From 772eaa2aeecf8d8e0ee1f1a10b91af7bdd20f897 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 26 Feb 2025 17:36:02 +0100 Subject: [PATCH 1/4] Minor patch --- data/txt/sha256sums.txt | 6 +++--- lib/core/settings.py | 2 +- lib/request/comparison.py | 17 ++++++++++++----- lib/request/httpshandler.py | 1 + 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 322cdab50..8ca199100 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -a038d8cca1fd8037d99c4b09d2e910c346ed4ca8e6d1ce8648e3e9e4859ae674 lib/core/settings.py +2d6e17f497c09c7a25225e7c669b5c907aec1dac09c9300dd4ad48a325e2a254 lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -210,11 +210,11 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 87109063dd336fe2705fdfef23bc9b340dcc58e410f15c372fab51ea6a1bf4b1 lib/request/basicauthhandler.py 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py -ad661a075c6df0624747722d77ca3b1f69f36e54708e33673a33cfdef1ed5075 lib/request/comparison.py +6058fc4fce4b5ce660096d341eab3ae170e5406b31e2e9f51dcf60e7a2b67e68 lib/request/comparison.py 7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596 lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py -21d299203a92bc31415811904e1134a0d9e752c5fb111d3ea56605d78724ab3f lib/request/httpshandler.py +844fae318d6b3141bfc817aac7a29868497b5e7b4b3fdd7c751ad1d4a485324f lib/request/httpshandler.py 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/request/__init__.py 64442b90c1e02b23db3ed764a0588f9052b96c4690b234af1682b3b7e52d51a8 lib/request/inject.py 6ac4235e40dda2d51b21c2199374eb30d53a5b40869f80055df0ac34fbe59351 lib/request/methodrequest.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 9d5bb7f5d..f3615dd12 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.15" +VERSION = "1.9.2.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 0b78a1efd..9c95d96e9 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -120,7 +120,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type): page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type): - seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore") + seqMatcher.set_seq1(getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, "ignore")) if any(_ is None for _ in (page, seqMatcher.a)): return None @@ -146,12 +146,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if seq1 is None or seq2 is None: return None - seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") - seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") + if isinstance(seq1, six.binary_type): + seq1 = seq1.replace(REFLECTED_VALUE_MARKER.encode(), b"") + elif isinstance(seq1, six.text_type): + seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") + + if isinstance(seq2, six.binary_type): + seq2 = seq2.replace(REFLECTED_VALUE_MARKER.encode(), b"") + elif isinstance(seq2, six.text_type): + seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") if kb.heavilyDynamic: - seq1 = seq1.split("\n") - seq2 = seq2.split("\n") + seq1 = seq1.split("\n" if isinstance(seq1, six.text_type) else b"\n") + seq2 = seq2.split("\n" if isinstance(seq2, six.text_type) else b"\n") key = None else: diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index 05aecc981..c472bda98 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -79,6 +79,7 @@ class HTTPSConnection(_http_client.HTTPSConnection): try: # Reference(s): https://askubuntu.com/a/1263098 # https://askubuntu.com/a/1250807 + # https://git.zknt.org/mirror/bazarr/commit/7f05f932ffb84ba8b9e5630b2adc34dbd77e2b4a?style=split&whitespace=show-all&show-outdated= _contexts[protocol].set_ciphers("ALL@SECLEVEL=0") except (ssl.SSLError, AttributeError): pass From a9cae8295073c58f5e1f595441858653cec727e9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 12 Mar 2025 16:00:43 +0100 Subject: [PATCH 2/4] Minor update for the automatic reporting --- data/txt/sha256sums.txt | 4 ++-- lib/core/common.py | 4 +++- lib/core/settings.py | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 8ca199100..ccebb0215 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -166,7 +166,7 @@ de2b0220db1c79d8720b636d267b11e117151f5f99740567096e9b4cbb7cc9d5 lib/controller 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918 lib/controller/__init__.py 41c7fb7e486c4383a114c851f0c32c81c53c2b4f1d2a0fd99f70885072646387 lib/core/agent.py f848dcfdacb5143f803f4e9474cf3eef939039c26c522ca09777c425661300f0 lib/core/bigarray.py -eaf9d2d47305764213ada74b7a83721fc5f49578f2d8afa78799855068acb416 lib/core/common.py +afecad4b14e8008f6f97a6ec653fc930dfd8dc65f9d24a51274f8b5c3f63a4e2 lib/core/common.py 88fbbe7c41511b17d7ef449d675a84eaa80cac6ebf457a18577eadd62f6f1330 lib/core/compat.py 5ce8f2292f99d17d69bfc40ded206bfdfd06e2e3660ff9d1b3c56163793f8d1c lib/core/convert.py f561310b3cea570cc13d9f0aff16cce8b097d51275f8b947e7fff4876ac65c32 lib/core/data.py @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -2d6e17f497c09c7a25225e7c669b5c907aec1dac09c9300dd4ad48a325e2a254 lib/core/settings.py +13cb63f7e3c76e3251cd572b766b358389b5d997893aa649bf279169051270e8 lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py diff --git