From 7a21109ad0acc87f0c08b803705678f4438ef71f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Dec 2025 14:11:57 +0100 Subject: [PATCH] Bug fix for fingerprinting MySQL --- data/txt/sha256sums.txt | 6 +++--- lib/core/dicts.py | 4 ++-- lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index b2250c14926..b4e828119c1 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -173,7 +173,7 @@ ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data. ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024 lib/core/datatype.py 1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead lib/core/decorators.py d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900 lib/core/defaults.py -ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c lib/core/dicts.py +bb7e6521edad1cbfffa89fd7d5e255ed4ff148d984ffadbeac8d42baa2d76dea lib/core/dicts.py 1e801218f301968181cb876ca27bace622b8646f041bdab72cda5d6a57542408 lib/core/dump.py 2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9 lib/core/enums.py 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856 lib/core/exception.py @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -ee57c7420ef2648450c540411f881a4807fcf1be70fefabfa701f3200340c99e lib/core/settings.py +b99f7125c2b73e9aa026a4c915b07ba5668bd72d3c85d7078e14aede79a6d3e8 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -399,7 +399,7 @@ bb0edf756903d8a9df7b60272541768102c64e562e6e7a356c5a761b835efde3 plugins/dbms/m d471eb61a33bd3aa1290cdcce40a5966ebc84af79970f75e8992a2688da4be42 plugins/dbms/mysql/connector.py 1e29529d6c4938a728a2d42ef4276b46a40bf4309570213cf3c08871a83abdc1 plugins/dbms/mysql/enumeration.py 200b2c910e6902ef8021fe40b3fb426992a016926414cbf9bb74a3630f40842d plugins/dbms/mysql/filesystem.py -55da8384ba32fe9b69022c8d5429acfacd4d44e55c14f902818d6794ed1bd0a2 plugins/dbms/mysql/fingerprint.py +49e39e43e4f45f69d5a7b384c00deb09c5e474d535eb30b0a429519ec6e1bcc7 plugins/dbms/mysql/fingerprint.py 88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de plugins/dbms/mysql/__init__.py 20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca plugins/dbms/mysql/syntax.py 91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39 plugins/dbms/mysql/takeover.py diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 8d929e4214d..caefa5fc8a3 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -270,7 +270,7 @@ DBMS.ACCESS: "CVAR(NULL)", DBMS.MAXDB: "ALPHA(NULL)", DBMS.MSSQL: "IIF(1=1,DIFFERENCE(NULL,NULL),0)", - DBMS.MYSQL: "QUARTER(NULL XOR NULL)", + DBMS.MYSQL: "IFNULL(QUARTER(NULL),NULL XOR NULL)", # NOTE: previous form (i.e., QUARTER(NULL XOR NULL)) was bad as some optimization engines wrongly evaluate QUARTER(NULL XOR NULL) to 0 DBMS.ORACLE: "INSTR2(NULL,NULL)", DBMS.PGSQL: "QUOTE_IDENT(NULL)", DBMS.SQLITE: "UNLIKELY(NULL)", @@ -282,7 +282,7 @@ DBMS.PRESTO: "FROM_HEX(NULL)", DBMS.ALTIBASE: "TDESENCRYPT(NULL,NULL)", DBMS.MIMERSQL: "ASCII_CHAR(256)", - DBMS.CRATEDB: "MD5(NULL~NULL)", # Note: NULL~NULL also being evaluated on H2 and Ignite + DBMS.CRATEDB: "MD5(NULL~NULL)", # NOTE: NULL~NULL also being evaluated on H2 and Ignite DBMS.CUBRID: "(NULL SETEQ NULL)", DBMS.CACHE: "%SQLUPPER NULL", DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))", diff --git a/lib/core/settings.py b/lib/core/settings.py index 9992ad947cc..f93fbc0570e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.9.12.10" +VERSION = "1.9.12.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 57a6b8fd827..878ee75ad66 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -187,7 +187,7 @@ def checkDbms(self): infoMsg = "testing %s" % DBMS.MYSQL logger.info(infoMsg) - result = inject.checkBooleanExpression("QUARTER(NULL XOR NULL) IS NULL") + result = inject.checkBooleanExpression("IFNULL(QUARTER(NULL),NULL XOR NULL) IS NULL") if result: infoMsg = "confirming %s" % DBMS.MYSQL