From 1b1c37e12ced6bbe5486e9302a05f1e6f9e89b64 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Nov 2019 14:45:48 +0100 Subject: [PATCH] Minor update --- lib/core/settings.py | 2 +- lib/utils/crawler.py | 33 +++++++++++++++--------------- plugins/dbms/mysql/fingerprint.py | 8 +++++--- plugins/dbms/oracle/fingerprint.py | 2 +- 4 files changed, 24 insertions(+), 21 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 35a9e0847..55bb35e36 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.11.10" +VERSION = "1.3.11.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 35932ea7e..492325ca1 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -195,27 +195,28 @@ def crawl(target): for url in threadData.shared.value: kb.targets.add((urldecode(url, kb.pageEncoding), None, None, None, None)) - if kb.normalizeCrawlingChoice is None: - message = "do you want to normalize " - message += "crawling results [Y/n] " + if kb.targets: + if kb.normalizeCrawlingChoice is None: + message = "do you want to normalize " + message += "crawling results [Y/n] " - kb.normalizeCrawlingChoice = readInput(message, default='Y', boolean=True) + kb.normalizeCrawlingChoice = readInput(message, default='Y', boolean=True) - if kb.normalizeCrawlingChoice: - seen = set() - results = OrderedSet() + if kb.normalizeCrawlingChoice: + seen = set() + results = OrderedSet() - for target in kb.targets: - match = re.search(r"/[^/?]*\?.*\Z", target[0]) - if match: - key = re.sub(r"=[^=&]*", "=", match.group(0)) - if key not in seen: - results.add(target) - seen.add(key) + for target in kb.targets: + match = re.search(r"/[^/?]*\?.*\Z", target[0]) + if match: + key = re.sub(r"=[^=&]*", "=", match.group(0)) + if key not in seen: + results.add(target) + seen.add(key) - kb.targets = results + kb.targets = results - storeResultsToFile(kb.targets) + storeResultsToFile(kb.targets) def storeResultsToFile(results): if not results: diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 04fdc61e6..6b2f66e16 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -41,6 +41,8 @@ class Fingerprint(GenericFingerprint): return None # Reference: https://downloads.mysql.com/archives/community/ + # Reference: https://dev.mysql.com/doc/relnotes/mysql/./en/ + versions = ( (32200, 32235), # MySQL 3.22 (32300, 32359), # MySQL 3.23 @@ -50,10 +52,10 @@ class Fingerprint(GenericFingerprint): (50100, 50174), # MySQL 5.1 (50400, 50404), # MySQL 5.4 (50500, 50562), # MySQL 5.5 - (50600, 50646), # MySQL 5.6 - (50700, 50726), # MySQL 5.7 + (50600, 50648), # MySQL 5.6 + (50700, 50730), # MySQL 5.7 (60000, 60014), # MySQL 6.0 - (80000, 80017), # MySQL 8.0 + (80000, 80021), # MySQL 8.0 ) index = -1 diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 3ddd24885..4a31b0625 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -105,7 +105,7 @@ class Fingerprint(GenericFingerprint): logger.info(infoMsg) # Reference: https://en.wikipedia.org/wiki/Oracle_Database - for version in ("18c", "12c", "11g", "10g", "9i", "8i", "7"): + for version in ("19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"): number = int(re.search(r"([\d]+)", version).group(1)) output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))