a/lib/core/common.py b/lib/core/common.py index 8e4d06e35..8fc73e956 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -35,6 +35,7 @@ import threading import time import types import unicodedata +import zlib from difflib import SequenceMatcher from math import sqrt @@ -4005,7 +4006,8 @@ def createGithubIssue(errMsg, excMsg): pass data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)} - req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) + token = getText(zlib.decompress(decodeBase64(GITHUB_REPORT_OAUTH_TOKEN[::-1], binary=True))[0::2][::-1]) + req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: "token %s" % token, HTTP_HEADER.USER_AGENT: fetchRandomAgent()}) try: content = getText(_urllib.request.urlopen(req).read()) diff --git a/lib/core/settings.py b/lib/core/settings.py index f3615dd12..65bdda61c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.16" +VERSION = "1.9.3.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -701,7 +701,7 @@ DEFAULT_COOKIE_DELIMITER = ';' FORCE_COOKIE_EXPIRATION_TIME = "9999999999" # Github OAuth token used for creating an automatic Issue for unhandled exceptions -GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX0pNd0I2U25kN2Q5QmxlWkhxZmkxVXZTSHZiTlRDWjE5NUNpNA" +GITHUB_REPORT_OAUTH_TOKEN = "wxqc7vTeW8ohIcX+1wK55Mnql2Ex9cP+2s1dqTr/mjlZJVfLnq24fMAi08v5vRvOmuhVZQdOT/lhIRovWvIJrdECD1ud8VMPWpxY+NmjHoEx+VLK1/vCAUBwJe" # Skip unforced HashDB flush requests below the threshold number of cached items HASHDB_FLUSH_THRESHOLD = 32 From 28c838a9f007ef06ced330fae0503ebb8b76cf7a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 12 Mar 2025 16:01:21 +0100 Subject: [PATCH 3/4] Dummy update --- data/txt/sha256sums.txt | 2 +- lib/core/settings.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index ccebb0215..f34ea0262 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -13cb63f7e3c76e3251cd572b766b358389b5d997893aa649bf279169051270e8 lib/core/settings.py +c689e87a8cfaf0faf1a44c8b6fc513ab9ce13e57059c8eaabd2b956b2473a57f lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 65bdda61c..97d9c0e5d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.3.0" +VERSION = "1.9.3.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02 UPPER_RATIO_BOUND = 0.98 # For filling in case of dumb push updates -DUMMY_JUNK = "ouZ0ii8A" +DUMMY_JUNK = "ahy9Ouge" # Markers for special cases when parameter values contain html encoded characters PARAMETER_AMP_MARKER = "__AMP__" From 6c108d96a009de6813acb1c4011321135fef1d06 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Mar 2025 13:59:42 +0100 Subject: [PATCH 4/4] Minor update regarding the #5863 --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/request/comparison.py | 12 ++++++++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index f34ea0262..4e75db527 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -c689e87a8cfaf0faf1a44c8b6fc513ab9ce13e57059c8eaabd2b956b2473a57f lib/core/settings.py +67d73d40d250bfef5bf3901a948ff44a9b9b9c44dd4b97c42f5e2433b327b9c0 lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -210,7 +210,7 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d lib/parse/site 87109063dd336fe2705fdfef23bc9b340dcc58e410f15c372fab51ea6a1bf4b1 lib/request/basicauthhandler.py 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8 lib/request/basic.py 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1 lib/request/chunkedhandler.py -6058fc4fce4b5ce660096d341eab3ae170e5406b31e2e9f51dcf60e7a2b67e68 lib/request/comparison.py +6be5719f3c922682931779830a4571a13d5612a69e2423fd60a254e8dbceaf5c lib/request/comparison.py 7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596 lib/request/connect.py 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e lib/request/direct.py 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d lib/request/dns.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 97d9c0e5d..72d5d8740 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.3.1" +VERSION = "1.9.3.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 9c95d96e9..f839453bd 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -21,7 +21,9 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.exception import SqlmapNoneDataException +from lib.core.exception import SqlmapSilentQuitException from lib.core.settings import DEFAULT_PAGE_ENCODING +from lib.core.settings import DEV_EMAIL_ADDRESS from lib.core.settings import DIFF_TOLERANCE from lib.core.settings import HTML_TITLE_REGEX from lib.core.settings import LOWER_RATIO_BOUND @@ -35,8 +37,14 @@ from lib.core.threads import getCurrentThreadData from thirdparty import six def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): - _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) - return _ + try: + _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) + return _ + except: + warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. " + warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS + logger.critical(warnMsg) + raise SqlmapSilentQuitException def _adjust(condition, getRatioValue): if not any((conf.string, conf.notString, conf.regexp, conf.code)):