Couple of patches

2026-01-20 13:29:02 +00:00 · 2026-01-17 22:29:20 +01:00
parent 264095aa97
commit 648752c508
5 changed files with 21 additions and 14 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2065,7 +2065,7 @@ def getCharset(charsetType=None):

    # Digits
    elif charsetType == CHARSET_TYPE.DIGITS:
-        asciiTbl.extend((0, 9))
+        asciiTbl.extend(xrange(0, 10))
        asciiTbl.extend(xrange(47, 58))

    # Hexadecimal
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.47"
+VERSION = "1.10.1.48"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -471,13 +471,16 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                bit = 0
                while len(candidates) > 1:
                    bits = {}
+                    maxCandidate = max(candidates)
+                    maxBits = maxCandidate.bit_length() if maxCandidate > 0 else 1
+
                    for candidate in candidates:
-                        bit = 0
-                        while candidate:
+                        for bit in xrange(maxBits):
                            bits.setdefault(bit, 0)
-                            bits[bit] += 1 if candidate & 1 else -1
-                            candidate >>= 1
-                            bit += 1
+                            if candidate & (1 << bit):
+                                bits[bit] += 1
+                            else:
+                                bits[bit] -= 1

                    choice = sorted(bits.items(), key=lambda _: abs(_[1]))[0][0]
                    mask = 1 << choice
@@ -499,7 +502,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                    incrementCounter(getTechnique())

                    if result:
-                        return decodeIntToUnicode(candidates[0])
+                        if candidates[0] == 0:      # Trailing zeros
+                            return None
+                        else:
+                            return decodeIntToUnicode(candidates[0])

        # Go multi-threading (--threads > 1)
        if numThreads > 1 and isinstance(length, int) and length > 1:
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -121,9 +121,10 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                                fields = list(json_data[0].keys())

                                if fields:
-                                    retVal = ""
+                                    parts = []
                                    for row in json_data:
-                                        retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop)
+                                        parts.append("%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop))
+                                    retVal = "".join(parts)
                        except:
                            retVal = None
                        else: