From 648752c50879e3bc495537eca83c85b4e9077bae Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 17 Jan 2026 22:29:20 +0100
Subject: [PATCH] Couple of patches

---
 data/txt/sha256sums.txt           |  8 ++++----
 lib/core/common.py                |  2 +-
 lib/core/settings.py              |  2 +-
 lib/techniques/blind/inference.py | 18 ++++++++++++------
 lib/techniques/union/use.py       |  5 +++--
 5 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index 3dac3906c..be076f38b 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -168,7 +168,7 @@ e376093d4f6e42ee38b050af329179df9c1c136b7667b2f1cb559f5d4b69ebd9  lib/controller
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/controller/__init__.py
 2a96190ced25d8929861b13866101812fcadf5cac23dd1dd4b29b1a915918769  lib/core/agent.py
 1da4ec9cd9b67c8b54e4a3d314f8237d58778d8f3a00bc26a1e0540294dca30f  lib/core/bigarray.py
-3f1fbe7c15b929db81097d10c2897eb1e711f158de51ef9041b4c74e11f3f1d8  lib/core/common.py
+a71a00c5c3efbc259087d90358a0665af15034454455dbd5b02b7451748f7371  lib/core/common.py
 a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e  lib/core/compat.py
 a9997e97ebe88e0bf7efcf21e878bc5f62c72348e5aba18f64d6861390a4dcf2  lib/core/convert.py
 c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.py
@@ -189,7 +189,7 @@ e18c0c2c5a57924a623792a48bfd36e98d9bc085f6db61a95fc0dc8a3bcedc0c  lib/core/decor
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-4267b95315e5351fa06aa27c883e187186adc3709e50acedf10079fd611dbb8d  lib/core/settings.py
+ff964b7b3c344643643dd3235e17ea7e2219bac3d275cc721df243a299e0f77b  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038  lib/core/target.py
@@ -231,7 +231,7 @@ f522436fbd14bdab090a1d305fcac0361800cb8e36c8cbcb47933298376a71e0  lib/takeover/r
 f6e5d6e2ff368fa39943b2302982f33c47eb9a12d01419bef50fcf934b2bce34  lib/takeover/udf.py
 4b5ff4fcfa25454e6a93600d32af42a69bd59151639f569c01920c8610a99656  lib/takeover/web.py
 14179e5273378ec8d63660a87c5cb07a42b61a6fceb7f3bb494a7b5ce10ce2cb  lib/takeover/xp_cmdshell.py
-e29a4054bb5285ba63ae2c0b2c05c8a15b80ec5719ddc4559baa0772d70f24b9  lib/techniques/blind/inference.py
+ea78a1e2c94073292664dff6cfb3da2836cc9114fb5f90a3de889fcc7c87dd3d  lib/techniques/blind/inference.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/blind/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/dns/__init__.py
 3df9839fb92a81d46b6194d7adacb43f391efb78b071783c132e8d596ecbfaf1  lib/techniques/dns/test.py
@@ -241,7 +241,7 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d  lib/techniques
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/union/__init__.py
 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b  lib/techniques/union/test.py
-77d2404e5b23fa419113de963bf9eb207582d1548fb0d3f36876d198785c88c3  lib/techniques/union/use.py
+a17c1d201bd084de0093254bcd303aa859399891de13a7259e8c200e98294efb  lib/techniques/union/use.py
 67dff80a17503b91c8ff93788ccc037b6695aa18b0793894b42488cbb21c4c83  lib/utils/api.py
 ea5e14f8c9d74b0fb17026b14e3fb70ee90e4046e51ab2c16652d86b3ca9b949  lib/utils/brute.py
 3fa1b9fd57ff47c6a283e8381bf70259dce57bb2327f99d8cb56450f1acf2d46  lib/utils/crawler.py
diff --git a/lib/core/common.py b/lib/core/common.py
index 150a4f4ee..0f7a8537f 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2065,7 +2065,7 @@ def getCharset(charsetType=None):
 
     # Digits
     elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend((0, 9))
+        asciiTbl.extend(xrange(0, 10))
         asciiTbl.extend(xrange(47, 58))
 
     # Hexadecimal
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 1b48995cf..211c6e5f4 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.47"
+VERSION = "1.10.1.48"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index d7b7801ff..ab69c170e 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -471,13 +471,16 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 bit = 0
                 while len(candidates) > 1:
                     bits = {}
+                    maxCandidate = max(candidates)
+                    maxBits = maxCandidate.bit_length() if maxCandidate > 0 else 1
+
                     for candidate in candidates:
-                        bit = 0
-                        while candidate:
+                        for bit in xrange(maxBits):
                             bits.setdefault(bit, 0)
-                            bits[bit] += 1 if candidate & 1 else -1
-                            candidate >>= 1
-                            bit += 1
+                            if candidate & (1 << bit):
+                                bits[bit] += 1
+                            else:
+                                bits[bit] -= 1
 
                     choice = sorted(bits.items(), key=lambda _: abs(_[1]))[0][0]
                     mask = 1 << choice
@@ -499,7 +502,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     incrementCounter(getTechnique())
 
                     if result:
-                        return decodeIntToUnicode(candidates[0])
+                        if candidates[0] == 0:      # Trailing zeros
+                            return None
+                        else:
+                            return decodeIntToUnicode(candidates[0])
 
         # Go multi-threading (--threads > 1)
         if numThreads > 1 and isinstance(length, int) and length > 1:
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index 49928e7a9..b544b56ac 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -121,9 +121,10 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                                 fields = list(json_data[0].keys())
 
                                 if fields:
-                                    retVal = ""
+                                    parts = []
                                     for row in json_data:
-                                        retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop)
+                                        parts.append("%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop))
+                                    retVal = "".join(parts)
                         except:
                             retVal = None
                         else: