Dummy update

added kurdish(ckb) translation

README.md

@@ -65,6 +65,7 @@ Translations
 * [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
 * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
 * [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)
+* [Kurdish (Central)](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ckb-KU.md)
 * [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
 * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
 * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)

data/txt/common-tables.txt

@@ -3420,6 +3420,181 @@ basvuru
 basvurular
 kontak
 kontaklar
+kisi
+kisiler
+uye
+uyeler
+kayıt
+kayıtlar
+tel
+telefon
+telefonlar
+numaralar
+numara
+kart
+kartlar
+kredi
+krediler
+kredikartı
+fiyat
+fiyatlar
+odeme
+odemeler
+kategoriler
+tbl_Uye
+xml_kategoriler
+tbl_siparis
+tbl_googlemap
+tbl_ilce
+tbl_yardim
+tbl_Resim
+tbl_anket
+tbl_Rapor
+tbl_statsvisit
+tbl_ticket
+tbl_Cesit
+tbl_xml
+tbl_Cinsiyet
+xml_urunler_temp
+tbl_takvim
+tbl_altkategori
+tbl_mesaj
+tbl_Haber
+tbl_AdresTemp
+tbl_Firma
+tbl_Medya
+xml_urunlerbirim
+tbl_Yardim
+tbl_medya
+tbl_Video
+xml_markalar_transfer
+tbl_adrestemp
+tbl_online
+tbl_sehir
+tbl_resim
+tbl_Gorsel
+tbl_doviz
+tbl_gorsel
+tbl_kampanya
+tbl_Blog
+tbl_Banners
+tbl_koleksiyon
+tbl_Galeri
+tbl_Kampanya
+tbl_Favori
+tbl_sss
+tbl_Banner
+tbl_Faq
+xml_markalar_temp
+tbl_faq
+tbl_Personel
+tbl_Seo
+tbl_adres
+tbl_ayar
+tbl_metin
+tbl_AltKategori
+tbl_kategori
+tbl_Marka
+tbl_blogkategori
+tbl_ulke
+tbl_sepetold
+tbl_yorum
+tbl_Fiyat
+tbl_Reklam
+tbl_Kategori
+tbl_Yorum
+tbl_semt
+tbl_Tedarikci
+xml_kampanyakategori
+tbl_ozelgun
+tbl_uyexml
+tbl_rapor
+tbl_seo
+tbl_Indirim
+tbl_Ilce
+tbl_bulten
+tbl_video
+tbl_Ayar
+tbl_fatura
+tbl_cinsiyet
+tbl_reklam
+tbl_sliders
+tbl_KDV
+tbl_uye_img
+tbl_siparisid
+tbl_BlogKategori
+tbl_Yonetici
+tbl_kdv
+tbl_Online
+tbl_temsilci
+tbl_Dil
+tbl_banners
+tbl_Mesaj
+tbl_Logs
+tbl_logs
+tbl_fiyat
+tbl_SSS
+tbl_Puan
+tbl_kargo
+tbl_Statsvisit
+tbl_Koleksiyon
+tbl_dil
+tbl_Sepetold
+tbl_Fatura
+tbl_yonetici
+tbl_Yazilar
+tbl_Temsilci
+tbl_Kargo
+tbl_cesit
+tbl_uye
+tbl_haber
+tbl_SiparisID
+tbl_Adres
+tbl_Ozelgun
+tbl_banka
+tbl_Videogaleri
+tbl_galeri
+tbl_videogaleri
+xml_urunresimleri
+tbl_urun
+tbl_Ticket
+tbl_yazilar
+tbl_Ulke
+tbl_Urun
+tbl_renk
+tbl_Harita
+tbl_Sepet
+tbl_Sehir
+tbl_Uye_Img
+tbl_Semt
+tbl_indirim
+xml_kampanyakategori_transfer
+tbl_Takvim
+tbl_blog
+tbl_Sliders
+tbl_Renk
+tbl_UyeXML
+tbl_tedarikci
+tbl_Fotogaleri
+tbl_Doviz
+tbl_Anket
+tbl_Banka
+tbl_Metin
+tbl_XML
+tbl_firma
+tbl_harita
+tbl_banner
+tbl_sepet
+tbl_fotogaleri
+tbl_marka
+tbl_Siparis
+tbl_personel
+tbl_puan
+tbl_Bulten
+tbl_favori
+tbl_onlineusers
+
+
 
 # List provided by Pedrito Perez (0ark1ang3l@gmail.com)
 

data/txt/sha256sums.txt

@@ -25,7 +25,7 @@ f2648a0cb4d5922d58b8aa6600f786b32324b9ac91e3a57e4ff212e901ffe151  data/shell/sta
 31676dcadde4c2eef314ef90e0661a57d2d43cb52a39ef991af43fcb6fa9af22  data/txt/common-columns.txt
 bb88fcfc8eae17865c4c25c9031d4488ef38cc43ab241c7361ae2a5df24fd0bb  data/txt/common-files.txt
 e456db93a536bc3e7c1fbb6f15fbac36d6d40810c8a754b10401e0dab1ce5839  data/txt/common-outputs.txt
-504a35909572da9593fa57087caee8953cf913dfdc269959c0369a9480fd107c  data/txt/common-tables.txt
+1c5095ba246934be2a7990bf11c06703f48ebba53f0dba18107fcf44e11a5cea  data/txt/common-tables.txt
 4ee746dcab2e3b258aa8ff2b51b40bef2e8f7fc12c430b98d36c60880a809f03  data/txt/keywords.txt
 c5ce8ea43c32bc72255fa44d752775f8a2b2cf78541cbeaa3749d47301eb7fc6  data/txt/smalldict.txt
 895f9636ea73152d9545be1b7acaf16e0bc8695c9b46e779ab30b226d21a1221  data/txt/user-agents.txt
@@ -89,13 +89,14 @@ abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
 2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
 f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16  doc/THIRD-PARTY.md
 792bcf9bf7ac0696353adaf111ee643f79f1948d9b5761de9c25eb0a81a998c9  doc/translations/README-bg-BG.md
+7f48875fb5a369b8a8aaefc519722462229ce4e6c7d8f15f7777092d337e92dd  doc/translations/README-ckb-KU.md
 4689fee6106207807ac31f025433b4f228470402ab67dd1e202033cf0119fc8a  doc/translations/README-de-DE.md
 2b3d015709db7e42201bc89833380a2878d7ab604485ec7e26fc4de2ad5f42f0  doc/translations/README-es-MX.md
 f7b6cc0d0fdd0aa5550957db9b125a48f3fb4219bba282f49febc32a7e149e74  doc/translations/README-fa-IR.md
 3eac203d3979977b4f4257ed735df6e98ecf6c0dfcd2c42e9fea68137d40f07c  doc/translations/README-fr-FR.md
 26524b18e5c4a1334a6d0de42f174b948a8c36e95f2ec1f0bc6582a14d02e692  doc/translations/README-gr-GR.md
 d505142526612a563cc71d6f99e0e3eed779221438047e224d5c36e8750961db  doc/translations/README-hr-HR.md
-cb24e114a58e7f03c37f0f0ace25c6294b61308b0d60402fe5f6b2a490c40606  doc/translations/README-id-ID.md
+a381ff3047aab611cf1d09b7a15a6733773c7c475c7f402ef89e3afe8f0dd151  doc/translations/README-id-ID.md
 e88d3312a2b3891c746f6e6e57fbbd647946e2d45a5e37aab7948e371531a412  doc/translations/README-in-HI.md
 34a6a3a459dbafef1953a189def2ff798e2663db50f7b18699710d31ac0237f8  doc/translations/README-it-IT.md
 2120fd640ae5b255619abae539a4bd4a509518daeff0d758bbd61d996871282f  doc/translations/README-ja-JP.md
@@ -109,7 +110,7 @@ c94d5c9ae4e4b996eaf0d06a6c5323a12f22653bb53c5eaf5400ee0bccf4a1eb  doc/translatio
 622d9a1f22d07e2fefdebbd6bd74e6727dc14725af6871423631f3d8a20a5277  doc/translations/README-sk-SK.md
 6d690c314fe278f8f949b27cd6f7db0354732c6112f2c8f764dcf7c2d12d626f  doc/translations/README-tr-TR.md
 0bccce9d2e48e7acc1ef126539a50d3d83c439f94cc6387c1331a9960604a2cd  doc/translations/README-uk-UA.md
-b88046e2fc27c35df58fcd5bbeaec0d70d95ebf3953f2cf29cc97a0a14dad529  doc/translations/README-vi-VN.md
+285c997e8ae7381d765143b5de6721cad598d564fd5f01a921108f285d9603a2  doc/translations/README-vi-VN.md
 b553a179c731127a115d68dfb2342602ad8558a42aa123050ba51a08509483f6  doc/translations/README-zh-CN.md
 98dd22c14c12ba65ca19efca273ef1ef07c45c7832bfd7daa7467d44cb082e76  extra/beep/beep.py
 509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9  extra/beep/beep.wav
@@ -153,19 +154,19 @@ dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb  extra/shutils/
 fa1a42d189188770e82d536821d694626ca854438dadb9e08e143d3ece8c7e27  extra/shutils/pydiatra.sh
 5da7d1c86ca93313477d1deb0d6d4490798a2b63a2dd8729094184625b971e11  extra/shutils/pyflakes.sh
 c941be05376ba0a99d329e6de60e3b06b3fb261175070da6b1fc073d3afd5281  extra/shutils/pylint.sh
-47b75c19b8c3dc6bca9e81918a838bd9261dac9c57366e75c4300c247dec2263  extra/shutils/pypi.sh
+a19725f10ff9c5d484cffd8f1bd9348918cc3c4bfdd4ba6fffb42aaf0f5c973c  extra/shutils/pypi.sh
 df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  extra/vulnserver/__init__.py
 2ffe028b8b21306b6f528e62b214f43172fcf5bb59d317a13ba78e70155677ce  extra/vulnserver/vulnserver.py
 f9c96cd3fe99578bed9d49a8bdf8d76836d320a7c48c56eb0469f48b36775c35  lib/controller/action.py
-5d62d04edd432834df809707450a42778768ccc3c909eef6c6738ee780ffa884  lib/controller/checks.py
-34120f3ea85f4d69211642a263f963f08c97c20d47fd2ca082c23a5336d393f8  lib/controller/controller.py
+062c02a876644fc9bb4be37b545a325c600ee0b62f898f9723676043303659d4  lib/controller/checks.py
+11c494dd61fc8259d5f9e60bd69c4169025980a4ce948c6622275179393e9bef  lib/controller/controller.py
 46d70b69cc7af0849242da5094a644568d7662a256a63e88ae485985b6dccf12  lib/controller/handler.py
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/controller/__init__.py
 826c33f1105be4c0985e1bbe1d75bdb009c17815ad6552fc8d9bf39090d3c40f  lib/core/agent.py
-b2d69c99632da5c2acd0c0934e70d55862f1380a3f602cbe7456d617fb9c1fc9  lib/core/bigarray.py
-f43931f5dbabd11de96267b6f9431025ee2e09e65a14b907c360ce029bbed39f  lib/core/common.py
+c2966ee914b98ba55c0e12b8f76e678245d08ff9b30f63c4456721ec3eff3918  lib/core/bigarray.py
+d4d550f55b9eb8c3a812e19f46319fb299b3d9549df54d5d14fc615aeaa38b0e  lib/core/common.py
 5c26b0f308266bc3a9679ef837439e38d1dc7a69eac6bd3422280f49aaf114d2  lib/core/compat.py
 b60c96780cad4a257f91a0611b08cfcc52f242908c5d5ab2bf9034ef07869602  lib/core/convert.py
 5e381515873e71c395c77df00bf1dd8c4592afc6210a2f75cbc20daf384e539f  lib/core/data.py
@@ -180,18 +181,18 @@ e8f6f1df8814b7b03c3eba22901837555083f66c99ee93b943911de785736bfa  lib/core/dicts
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/core/__init__.py
 fce3fd4b161ec1c6e9d5bf1dca5bc4083e07d616ed2c14b798e96b60ec67c2b2  lib/core/log.py
 4caebf27d203673b8ad32394937397319f606c4e1f1e1a2a221402d39c644b40  lib/core/optiondict.py
-b3d2be01406c3bae1cf46e1b8c0f773264b61a037e6a92e5c0ba190a82afc869  lib/core/option.py
+c727cf637840aa5c0970c45d27bb5b0d077751aee10a5cd467caf92a54a211f4  lib/core/option.py
 d2d81ee7520b55571923461a2bdfaa68dda74a89846761338408ab0acf08d3a5  lib/core/patch.py
 bf77f9fc4296f239687297aee1fd6113b34f855965a6f690b52e26bd348cb353  lib/core/profiling.py
 4ccce0d53f467166d4084c9ef53a07f54cc352e75f785454a31c8a820511a84e  lib/core/readlineng.py
 4eff81c639a72b261c8ba1c876a01246e718e6626e8e77ae9cc6298b20a39355  lib/core/replication.py
 bbd1dcda835934728efc6d68686e9b0da72b09b3ee38f3c0ab78e8c18b0ba726  lib/core/revision.py
 eed6b0a21b3e69c5583133346b0639dc89937bd588887968ee85f8389d7c3c96  lib/core/session.py
-980d7080a21fbf690f65885e6916be0dcef8e1ba3c1a955a52a00e426eb0e590  lib/core/settings.py
+85fbc4937c4770c8ff41ebfff13abfcdbc1fda52fab8ce05568b3f6309bd4b35  lib/core/settings.py
 2bec97d8a950f7b884e31dfe9410467f00d24f21b35672b95f8d68ed59685fd4  lib/core/shell.py
 e90a359b37a55c446c60e70ccd533f87276714d0b09e34f69b0740fd729ddbf8  lib/core/subprocessng.py
 54f7c70b4c7a9931f7ff3c1c12030180bde38e35a306d5e343ad6052919974cd  lib/core/target.py
-970b1c3e59481f11dd185bdde52f697f7d8dfc3152d24e3d336ec3fab59a857c  lib/core/testing.py
+6d6a89be3746f07644b96c2c212745515fa43eab4d1bd0aecf1476249b1c7f07  lib/core/testing.py
 8cb7424aa9d42d028a6780250effe4e719d9bb35558057f8ebe9e32408a6b80f  lib/core/threads.py
 ff39235aee7e33498c66132d17e6e86e7b8a29754e3fdecd880ca8356b17f791  lib/core/unescaper.py
 2984e4973868f586aa932f00da684bf31718c0331817c9f8721acd71fd661f89  lib/core/update.py
@@ -210,7 +211,7 @@ b48edf3f30db127b18419f607894d5de46fc949d14c65fdc85ece524207d6dfd  lib/parse/html
 2395d6d28d6a1e342fccd56bb741080468a777b9b2a5ddd5634df65fe9785cef  lib/request/basic.py
 ead55e936dfc8941e512c8e8a4f644689387f331f4eed97854c558be3e227a91  lib/request/chunkedhandler.py
 06128c4e3e0e1fe34618de9d1fd5ee21292953dce4a3416567e200d2dfda79f2  lib/request/comparison.py
-45f365239c48f2f6b8adc605b2f33b3522bda6e3248589dae909380434aaa0ad  lib/request/connect.py
+9ffc0e799273240c26d32521f58b3e3fd8a3c834e9db2ce3bda460595e6be6c8  lib/request/connect.py
 470e96857a7037a2d74b2c4b1c8c5d8379b76ea8cbdb1d8dd4367a7a852fa93c  lib/request/direct.py
 e802cc9099282764da0280172623600b6b9bb9fe1c87f352ade8be7a3f622585  lib/request/dns.py
 9922275d3ca79f00f9b9301f4e4d9f1c444dc7ac38de6d50ef253122abae4833  lib/request/httpshandler.py
@@ -239,9 +240,9 @@ f948fefb0fa67da8cf037f7abbcdbb740148babda9ad8a58fab1693456834817  lib/techniques
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/techniques/__init__.py
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  lib/techniques/union/__init__.py
 700cc5e8cae85bd86674d0cb6c97093fde2c52a480cc1e40ae0010fffd649395  lib/techniques/union/test.py
-4252a1829e60bb9a69e3927bf68a320976b8ef637804b7032d7497699f2e89e7  lib/techniques/union/use.py
+74ecbeff52a6fba83fc2c93612afd8befdbdc0c25566d31e5d20fbbc5b895054  lib/techniques/union/use.py
 6b3f83a85c576830783a64e943a58e90b1f25e9e24cd51ae12b1d706796124e9  lib/utils/api.py
-1d4d1e49a0897746d4ad64316d4d777f4804c4c11e349e9eb3844130183d4887  lib/utils/brute.py
+e00740b9a4c997152fa8b00d3f0abf45ae15e23c33a92966eaa658fde83c586f  lib/utils/brute.py
 c0a4765aa80c5d9b7ef1abe93401a78dd45b2766a1f4ff6286287dc6188294de  lib/utils/crawler.py
 3f97e327c548d8b5d74fda96a2a0d1b2933b289b9ec2351b06c91cefdd38629d  lib/utils/deps.py
 e81393f0d077578e6dcd3db2887e93ac2bfbdef2ce87686e83236a36112ca7d3  lib/utils/getch.py
@@ -285,7 +286,7 @@ c90d520338946dfae7b934bb3aab9bf8db720d4092cadd5ae825979d2665264e  plugins/dbms/a
 e0d2522dc664a7da0c9a32a34e052b473a0f3ebb46c86e9cea92a5f7e9ab33b0  plugins/dbms/clickhouse/connector.py
 4b6418c435fa69423857a525d38705666a27ecf6edd66527e51af46561ead621  plugins/dbms/clickhouse/enumeration.py
 d70dc313dac1047c9bb8e1d1264f17fa6e03f0d0dfeb8692c4dcec2c394a64bc  plugins/dbms/clickhouse/filesystem.py
-9cc7352863a1215127e21a54fc67cc930ecd6983eb3d617d36dbebaf8c576e11  plugins/dbms/clickhouse/fingerprint.py
+7d6278c7fe14fd15c7ed8d2aee5e66f1ab76bea9f4b0c75f2ae9137ddbda236b  plugins/dbms/clickhouse/fingerprint.py
 9af365a8a570a22b43ca050ce280da49d0a413e261cc7f190a49336857ac026e  plugins/dbms/clickhouse/__init__.py
 695a7c428c478082072d05617b7f11d24c79b90ca3c117819258ef0dbdf290a5  plugins/dbms/clickhouse/syntax.py
 ec61ff0bb44e85dc9c9df8c9b466769c5a5791c9f1ffb944fdc3b1b7ef02d0d5  plugins/dbms/clickhouse/takeover.py
@@ -402,7 +403,7 @@ fdc3effe9320197795137dedb58e46c0409f19649889177443a2cbf58787c0dd  plugins/dbms/m
 ae824d447c1a59d055367aa9180acb42f7bb10df0006d4f99eeb12e43af563ae  plugins/dbms/mysql/__init__.py
 60fc1c647e31df191af2edfd26f99bf739fec53d3a8e1beb3bffdcf335c781fe  plugins/dbms/mysql/syntax.py
 784c31c2c0e19feb88bf5d21bfc7ae4bf04291922e40830da677577c5d5b4598  plugins/dbms/mysql/takeover.py
-6ae43c1d1a03f2e7a5c59890662f7609ebfd9ab7c26efb6ece85ae595335790e  plugins/dbms/oracle/connector.py
+477d23978640da2c6529a7b2d2cb4b19a09dedc83960d222ad12a0f2434fb289  plugins/dbms/oracle/connector.py
 ff648ca28dfbc9cbbd3f3c4ceb92ccaacfd0206e580629b7d22115c50ed7eb06  plugins/dbms/oracle/enumeration.py
 3a53b87decff154355b7c43742c0979323ae9ba3b34a6225a326ec787e85ce6d  plugins/dbms/oracle/filesystem.py
 f8c0c05b518dbcdb6b9a618e3fa33daefdb84bea6cb70521b7b58c7de9e6bf3a  plugins/dbms/oracle/fingerprint.py
@@ -459,9 +460,9 @@ acc41465f146d2611fca5a84bd8896bc0ccd2b032b8938357aea3e5b173a5a10  plugins/dbms/v
 3c163c8135e2ab8ed17b0000862a1b2d7cf2ec1e7d96d349ec644651cdecad49  plugins/dbms/virtuoso/syntax.py
 7ac6006e0fc6da229c37fbce39a1406022e5fcc4cac5209814fa20818b8c031a  plugins/dbms/virtuoso/takeover.py
 e6dfaab13d9f98ccffdc70dd46800ca2d61519731d10a267bc82f9fb82cd504d  plugins/generic/connector.py
-664be8bb4157452f2e40c4f98a359e26b559d7ef4f4148564cb8533b5ebf7d54  plugins/generic/custom.py
-8f4cd6fc48882869203eaa797fea339a5afaf17306a674b384ae18d47839a150  plugins/generic/databases.py
-f8fc1af049d08e7ff87899cad7766f376cc6dfe45baafb86ef13e7252b833e00  plugins/generic/entries.py
+ef413f95c1846d37750beae90ed3e3b3a1288cfa9595c9c6f7890252a4ee3166  plugins/generic/custom.py
+3d118a7ddb1604a9f86826118cfbae4ab0b83f6e9bef9c6d1c7e77d3da6acf67  plugins/generic/databases.py
+96924a13d7bf0ed8056dc70f10593e9253750a3d83e9a9c9656c3d1527eda344  plugins/generic/entries.py
 a734d74599761cd1cf7d49c88deeb121ea57d80c2f0447e361a4e3a737154c0e  plugins/generic/enumeration.py
 1c2e812096015eaef55be45d3a0bcd92b4db27eace47e36577aeff7b4246ad35  plugins/generic/filesystem.py
 05f33c9ba3897e8d75c8cf4be90eb24b08e1d7cd0fc0f74913f052c83bc1a7c1  plugins/generic/fingerprint.py
@@ -472,10 +473,10 @@ a734d74599761cd1cf7d49c88deeb121ea57d80c2f0447e361a4e3a737154c0e  plugins/generi
 fff84edc86b7d22dc01148fb10bb43d51cb9638dff21436fb94555db2a664766  plugins/generic/takeover.py
 0bc5c150e8cf4f892aba1ff15fc8938c387fb2a173b77329a0dc4cdb8b4bb4e2  plugins/generic/users.py
 99d0e94dd5fe60137abf48bfa051129fb251f5c40f0f7a270c89fbcb07323730  plugins/__init__.py
-d5b3243c2b048aa8074d2d828f74fbf8237286c3d00fd868f1b4090c267b78ef  README.md
+5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c  README.md
 78aafd53980096364f0c995c6283931bff505aed88fed1e7906fb06ee60e9c5b  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-5e172e315524845fe091aa0b7b29303c92ac8f67594c6d50f026d627e415b7ed  sqlmap.conf
+005b240c187586fbdb7bab247398cad881efec26b6d6a46229a635411f5f207e  sqlmap.conf
 3a18b78b1aaf7236a35169db20eb21ca7d7fb907cd38dd34650f1da81c010cd6  sqlmap.py
 adda508966db26c30b11390d6483c1fa25b092942a29730e739e1e50c403a21f  tamper/0eunion.py
 d38fe5ab97b401810612eae049325aa990c55143504b25cc9924810917511dee  tamper/apostrophemask.py
@@ -595,7 +596,7 @@ b29dc1d3c9ab0d707ea5fdcaf5fa89ff37831ce08b0bc46b9e04320c56a9ffb8  thirdparty/cha
 1c1ee8a91eb20f8038ace6611610673243d0f71e2b7566111698462182c7efdd  thirdparty/clientform/clientform.py
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  thirdparty/clientform/__init__.py
 162d2e9fe40ba919bebfba3f9ca88eab20bc3daa4124aec32d5feaf4b2ad4ced  thirdparty/colorama/ansi.py
-bca8d86f2c754732435b67e9b22de0232b6c57dabeefc8afb24fbe861377a826  thirdparty/colorama/ansitowin32.py
+a7070aa13221d97e6d2df0f522b41f1876cd46cb1ddb16d44c1f304f7bab03a3  thirdparty/colorama/ansitowin32.py
 d7b5750fa3a21295c761a00716543234aefd2aa8250966a6c06de38c50634659  thirdparty/colorama/initialise.py
 f71072ad3be4f6ea642f934657922dd848dee3e93334bc1aff59463d6a57a0d5  thirdparty/colorama/__init__.py
 fd2084a132bf180dad5359e16dac8a29a73ebfd267f7c9423c814e7853060874  thirdparty/colorama/win32.py

doc/translations/README-ckb-KU.md

@@ -0,0 +1,67 @@
+# sqlmap ![](https://i.imgur.com/fe85aVR.png)
+
+[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
+
+
+<div dir=rtl>
+
+
+
+بەرنامەی `sqlmap` بەرنامەیەکی تاقیکردنەوەی چوونە ژوورەوەی سەرچاوە کراوەیە کە بە شێوەیەکی ئۆتۆماتیکی بنکەدراوە کە کێشەی ئاسایشی SQL Injection یان هەیە دەدۆزێتەوە. ئەم بەرنامەیە بزوێنەرێکی بەهێزی دیاریکردنی تێدایە. هەروەها کۆمەڵێک سکریپتی بەرفراوانی هەیە کە ئاسانکاری دەکات بۆ پیشەییەکانی تاقیکردنەوەی دزەکردن(penetration tester) بۆ کارکردن لەگەڵ بنکەدراوە. لە کۆکردنەوەی زانیاری دەربارەی بانکی داتا تا دەستگەیشتن بە داتاکانی سیستەم و جێبەجێکردنی فەرمانەکان لە ڕێگەی پەیوەندی Out Of Band لە سیستەمی کارگێڕدا.
+
+
+سکرین شاتی ئامرازەکە 
+----
+
+
+<div dir=ltr>
+
+
+
+![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
+
+
+<div dir=rtl>
+
+بۆ بینینی [کۆمەڵێک سکرین شات و سکریپت](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) دەتوانیت سەردانی ویکیەکە بکەیت.
+
+
+دامەزراندن
+----
+
+بۆ دابەزاندنی نوێترین وەشانی tarball، کلیک [لێرە](https://github.com/sqlmapproject/sqlmap/tarball/master) یان دابەزاندنی نوێترین وەشانی zipball بە کلیککردن لەسەر [لێرە](https://github.com/sqlmapproject/sqlmap/zipball/master) دەتوانیت ئەم کارە بکەیت.
+
+باشترە بتوانیت sqlmap دابەزێنیت بە کلۆنکردنی کۆگای [Git](https://github.com/sqlmapproject/sqlmap):
+
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+
+sqlmap لە دەرەوەی سندوق کاردەکات لەگەڵ [Python](https://www.python.org/download/) وەشانی **2.6**، **2.7** و **3.x** لەسەر هەر پلاتفۆرمێک.
+
+چۆنیەتی بەکارهێنان
+----
+
+بۆ بەدەستهێنانی لیستی بژاردە سەرەتاییەکان و سویچەکان ئەمانە بەکاربهێنە:
+
+    python sqlmap.py -h
+
+بۆ بەدەستهێنانی لیستی هەموو بژاردە و سویچەکان ئەمە بەکار بێنا:
+
+    python sqlmap.py -hh
+
+دەتوانن نمونەی ڕانکردنێک بدۆزنەوە [لێرە](https://asciinema.org/a/46601).
+بۆ بەدەستهێنانی تێڕوانینێکی گشتی لە تواناکانی sqlmap، لیستی تایبەتمەندییە پشتگیریکراوەکان، و وەسفکردنی هەموو هەڵبژاردن و سویچەکان، لەگەڵ نموونەکان، ئامۆژگاریت دەکرێت کە ڕاوێژ بە [دەستنووسی بەکارهێنەر](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
+
+بەستەرەکان
+----
+
+* ماڵپەڕی سەرەکی: https://sqlmap.org
+* داگرتن: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یان [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
+* فیدی RSS جێبەجێ دەکات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
+* شوێنپێهەڵگری کێشەکان: https://github.com/sqlmapproject/sqlmap/issues
+* ڕێنمایی بەکارهێنەر: https://github.com/sqlmapproject/sqlmap/wiki
+* پرسیارە زۆرەکان (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
+* X: [@sqlmap](https://twitter.com/sqlmap)
+* دیمۆ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
+* وێنەی شاشە: https://github.com/sqlmapproject/sqlmap/wiki/وێنەی شاشە
+
+وەرگێڕانەکان

doc/translations/README-id-ID.md

@@ -2,9 +2,9 @@
 
 [![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
-sqlmap adalah alat bantu proyek sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
+sqlmap adalah perangkat lunak sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
 
-sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Alat ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
+sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Perangkat lunak ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
 
 Tangkapan Layar
 ----

doc/translations/README-vi-VN.md

@@ -2,15 +2,15 @@
 
 [![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
 
-sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với 
-một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
+sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng SQL injection và tiếp quản các máy chủ cơ sở dữ liệu. Công cụ này đi kèm với 
+một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập file hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
 
 Ảnh chụp màn hình
 ----
 
 ![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
 
-Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng có thể tìm thấy trong wiki.
+Bạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) - nơi trình bày một số tính năng có thể tìm thấy trong wiki.
 
 Cài đặt
 ----
@@ -18,7 +18,7 @@ Cài đặt
 
 Bạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master).
 
-Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap):
+Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone về repo [Git](https://github.com/sqlmapproject/sqlmap):
 
     git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 
@@ -27,16 +27,16 @@ sqlmap hoạt động hiệu quả với [Python](https://www.python.org/downloa
 Sử dụng
 ----
 
-Để có được danh sách các tùy chọn cơ bản, hãy sử dụng:
+Để có được danh sách các tùy chọn cơ bản và switch, hãy chạy:
 
     python sqlmap.py -h
 
-Để có được danh sách tất cả các tùy chọn, hãy sử dụng:
+Để có được danh sách tất cả các tùy chọn và switch, hãy chạy:
 
     python sqlmap.py -hh
 
-Bạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/46601).
-Để có cái nhìn tổng quan về các khả năng của sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh).
+Bạn có thể xem video demo [tại đây](https://asciinema.org/a/46601).
+Để có cái nhìn tổng quan về sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh).
 
 Liên kết
 ----
@@ -44,7 +44,7 @@ Liên kết
 * Trang chủ: https://sqlmap.org
 * Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
 * Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
-* Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues
+* Theo dõi issue: https://github.com/sqlmapproject/sqlmap/issues
 * Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki
 * Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
 * X: [@sqlmap](https://twitter.com/sqlmap)

extra/shutils/pypi.sh

@@ -38,7 +38,8 @@ setup(
     },
     download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip',
     license='GNU General Public License v2 (GPLv2)',
-    packages=find_packages(),
+    packages=['sqlmap'],
+    package_dir={'sqlmap':'sqlmap'},
     include_package_data=True,
     zip_safe=False,
     # https://pypi.python.org/pypi?%3Aaction=list_classifiers

lib/controller/checks.py

@@ -581,7 +581,7 @@ def checkSqlInjection(place, parameter, value):
 
                             if injectable:
                                 if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
-                                    if all((falseCode, trueCode)) and falseCode != trueCode:
+                                    if all((falseCode, trueCode)) and falseCode != trueCode and trueCode != kb.heuristicCode:
                                         suggestion = conf.code = trueCode
 
                                         infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code)
@@ -1050,9 +1050,10 @@ def heuristicCheckSqlInjection(place, parameter):
 
     payload = "%s%s%s" % (prefix, randStr, suffix)
     payload = agent.payload(place, parameter, newValue=payload)
-    page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
+    page, _, code = Request.queryPage(payload, place, content=True, raise404=False)
 
     kb.heuristicPage = page
+    kb.heuristicCode = code
     kb.heuristicMode = False
 
     parseFilePaths(page)

lib/controller/controller.py

@@ -69,7 +69,7 @@ from lib.core.settings import ASP_NET_CONTROL_REGEX
 from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES
 from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
-from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
+from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_REGEX
 from lib.core.settings import HOST_ALIASES
 from lib.core.settings import IGNORE_PARAMETERS
 from lib.core.settings import LOW_TEXT_PERCENT
@@ -563,7 +563,7 @@ def start():
                             logger.info(infoMsg)
 
                         # Ignore session-like parameters for --level < 4
-                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
+                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or re.search(GOOGLE_ANALYTICS_COOKIE_REGEX, parameter)):
                             testSqlInj = False
 
                             infoMsg = "ignoring %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)

lib/core/bigarray.py

@@ -65,6 +65,8 @@ class BigArray(list):
     >>> _ = _ + [1]
     >>> _[-1]
     1
+    >>> len([_ for _ in BigArray(xrange(100000))])
+    100000
     """
 
     def __init__(self, items=None):
@@ -198,7 +200,10 @@ class BigArray(list):
 
     def __iter__(self):
         for i in xrange(len(self)):
+            try:
                 yield self[i]
+            except IndexError:
+                break
 
     def __len__(self):
         return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])

lib/core/common.py

@@ -129,7 +129,7 @@ from lib.core.settings import FORM_SEARCH_REGEX
 from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES
 from lib.core.settings import GIT_PAGE
 from lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN
-from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
+from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_REGEX
 from lib.core.settings import HASHDB_MILESTONE_VALUE
 from lib.core.settings import HOST_ALIASES
 from lib.core.settings import HTTP_CHUNKED_SPLIT_KEYWORDS
@@ -662,7 +662,7 @@ def paramToDict(place, parameters=None):
 
                 if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)):
                     _ = urldecode(testableParameters[parameter], convall=True)
-                    if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
+                    if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not re.search(GOOGLE_ANALYTICS_COOKIE_REGEX, parameter):
                         warnMsg = "it appears that you have provided tainted parameter values "
                         warnMsg += "('%s') with most likely leftover " % element
                         warnMsg += "chars/statements from manual SQL injection test(s). "
@@ -3716,10 +3716,12 @@ def joinValue(value, delimiter=','):
     '1,2'
     >>> joinValue('1')
     '1'
+    >>> joinValue(['1', None])
+    '1,None'
     """
 
     if isListLike(value):
-        retVal = delimiter.join(value)
+        retVal = delimiter.join(getText(_ if _ is not None else "None") for _ in value)
     else:
         retVal = value
 

lib/core/option.py

@@ -435,7 +435,7 @@ def _setStdinPipeTargets():
             def next(self):
                 try:
                     line = next(conf.stdinPipe)
-                except (IOError, OSError, TypeError):
+                except (IOError, OSError, TypeError, UnicodeDecodeError):
                     line = None
 
                 if line:
@@ -812,6 +812,7 @@ def _setTamperingFunctions():
                 raise SqlmapSyntaxException("cannot import tamper module '%s' (%s)" % (getUnicode(filename[:-3]), getSafeExString(ex)))
 
             priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__
+            priority = priority if priority is not None else PRIORITY.LOWEST
 
             for name, function in inspect.getmembers(module, inspect.isfunction):
                 if name == "tamper" and (hasattr(inspect, "signature") and all(_ in inspect.signature(function).parameters for _ in ("payload", "kwargs")) or inspect.getargspec(function).args and inspect.getargspec(function).keywords == "kwargs"):
@@ -2090,6 +2091,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicExtendedDbms = None
+    kb.heuristicCode = None
     kb.heuristicMode = False
     kb.heuristicPage = False
     kb.heuristicTest = None

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.8.7.0"
+VERSION = "1.8.12.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -60,6 +60,9 @@ LIVE_COOKIES_TIMEOUT = 120
 LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
 
+# For filling in case of dumb push updates
+DUMMY_JUNK = "Gu8ohxi9"
+
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__AMP__"
 PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
@@ -460,7 +463,7 @@ URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z"
 SENSITIVE_DATA_REGEX = r"(\s|=)(?P<result>[^\s=]*\b%s\b[^\s]*)\s"
 
 # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)
-SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred", "sqlQuery", "requestFile")
+SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred", "sqlQuery", "requestFile", "csrfToken", "csrfData", "csrfUrl", "testParameter")
 
 # Maximum number of threads (avoiding connection issues and/or DoS)
 MAX_NUMBER_OF_THREADS = 10
@@ -543,8 +546,8 @@ IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATO
 # Regular expression used for recognition of ASP.NET control parameters
 ASP_NET_CONTROL_REGEX = r"(?i)\Actl\d+\$"
 
-# Prefix for Google analytics cookie names
-GOOGLE_ANALYTICS_COOKIE_PREFIX = "__UTM"
+# Regex for Google analytics cookie names
+GOOGLE_ANALYTICS_COOKIE_REGEX = r"(?i)\A(__utm|_ga|_gid|_gat|_gcl_au)"
 
 # Prefix for configuration overriding environment variables
 SQLMAP_ENVIRONMENT_PREFIX = "SQLMAP_"
@@ -686,7 +689,7 @@ PARAMETER_SPLITTING_REGEX = r"[,|;]"
 UNENCODED_ORIGINAL_VALUE = "original"
 
 # Common column names containing usernames (used for hash cracking in some cases)
-COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "cuser")
+COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "account", "account_name", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "customer", "cuser")
 
 # Default delimiter in GET/POST values
 DEFAULT_GET_POST_DELIMITER = '&'
@@ -794,7 +797,7 @@ BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be i
 RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "uk", "br", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe", "au")
 
 # Generic www root directory names
-GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")
+GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "public_html", "wwwroot", "www", "site")
 
 # Maximum length of a help part containing switch/option name(s)
 MAX_HELP_OPTION_LENGTH = 18
@@ -803,7 +806,7 @@ MAX_HELP_OPTION_LENGTH = 18
 MAX_CONNECT_RETRIES = 100
 
 # Strings for detecting formatting errors
-FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "Attribute validation error for tag", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException", "Arguments are of the wrong type")
+FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "Attribute validation error for tag", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException", "Arguments are of the wrong type", "Invalid conversion")
 
 # Regular expression used for extracting ASP.NET view state values
 VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

lib/request/connect.py

@@ -297,11 +297,11 @@ class Connect(object):
         finalCode = kwargs.get("finalCode", False)
         chunked = kwargs.get("chunked", False) or conf.chunked
 
-        start = time.time()
-
         if isinstance(conf.delay, (int, float)) and conf.delay > 0:
             time.sleep(conf.delay)
 
