From d89a0bb9df852eb35e2f7bf5d5ed62631991e4a4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 22 Dec 2025 12:22:46 +0100 Subject: [PATCH] Patch for #5994 --- data/txt/sha256sums.txt | 4 ++-- lib/controller/checks.py | 17 ++++++++++------- lib/core/settings.py | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 287ecb96c..75becba54 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -160,7 +160,7 @@ df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/ 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/vulnserver/__init__.py eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserver/vulnserver.py 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py -c060567ff0430f2ec915bf8abec8d632a52b5cb8a75a88984e6065a0feedcf44 lib/controller/checks.py +16487b3d984b9020cc68c0e4e079759a8990d05173f2496f7de30643ac772fe2 lib/controller/checks.py 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py 49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3 lib/controller/handler.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -ce4a0cbead548dee15bf60a1545fa9c8092f989eb31d4fba269b5a2c0cf47d23 lib/core/settings.py +cc85a81cf0cadda64bd459c091f6a7640a154285b5b8ecbaebe5920babeaff31 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 49b4c800d..1a9e1ebd4 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1134,15 +1134,18 @@ def heuristicCheckSqlInjection(place, parameter): if conf.beep: beep() - for match in re.finditer(FI_ERROR_REGEX, page or ""): - if randStr1.lower() in match.group(0).lower(): - infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) - logger.info(infoMsg) + try: + for match in re.finditer(FI_ERROR_REGEX, page or ""): + if randStr1.lower() in match.group(0).lower(): + infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) + logger.info(infoMsg) - if conf.beep: - beep() + if conf.beep: + beep() - break + break + except (SystemError, RuntimeError) as ex: + logger.debug("Skipping FI heuristic due to regex failure: %s", getSafeExString(ex)) kb.disableHtmlDecoding = False kb.heuristicMode = False diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e6de5dc5..df1123dc5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.12.3" +VERSION = "1.9.12.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)