From 6952367857e8a4cac496b082671be80803111e7dd1b2132f4fb119028a217a34 Mon Sep 17 00:00:00 2001 From: Paolo Perego Date: Thu, 28 Nov 2024 15:29:07 +0000 Subject: [PATCH] - update to 1.8.11: * fixed #5772, #5761 unhandled exception * fixed #5763 Can not perform sql blind injection again latest dvwa * fixed #5798 Some bugs with common tables and columns check * fixed #5767 direct connection to oracle database not working * update translations OBS-URL: https://build.opensuse.org/package/show/security/sqlmap?expand=0&rev=33 --- .gitattributes | 23 ++++++ .gitignore | 1 + fix_shebang.patch | 40 ++++++++++ sqlmap-1.8.11.tar.gz | 3 + sqlmap-1.8.5.tar.gz | 3 + sqlmap-1.8.8.tar.gz | 3 + sqlmap.changes | 174 +++++++++++++++++++++++++++++++++++++++++++ sqlmap.spec | 82 ++++++++++++++++++++ 8 files changed, 329 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 fix_shebang.patch create mode 100644 sqlmap-1.8.11.tar.gz create mode 100644 sqlmap-1.8.5.tar.gz create mode 100644 sqlmap-1.8.8.tar.gz create mode 100644 sqlmap.changes create mode 100644 sqlmap.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/fix_shebang.patch b/fix_shebang.patch new file mode 100644 index 0000000..f849daf --- /dev/null +++ b/fix_shebang.patch @@ -0,0 +1,40 @@ +Only in sqlmap-1.5.ori/extra/icmpsh: icmpsh-m.c +Only in sqlmap-1.5/extra/icmpsh: icmpsh-m.c.txt +Only in sqlmap-1.5.ori/extra/icmpsh: icmpsh-s.c +Only in sqlmap-1.5/extra/icmpsh: icmpsh-s.c.txt +Only in sqlmap-1.5.ori/extra/runcmd/src/runcmd: runcmd.cpp +Only in sqlmap-1.5/extra/runcmd/src/runcmd: runcmd.cpp.txt +Only in sqlmap-1.5.ori/extra/runcmd/src/runcmd: stdafx.cpp +Only in sqlmap-1.5/extra/runcmd/src/runcmd: stdafx.cpp.txt +Only in sqlmap-1.5.ori/extra/runcmd/src/runcmd: stdafx.h +Only in sqlmap-1.5/extra/runcmd/src/runcmd: stdafx.h.txt +Index: sqlmap-1.8.11/extra/shutils/autocompletion.sh +=================================================================== +--- sqlmap-1.8.11.orig/extra/shutils/autocompletion.sh ++++ sqlmap-1.8.11/extra/shutils/autocompletion.sh +@@ -1,4 +1,4 @@ +-#/usr/bin/env bash ++#!/usr/bin/bash + + # source ./extra/shutils/autocompletion.sh + +Index: sqlmap-1.8.11/sqlmapapi.py +=================================================================== +--- sqlmap-1.8.11.orig/sqlmapapi.py ++++ sqlmap-1.8.11/sqlmapapi.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + """ + Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) +Index: sqlmap-1.8.11/sqlmap.py +=================================================================== +--- sqlmap-1.8.11.orig/sqlmap.py ++++ sqlmap-1.8.11/sqlmap.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + """ + Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) diff --git a/sqlmap-1.8.11.tar.gz b/sqlmap-1.8.11.tar.gz new file mode 100644 index 0000000..0cf3250 --- /dev/null +++ b/sqlmap-1.8.11.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e52ee3a3c1892745176f936fc16a7f761d690739afa4b7b01c64e9144849cbd9 +size 7251649 diff --git a/sqlmap-1.8.5.tar.gz b/sqlmap-1.8.5.tar.gz new file mode 100644 index 0000000..dcd9f6b --- /dev/null +++ b/sqlmap-1.8.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8135305a3e45ce7b29bae02bf77e318091b398703bf727c91ec4d2b375fe79d7 +size 7245377 diff --git a/sqlmap-1.8.8.tar.gz b/sqlmap-1.8.8.tar.gz new file mode 100644 index 0000000..cd916d7 --- /dev/null +++ b/sqlmap-1.8.