+        start = time.time()
+
         threadData = getCurrentThreadData()
         with kb.locks.request:
             kb.requestCounter += 1
@@ -1367,18 +1367,18 @@ class Connect(object):
 
             for variable in list(variables.keys()):
                 if unsafeVariableNaming(variable) != variable:
-                    value = variables[variable]
+                    entry = variables[variable]
                     del variables[variable]
-                    variables[unsafeVariableNaming(variable)] = value
+                    variables[unsafeVariableNaming(variable)] = entry
 
             uri = variables["uri"]
             cookie = variables["cookie"]
 
-            for name, value in variables.items():
-                if name != "__builtins__" and originals.get(name, "") != value:
-                    if isinstance(value, (int, float, six.string_types, six.binary_type)):
+            for name, entry in variables.items():
+                if name != "__builtins__" and originals.get(name, "") != entry:
+                    if isinstance(entry, (int, float, six.string_types, six.binary_type)):
                         found = False
-                        value = getUnicode(value, UNICODE_ENCODING)
+                        entry = getUnicode(entry, UNICODE_ENCODING)
 
                         if kb.postHint == POST_HINT.MULTIPART:
                             boundary = "--%s" % re.search(r"boundary=([^\s]+)", contentType).group(1)
@@ -1396,7 +1396,7 @@ class Connect(object):
                                             found = True
                                             first = match.group(0)
                                             second = part[len(first):]
-                                            second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(value), second)
+                                            second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(entry), second)
                                             parts[i] = "%s%s" % (first, second)
                                 post = boundary.join(parts)
 
@@ -1404,10 +1404,10 @@ class Connect(object):
                             if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
                                 if re.search(r"<%s\b" % re.escape(name), post):
                                     found = True
-                                    post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
+                                    post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(</%s)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post)
                                 elif re.search(r"\b%s>" % re.escape(name), post):
                                     found = True
-                                    post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
+                                    post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post)
 
                             elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
                                 match = re.search(r"['\"]%s['\"]:" % re.escape(name), post)
@@ -1417,31 +1417,31 @@ class Connect(object):
                                     match = re.search(r"(%s%s%s:\s*)(\d+|%s[^%s]*%s)" % (quote, re.escape(name), quote, quote, quote, quote), post)
                                     if match:
                                         found = True
-                                        post = post.replace(match.group(0), "%s%s" % (match.group(1), value if value.isdigit() else "%s%s%s" % (match.group(0)[0], value, match.group(0)[0])))
+                                        post = post.replace(match.group(0), "%s%s" % (match.group(1), entry if entry.isdigit() else "%s%s%s" % (match.group(0)[0], entry, match.group(0)[0])))
                                     post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote)
 
                             regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
                             if not found and re.search(regex, (post or "")):
                                 found = True
-                                post = re.sub(regex, r"\g<1>\g<2>%s" % value.replace('\\', r'\\'), post)
+                                post = re.sub(regex, r"\g<1>\g<2>%s" % entry.replace('\\', r'\\'), post)
 
                         regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
                         if not found and re.search(regex, (post or "")):
                             found = True
-                            post = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
+                            post = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), post)
 
                         if re.search(regex, (get or "")):
                             found = True
-                            get = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), get)
+                            get = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), get)
 
                         if re.search(regex, (query or "")):
                             found = True
-                            uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri)
+                            uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), uri)
 
                         regex = r"((\A|%s\s*)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))
                         if re.search(regex, (cookie or "")):
                             found = True
-                            cookie = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie)
+                            cookie = re.sub(regex, r"\g<1>%s\g<3>" % entry.replace('\\', r'\\'), cookie)
 
                         if not found:
                             if post is not None:
@@ -1449,13 +1449,13 @@ class Connect(object):
                                     match = re.search(r"['\"]", post)
                                     if match:
                                         quote = match.group(0)
-                                        post = re.sub(r"\}\Z", "%s%s}" % (',' if re.search(r"\w", post) else "", "%s%s%s:%s" % (quote, name, quote, value if value.isdigit() else "%s%s%s" % (quote, value, quote))), post)
+                                        post = re.sub(r"\}\Z", "%s%s}" % (',' if re.search(r"\w", post) else "", "%s%s%s:%s" % (quote, name, quote, entry if entry.isdigit() else "%s%s%s" % (quote, entry, quote))), post)
                                 else:
-                                    post += "%s%s=%s" % (delimiter, name, value)
+                                    post += "%s%s=%s" % (delimiter, name, entry)
                             elif get is not None:
-                                get += "%s%s=%s" % (delimiter, name, value)
+                                get += "%s%s=%s" % (delimiter, name, entry)
                             elif cookie is not None:
-                                cookie += "%s%s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, name, value)
+                                cookie += "%s%s=%s" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, name, entry)
 
         if not conf.skipUrlEncode:
             get = urlencode(get, limit=True)
@@ -1482,8 +1482,8 @@ class Connect(object):
                 dataToStdout(warnMsg)
 
                 while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES:
-                    value = kb.responseTimePayload.replace(RANDOM_INTEGER_MARKER, str(randomInt(6))).replace(RANDOM_STRING_MARKER, randomStr()) if kb.responseTimePayload else kb.responseTimePayload
-                    Connect.queryPage(value=value, content=True, raise404=False)
+                    _ = kb.responseTimePayload.replace(RANDOM_INTEGER_MARKER, str(randomInt(6))).replace(RANDOM_STRING_MARKER, randomStr()) if kb.responseTimePayload else kb.responseTimePayload
+                    Connect.queryPage(value=_, content=True, raise404=False)
                     dataToStdout('.')
 
                 dataToStdout(" (done)\n")

lib/techniques/union/use.py

@@ -37,6 +37,7 @@ from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import wasLastResponseDBMSError
 from lib.core.compat import xrange
+from lib.core.convert import decodeBase64
 from lib.core.convert import getUnicode
 from lib.core.convert import htmlUnescape
 from lib.core.data import conf
@@ -126,6 +127,9 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                         try:
                             retVal = ""
                             for row in json.loads(output):
+                                # NOTE: for cases with automatic MySQL Base64 encoding of JSON array values, like: ["base64:type15:MQ=="]
+                                for match in re.finditer(r"base64:type\d+:([^ ]+)", row):
+                                    row = row.replace(match.group(0), decodeBase64(match.group(1), binary=False))
                                 retVal += "%s%s%s" % (kb.chars.start, row, kb.chars.stop)
                         except:
                             retVal = None
@@ -254,10 +258,10 @@ def unionUse(expression, unpack=True, dump=False):
 
