level=5\" -p id --flush-session --technique=B", ("unable to automatically bypass the WAF/IPS", "does not seem to be injectable")), # automatic WAF-bypass honest bail: a libinjection-class WAF that no User-Agent or tamper can defeat
("-u <url> -p id --flush-session --prove", ("sqlmap proved exploitation of the following injection point", "Parameter: id (GET)", "Technique: boolean-based blind", "TRUE (5/5)", "repeatably", "Retrieved: back-end DBMS banner '3.")), # --prove: report-grade proof in the injection-point style - forces the boolean technique (so a multi-technique point still proves), and actively reads a value out as the strongest proof
("-u <url> -p id --flush-session --proof", ("sqlmap proved exploitation of the following injection point", "Parameter: id (GET)", "Technique: boolean-based blind", "TRUE (5/5)", "repeatably", "Retrieved: back-end DBMS banner '3.")), # --proof: report-grade proof in the injection-point style - forces the boolean technique (so a multi-technique point still proves), and actively reads a value out as the strongest proof
("-r <request> --flush-session -v 5 --test-skip=\"heavy\" --save=<config>", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")),
("-c <config>", ("CloudFlare", "possible DBMS: 'SQLite'", "User-Agent: foobar", "~Type: time-based blind")),
("-l <log> --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),