Minor update of fingerprinting payloads

stamparm · stamparm · commit 9d85d3005a87 · 2023-10-27T15:17:47.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -20,7 +20,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.7.10.3"
+VERSION = "1.7.10.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
@@ -45,9 +45,10 @@ def _commentCheck(self):
         # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/
 
         versions = (
-            (80000, 80033),  # MySQL 8.0
+            (80100, 80102),  # MySQL 8.1
+            (80000, 80035),  # MySQL 8.0
             (60000, 60014),  # MySQL 6.0
-            (50700, 50742),  # MySQL 5.7
+            (50700, 50744),  # MySQL 5.7
             (50600, 50652),  # MySQL 5.6
             (50500, 50563),  # MySQL 5.5
             (50400, 50404),  # MySQL 5.4
diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py
@@ -105,7 +105,7 @@ def checkDbms(self):
             logger.info(infoMsg)
 
             # Reference: https://en.wikipedia.org/wiki/Oracle_Database
-            for version in ("21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"):
+            for version in ("23c", "21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"):
                 number = int(re.search(r"([\d]+)", version).group(1))
                 output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
 
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
@@ -131,7 +131,9 @@ def checkDbms(self):
             infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
             logger.info(infoMsg)
 
-            if inject.checkBooleanExpression("REGEXP_COUNT(NULL,NULL) IS NULL"):
+            if inject.checkBooleanExpression("RANDOM_NORMAL(0.0, 1.0) IS NOT NULL"):
+                Backend.setVersion(">= 16.0")
+            elif inject.checkBooleanExpression("REGEXP_COUNT(NULL,NULL) IS NULL"):
                 Backend.setVersion(">= 15.0")
             elif inject.checkBooleanExpression("BIT_COUNT(NULL) IS NULL"):
                 Backend.setVersion(">= 14.0")
