From 866fc5dfac409fe1c01ee2cc8bb4ba2eeeac8a09 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 30 Dec 2025 13:37:32 +0100 Subject: [PATCH] Minor thread-safety fix --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 4 ++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 62886ac57..8ce3e378c 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -eabd2afcdc5b6efc7824789e400acc387df4760587de98367149cf28f24c53c4 lib/core/settings.py +a6b8de9614325d6c0cac9788d36152e5691aba12767cda7f4ba4c68ce3e08a82 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -230,7 +230,7 @@ d6ab6436d7330278081ed21433ab18e5ef74b4d7af7ccb175ae956c245c13ce1 lib/request/re 479cf4a9c0733ba62bfa764e465a59277d21661647304fa10f6f80bf6ecc518b lib/takeover/udf.py 08270a96d51339f628683bce58ee53c209d3c88a64be39444be5e2f9d98c0944 lib/takeover/web.py d40d5d1596d975b4ff258a70ad084accfcf445421b08dcf010d36986895e56cb lib/takeover/xp_cmdshell.py -3a355d277fa558c90fa040b3a02b99690671bf99a7a4ffb20a9a45878b09ab5e lib/techniques/blind/inference.py +8dae17964884e90fcef58939804deb3c86cf24e9305ead705cbe33bb65c363e0 lib/techniques/blind/inference.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/blind/__init__.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/dns/__init__.py d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd lib/techniques/dns/test.py diff --git a/lib/core/settings.py b/lib/core/settings.py index aba4fdd46..f6dc795c8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.12.37" +VERSION = "1.9.12.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 25ec3164a..60e4afa1c 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -239,6 +239,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay """ + threadData = getCurrentThreadData() + validationPayload = re.sub(r"(%s.*?)%s(.*?%s)" % (PAYLOAD_DELIMITER, INFERENCE_GREATER_CHAR, PAYLOAD_DELIMITER), r"\g<1>%s\g<2>" % INFERENCE_NOT_EQUALS_CHAR, payload) if "'%s'" % CHAR_INFERENCE_MARK not in payload: @@ -268,6 +270,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None numerical values is exactly 1 """ + threadData = getCurrentThreadData() + result = tryHint(idx) if result: