From 70b4d0036456e300dcaf06e3a5184764cd3dc807 Mon Sep 17 00:00:00 2001 From: Zakaria Zoulati <146139642+zakaria-zoulati@users.noreply.github.com> Date: Thu, 11 Jun 2026 09:59:57 +0100 Subject: [PATCH 1/3] Fix RTL rendering of file extensions in Arabic Readme (#6072) --- doc/translations/README-ar-AR.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/translations/README-ar-AR.md b/doc/translations/README-ar-AR.md index 29d8e9f15b0..ecbb83d851c 100644 --- a/doc/translations/README-ar-AR.md +++ b/doc/translations/README-ar-AR.md @@ -58,7 +58,7 @@ ---- * الصفحة الرئيسية: https://sqlmap.org -* التحميل: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) أو [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* التحميل: [‪.tar.gz‬](https://github.com/sqlmapproject/sqlmap/tarball/master) أو [‪.zip‬](https://github.com/sqlmapproject/sqlmap/zipball/master) * تغذية التحديثات RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom * تتبع المشكلات: https://github.com/sqlmapproject/sqlmap/issues * دليل المستخدم: https://github.com/sqlmapproject/sqlmap/wiki From 5c691247e189e2e024459445de0671c636f07ed4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 11 Jun 2026 11:03:59 +0200 Subject: [PATCH 2/3] Minor update --- data/txt/sha256sums.txt | 6 +++--- lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 17 ++++++++++------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 5f146606e25..b3069ed4bc3 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -89,7 +89,7 @@ b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/paylo ce20a4b452f24a97fde7ec9ed816feee12ac148e1fde5f1722772cc866b12740 doc/CHANGELOG.md c8d5733111c6d1e387904bc14e98815f98f816f6e73f6a664de24c0f1d331d9b doc/THANKS.md 59697fb4f118a3197f5b3dc9057351797767c8bcc748e0286e3f7ad74ec3afb6 doc/THIRD-PARTY.md -25012296e8484ea04f7d2368ac9bdbcded4e42dbc5e3373d59c2bb3e950be0b8 doc/translations/README-ar-AR.md +2af9b7a8c5f24de68f9b8b1bcf3a7f2b0e55fdb48b6545e1fc8b13f406ac97c2 doc/translations/README-ar-AR.md c25f7d7f0cc5e13db71994d2b34ada4965e06c87778f1d6c1a103063d25e2c89 doc/translations/README-bg-BG.md e85c82df1a312d93cd282520388c70ecb48bfe8692644fe8dbbf7d43244cda41 doc/translations/README-bn-BD.md 00b327233fac8016f1d6d7177479ab3af050c1e7f17b0305c9a97ecdb61b82c9 doc/translations/README-ckb-KU.md @@ -188,7 +188,7 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data. 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -09737c0882fe49942216de43af12b3c8471a41fa00831a49b4dfd8462fd79308 lib/core/settings.py +d69a1586a6aae582afe790ecde487acd7e15aec192d687788ef532974051fe0b lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -400,7 +400,7 @@ a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/m 275ffb2a63c179a5b1673866fcd4020d7f30a68e6d7736e7e21094e2a3234578 plugins/dbms/mysql/connector.py 51590c30177adf8c435e4d6d4be070f6708d81793f70577d9317daa4ef2485ba plugins/dbms/mysql/enumeration.py 5114ca85e5aac6eaebf2ca2cf6b944250329d2d5c36a36015ac34599c9437838 plugins/dbms/mysql/filesystem.py -b5708a7e3179896f0242f6188642d0f613371b2f621ad8ebb0a53c934dd36259 plugins/dbms/mysql/fingerprint.py +86a53d0ab8e569c04325f1011969b059582252278e97cfcdb0502548a5b38908 plugins/dbms/mysql/fingerprint.py e2289734859246e6c1a150d12914a711901d10140659beded7aa14f22d11bca3 plugins/dbms/mysql/__init__.py 02a37c42e8a87496858fd6f9d77a5ab9375ea63a004c5393e3d02ca72bc55f19 plugins/dbms/mysql/syntax.py 1e6a7c6cc77772a4051d88604774ba5cc9e06b1180f7dba9809d0739bc65cf37 plugins/dbms/mysql/takeover.py diff --git a/lib/core/settings.py b/lib/core/settings.py index bb170ca243d..d381bd7da50 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.61" +VERSION = "1.10.6.62" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 1876779edef..e3fcb1cf6fa 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -45,14 +45,17 @@ def _commentCheck(self): # Reference: https://dev.mysql.com/doc/relnotes/mysql/./en/ versions = ( - (90300, 90302), # MySQL 9.3 - (90200, 90202), # MySQL 9.2 - (90100, 90102), # MySQL 9.1 + (90600, 90601), # MySQL 9.6 + (90500, 90501), # MySQL 9.5 + (90400, 90401), # MySQL 9.4 + (90300, 90301), # MySQL 9.3 + (90200, 90201), # MySQL 9.2 + (90100, 90101), # MySQL 9.1 (90000, 90002), # MySQL 9.0 - (80400, 80406), # MySQL 8.4 - (80300, 80302), # MySQL 8.3 - (80200, 80202), # MySQL 8.2 - (80100, 80102), # MySQL 8.1 + (80400, 80409), # MySQL 8.4 + (80300, 80301), # MySQL 8.3 + (80200, 80201), # MySQL 8.2 + (80100, 80101), # MySQL 8.1 (80000, 80043), # MySQL 8.0 (60000, 60014), # MySQL 6.0 (50700, 50745), # MySQL 5.7 From ef00b9fab29b90a5c35f3cbba76dc5983d01a19f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0tampar?= Date: Thu, 11 Jun 2026 13:14:45 +0200 Subject: [PATCH 3/3] Minor performance patch --- data/txt/sha256sums.txt | 4 ++-- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 19 +++++++++---------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index b3069ed4bc3..812d933901f 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data. 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -d69a1586a6aae582afe790ecde487acd7e15aec192d687788ef532974051fe0b lib/core/settings.py +872dd556f0197b8f51f62260cbf92a4bbf8f5f40f6f3af98df78e9a790f79a77 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -230,7 +230,7 @@ f522436fbd14bdab090a1d305fcac0361800cb8e36c8cbcb47933298376a71e0 lib/takeover/r f6e5d6e2ff368fa39943b2302982f33c47eb9a12d01419bef50fcf934b2bce34 lib/takeover/udf.py 23d73af417604dab460b74cdc230896153f018a6c00d144019491053640a172f lib/takeover/web.py 8cc1e226d4150fe8aa1a056e5d32d858ed6444d3d4e2af7fb4bc08f0bbe9d527 lib/takeover/xp_cmdshell.py -69928272eed889033e106527f88454dc844bfbb375fcf7c22d5f76ee30c62c9b lib/techniques/blind/inference.py +3609556c6c72010ce4cae5ffeeb74437a15a9dc218f77e079655f32e704fdeef lib/techniques/blind/inference.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/techniques/blind/__init__.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/techniques/dns/__init__.py 3df9839fb92a81d46b6194d7adacb43f391efb78b071783c132e8d596ecbfaf1 lib/techniques/dns/test.py diff --git a/lib/core/settings.py b/lib/core/settings.py index d381bd7da50..f2dc820667f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.62" +VERSION = "1.10.6.63" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 2c1d3f41634..d9207e2b10b 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -512,6 +512,8 @@ def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None, threadData.shared.value = [None] * length threadData.shared.index = [firstChar] # As list for python nested function scoping threadData.shared.start = firstChar + threadData.shared.retrieved = 0 + threadData.shared.endIndex = 0 try: def blindThread(): @@ -537,7 +539,11 @@ def blindThread(): break with kb.locks.value: - threadData.shared.value[currentCharIndex - 1 - firstChar] = val + idx = currentCharIndex - 1 - firstChar + threadData.shared.value[idx] = val + threadData.shared.retrieved += 1 + if idx > threadData.shared.endIndex: + threadData.shared.endIndex = idx currentValue = list(threadData.shared.value) if kb.threadContinue: @@ -545,25 +551,18 @@ def blindThread(): progress.progress(threadData.shared.index[0]) elif conf.verbose >= 1: startCharIndex = 0 - endCharIndex = 0 - - for i in xrange(length): - if currentValue[i] is not None: - endCharIndex = max(endCharIndex, i) + endCharIndex = threadData.shared.endIndex output = '' if endCharIndex > conf.progressWidth: startCharIndex = endCharIndex - conf.progressWidth - count = threadData.shared.start + count = threadData.shared.start + threadData.shared.retrieved for i in xrange(startCharIndex, endCharIndex + 1): output += '_' if currentValue[i] is None else filterControlChars(currentValue[i] if len(currentValue[i]) == 1 else ' ', replacement=' ') - for i in xrange(length): - count += 1 if currentValue[i] is not None else 0 - if startCharIndex > 0: output = ".." + output[2:]