From 93cbbc237800b9fa240597fa75e2be83f6602202 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 15 Apr 2026 19:27:35 +0200 Subject: [PATCH] Hiding --alert behind SQLMAP_UNSAFE_ALERT --- data/txt/sha256sums.txt | 4 ++-- lib/core/option.py | 7 +++++++ lib/core/settings.py | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 93359233c..c304d3e88 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -181,14 +181,14 @@ a033f92d136c707a25927c2383125ddb004d4283db62c004dcd67c3fc242bb1c lib/core/dump. 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/core/__init__.py 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py 67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d lib/core/optiondict.py -d75baf80690f08f80d605a42f675eaca9c26d7b1cbb47f5ddf7d36a47c4b640b lib/core/option.py +226c01e46050ff48122df682f713565509a386e58d06cc43da59d028e0afc2fd lib/core/option.py 789320dcb3f93137d3065080ee98429280bf10b20b66a1c08d3fcc1747b30d94 lib/core/patch.py 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -660dc65807eb1b660d3f4f7b154a1bf44d3841bf7dc1ad68ecb32d1dca354cf2 lib/core/settings.py +76823a75705cc63d0dde9cd680913626536fbc6989b932fd191cd379ab2aaefb lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py diff --git a/lib/core/option.py b/lib/core/option.py index fd3103fa0..dfaf3653e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2671,6 +2671,13 @@ def _basicOptionValidation(): errMsg = "switch '--dump' is incompatible with switch '--search'" raise SqlmapSyntaxException(errMsg) + if conf.alert and os.environ.get("SQLMAP_UNSAFE_ALERT") != '1': + errMsg = "for security reasons, to prevent execution of potentially malicious " + errMsg += "OS commands via configuration files or copy-paste attacks, " + errMsg += "the '--alert' option requires the environment variable " + errMsg += "'SQLMAP_UNSAFE_ALERT=1' to be explicitly set" + raise SqlmapSystemException(errMsg) + if conf.chunked and not any((conf.data, conf.requestFile, conf.forms)): errMsg = "switch '--chunked' requires usage of (POST) options/switches '--data', '-r' or '--forms'" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1eef72349..c26dc13e3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.10.4.2" +VERSION = "1.10.4.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)