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3bab3fbe9903b5c335202a7bcfc52bfd05c66634dd9f19b8d5bfaefcc98c1fdf +size 7249385 diff --git a/sqlmap.changes b/sqlmap.changes new file mode 100644 index 0000000..a51563c --- /dev/null +++ b/sqlmap.changes @@ -0,0 +1,174 @@ +------------------------------------------------------------------- +Wed Nov 27 15:56:23 UTC 2024 - Andrea Manzini + +- update to 1.8.11: + * fixed #5772, #5761 unhandled exception + * fixed #5763 Can not perform sql blind injection again latest dvwa + * fixed #5798 Some bugs with common tables and columns check + * fixed #5767 direct connection to oracle database not working + * update translations + +------------------------------------------------------------------- +Mon Sep 2 15:16:10 UTC 2024 - Andrea Manzini + +- update to 1.8.8: + * fixed #5727 SQLAlchemy connection issue + * fixed #5725 Arbitrary Injection Point Not Working + * implements #5728 More error-based payloads + * fixed #5738 probing web services on non-standard ports + * fixed #5731 python 3.13 compatibility + * fixed #4613 Single column enumeration (-C) broken for Firebird backend + * fixed #5755, #5759 Unhandled exception + +------------------------------------------------------------------- +Sat May 25 15:10:26 UTC 2024 - Andrea Manzini + +- update to 1.8.5: + * Patch related to the #5700 (Send raw binary data to postprocess function) + +- update to 1.8.4: + * Removing some obsolete code + +------------------------------------------------------------------- +Sat Mar 16 19:41:22 UTC 2024 - Dirk Müller + +- update to 1.8.3: + * Adding switch '--unsafe-naming' + * Fixes #5619 + * Fixes #5590 + * Add Patch related to empty multiform-data field value + * Fix Python 3.12 warnings + +------------------------------------------------------------------- +Fri Jan 5 14:32:01 UTC 2024 - Andrea Manzini + +- update to 1.8: + * H2 queries to get data use wrong order for LIMIT and OFFSET (#5580) + * Cleaning some mess with limitQuery + * fix issue #5571, #5229, #5581, #5585 + * update documentation and copyright year + +------------------------------------------------------------------- +Fri Dec 1 15:04:41 UTC 2023 - Dirk Müller + +- update to 1.7.12: + * Fixes #5567, #5566, #5574, #5576 + +------------------------------------------------------------------- +Sat Nov 25 16:49:38 UTC 2023 - Dirk Müller + +- update to 1.7.11: + * Fixes: #5539, #5549, #5560, #5565 + +------------------------------------------------------------------- +Tue Oct 10 08:41:21 UTC 2023 - Paolo Stivanin + +- update to 1.7.10: + * Fixes: #5536, #5502, #5521 + +------------------------------------------------------------------- +Thu Sep 14 12:48:25 UTC 2023 - Andrea Manzini + +- update to 1.7.9: + * Removing support for lol FORKZ + * Fixes #5476 + * Fixes #5481 + * Fixes #5479 + * Fixes #5477 + * Potential fix for #5485 + * Patch for #5485 + * Fixes #5493 + * Fixes #5492 + * Fixes #5483 + * Add SQLite AND boolean-based blind payload (#5501) + * Fixes #5510 + * Implements option --union-values (#5508) + +------------------------------------------------------------------- +Wed Jul 19 19:24:30 UTC 2023 - Dirk Müller + +- update to 1.7.7: + * Fixes #5428 + * Fixes #5431 + * Fixes #5434 + * Fixes #5444 + * Fixes #5445 + * Implements #5452 + +------------------------------------------------------------------- +Fri Jun 16 10:01:55 UTC 2023 - Andrea Manzini + +- update to 1.7.6: + * Bugfixes: #5428, #5409, #5381, #5358 + +------------------------------------------------------------------- +Mon Feb 13 09:28:29 UTC 2023 - Andrea Manzini + +- update to 1.7.2: + * Implements tamper script if2case + * Bugfixes + +------------------------------------------------------------------- +Tue Dec 6 12:05:32 UTC 2022 - Dirk Müller + +- update to 1.6.12: + * Better handling of CookieJar Runtime Exception + * Fixes #5216 + * Fixes #5220 + * Fixes #5233 + * Fixes #5232 + * Fixes #5240 + * Fixes #5242 + * Fixes #5252 + +------------------------------------------------------------------- +Sun Dec 4 13:58:09 UTC 2022 - Dirk Müller + +- update to 1.6.11: + * Fixes #5190 + * Fixes #5191 + * Fixes #5192 + * Implement --csrf-data + * Fix --cookie-del + * Fixes #5216 + +------------------------------------------------------------------- +Mon Oct 10 08:15:44 UTC 2022 - Dirk Müller + +- update to 1.6.10: + * Fixes #5187 + * Fixes #5182 + * Fixes #5170 + * Fixes #5165 + * Fixes #5162 + * Fixes #5154 + * Fixes #5152 + * Fixes #5147 + +------------------------------------------------------------------- +Wed Aug 3 22:05:25 UTC 2022 - Dirk Müller + +- update to 1.6.7: + * https://github.com/sqlmapproject/sqlmap/compare/1.5.7...1.6.7 + +------------------------------------------------------------------- +Tue Aug 31 05:16:54 UTC 2021 - Steve Kowalik + +- Update fix_shebang.patch to switch Python scripts to calling + /usr/bin/python3. +- Add Requires on python3 for full interpreter. + +------------------------------------------------------------------- +Thu Jul 15 07:21:22 UTC 2021 - Paolo Stivanin + +- Update to 1.5.7: + * Fixed #4728 (https://github.com/sqlmapproject/sqlmap/issues/4728) + * Fixed #4664 (https://github.com/sqlmapproject/sqlmap/issues/4664) + * Fixed #4625 (https://github.com/sqlmapproject/sqlmap/issues/4625) + * Speedup of caching for char encoding (non-Unicode chars in page) + * Fixing HTTP chunking for Python2.6 + +------------------------------------------------------------------- +Thu Jul 1 15:38:57 UTC 2021 - Paolo Perego + +- First import from upstream diff --git a/sqlmap.spec b/sqlmap.spec new file mode 100644 index 0000000..54ad1fd --- /dev/null +++ b/sqlmap.spec @@ -0,0 +1,82 @@ +# +# spec file for package sqlmap +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: sqlmap +Version: 1.8.11 +Release: 0 +Summary: Automatic SQL injection and database takeover tool +License: GPL-2.0-or-later +URL: https://sqlmap.org/ +Source: https://github.com/sqlmapproject/sqlmap/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: fix_shebang.patch +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python3 +BuildArch: noarch + +%description + +sqlmap is an open source penetration testing tool that automates the process of +detecting and exploiting SQL injection flaws and taking over of database +servers. It comes with a powerful detection engine, many niche features for the +ultimate penetration tester, and a broad range of switches including database +fingerprinting, over data fetching from the database, accessing the underlying +file system, and executing commands on the operating system via out-of-band +connections. + +%prep +%autosetup -p1 -n sqlmap-%{version} +find extra lib plugins tamper thirdparty -iname "*.py" -exec sed -i '1{/^#!/ d}' {} \; +find extra lib plugins tamper thirdparty -iname "*.pl" -exec sed -i '1{/^#!/ d}' {} \; +mv extra/icmpsh/icmpsh-m.c extra/icmpsh/icmpsh-m.c.txt +mv extra/icmpsh/icmpsh-s.c extra/icmpsh/icmpsh-s.c.txt +mv extra/runcmd/src/runcmd/runcmd.cpp extra/runcmd/src/runcmd/runcmd.cpp.txt +mv extra/runcmd/src/runcmd/stdafx.cpp extra/runcmd/src/runcmd/stdafx.cpp.txt +mv extra/runcmd/src/runcmd/stdafx.h extra/runcmd/src/runcmd/stdafx.h.txt +chmod ugo-x extra/shutils/duplicates.py +chmod ugo-x thirdparty/identywaf/identYwaf.py +chmod ugo-x plugins/dbms/clickhouse/*.py + +%build + +%install +mkdir -p %{buildroot}%{_datadir}/sqlmap +cp -a * %{buildroot}%{_datadir}/sqlmap + +%python_expand %fdupes %{buildroot}%{_datadir}/sqlmap + +%post +ln -s -f %{_datadir}/sqlmap/sqlmap.py %{_bindir} +ln -s -f %{_datadir}/sqlmap/sqlmapapi.py %{_bindir} + +%postun +case "$1" in + 0) # last one out put out the lights + rm -f %{_bindir}/sqlmap.py + rm -f %{_bindir}/sqlmapapi.py + ;; +esac + +%files +%{_datadir}/sqlmap + +%license %{_datadir}/sqlmap/LICENSE +%doc %{_datadir}/sqlmap/README.md + +%changelog