     if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.MSSQL, DBMS.SQLITE) and expressionFields and not any((conf.binaryFields, conf.limitStart, conf.limitStop, conf.forcePartial, conf.disableJson)):
         match = re.search(r"SELECT\s*(.+?)\bFROM", expression, re.I)
-        if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT)\(", expression):
+        if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r"\b(MIN|MAX|COUNT|EXISTS)\(", expression):
             kb.jsonAggMode = True
             if Backend.isDbms(DBMS.MYSQL):
-                query = expression.replace(expressionFields, "CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')" % (kb.chars.start, kb.chars.delimiter, expressionFields, kb.chars.stop), 1)
+                query = expression.replace(expressionFields, "CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')" % (kb.chars.start, kb.chars.delimiter, ','.join(agent.nullAndCastField(field) for field in expressionFieldsList), kb.chars.stop), 1)
             elif Backend.isDbms(DBMS.ORACLE):
                 query = expression.replace(expressionFields, "'%s'||JSON_ARRAYAGG(%s)||'%s'" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join(expressionFieldsList), kb.chars.stop), 1)
             elif Backend.isDbms(DBMS.SQLITE):

lib/utils/brute.py

@@ -228,7 +228,8 @@ def columnExists(columnFile, regex=None):
     columns.extend(_addPageTextWords())
     columns = filterListValue(columns, regex)
 
-    table = safeSQLIdentificatorNaming(conf.tbl, True)
+    for table in conf.tbl.split(','):
+        table = safeSQLIdentificatorNaming(table, True)
 
         if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
             table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table)
@@ -246,6 +247,7 @@ def columnExists(columnFile, regex=None):
 
             while kb.threadContinue:
                 kb.locks.count.acquire()
+
                 if threadData.shared.count < threadData.shared.limit:
                     column = safeSQLIdentificatorNaming(columns[threadData.shared.count])
                     threadData.shared.count += 1
@@ -308,9 +310,9 @@ def columnExists(columnFile, regex=None):
                 else:
                     columns[column] = "non-numeric"
 
-        kb.data.cachedColumns[conf.db] = {conf.tbl: columns}
+            kb.data.cachedColumns[conf.db] = {table: columns}
 
-        for _ in ((conf.db, conf.tbl, item[0], item[1]) for item in columns.items()):
+            for _ in ((conf.db, table, item[0], item[1]) for item in columns.items()):
                 if _ not in kb.brute.columns:
                     kb.brute.columns.append(_)
 

plugins/dbms/clickhouse/fingerprint.py

@@ -77,7 +77,7 @@ class Fingerprint(GenericFingerprint):
 
             if not result:
                 warnMsg = "the back-end DBMS is not %s" % DBMS.CLICKHOUSE
-                logger.warn(warnMsg)
+                logger.warning(warnMsg)
 
                 return False
             
@@ -86,6 +86,6 @@ class Fingerprint(GenericFingerprint):
             return True
         else:
             warnMsg = "the back-end DBMS is not %s" % DBMS.CLICKHOUSE
-            logger.warn(warnMsg)
+            logger.warning(warnMsg)
 
             return False

plugins/dbms/oracle/connector.py

@@ -33,8 +33,8 @@ class Connector(GenericConnector):
 
     def connect(self):
         self.initConnection()
-        self.__dsn = cx_Oracle.makedsn(self.hostname, self.port, self.db)
-        self.__dsn = getText(self.__dsn)
+        # Reference: https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html
+        self.__dsn = "%s:%d/%s" % (self.hostname, self.port, self.db)
         self.user = getText(self.user)
         self.password = getText(self.password)
 

plugins/generic/custom.py

@@ -13,7 +13,10 @@ import sys
 from lib.core.common import Backend
 from lib.core.common import dataToStdout
 from lib.core.common import getSQLSnippet
+from lib.core.common import isListLike
 from lib.core.common import isStackingAvailable
+from lib.core.common import joinValue
+from lib.core.compat import xrange
 from lib.core.convert import getUnicode
 from lib.core.data import conf
 from lib.core.data import logger
@@ -41,6 +44,7 @@ class Custom(object):
         sqlType = None
         query = query.rstrip(';')
 
+
         try:
             for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
                 for sqlStatement in sqlStatements:
@@ -61,6 +65,11 @@ class Custom(object):
 
                 output = inject.getValue(query, fromUser=True)
 
+                if sqlType and "SELECT" in sqlType and isListLike(output):
+                    for i in xrange(len(output)):
+                        if isListLike(output[i]):
+                            output[i] = joinValue(output[i])
+
                 return output
             elif not isStackingAvailable() and not conf.direct:
                 warnMsg = "execution of non-query SQL statements is only "

plugins/generic/databases.py

@@ -948,7 +948,7 @@ class Databases(object):
             self.getTables()
 
             infoMsg = "fetched tables: "
-            infoMsg += ", ".join(["%s" % ", ".join("'%s%s%s'" % (unsafeSQLIdentificatorNaming(db), ".." if Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) else '.', unsafeSQLIdentificatorNaming(_)) for _ in tbl) for db, tbl in kb.data.cachedTables.items()])
+            infoMsg += ", ".join(["%s" % ", ".join("'%s%s%s'" % (unsafeSQLIdentificatorNaming(db), ".." if Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) else '.', unsafeSQLIdentificatorNaming(_)) if db else "'%s'" % unsafeSQLIdentificatorNaming(_) for _ in tbl) for db, tbl in kb.data.cachedTables.items()])
             logger.info(infoMsg)
 
             for db, tables in kb.data.cachedTables.items():

plugins/generic/entries.py

@@ -115,7 +115,7 @@ class Entries(object):
             if kb.dumpKeyboardInterrupt:
                 break
 
-            if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:
+            if conf.exclude and re.search(conf.exclude, unsafeSQLIdentificatorNaming(tbl), re.I) is not None:
                 infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
                 singleTimeLogMessage(infoMsg)
                 continue

sqlmap.conf

@@ -27,8 +27,8 @@ requestFile =
 
 # Rather than providing a target URL, let Google return target
 # hosts as result of your Google dork expression. For a list of Google
-# dorks see Johnny Long Google Hacking Database at
-# http://johnny.ihackstuff.com/ghdb.php.
+# dorks see Google Hacking Database at
+# https://www.exploit-db.com/google-hacking-database
 # Example: +ext:php +inurl:"&id=" +intext:"powered by "
 googleDork = 
 

thirdparty/colorama/ansitowin32.py

@@ -243,6 +243,6 @@ class AnsiToWin32(object):
                 # 0 - change title and icon (we will only change title)
                 # 1 - change icon (we don't support this)
                 # 2 - change title
-                if params[0] in '02':
-                    winterm.set_title(params[1])
+                # if params[0] in '02':
+                #     winterm.set_title(params[1])
         return text