CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-27 20:11:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Adding HUFFMAN_PRIOR_WEIGHTS

Browse source
This commit is contained in:
Miroslav Štampar 2026-06-23 20:27:33 +02:00
parent 0d82096025
commit da66f1b3ec
3 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/core/settings.py
View file

@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10.6.151"
VERSION = "1.10.6.152"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -523,6 +523,16 @@ KEYSET_MIN_ROWS = 1000
# Number of consecutive Huffman (set-membership) character attempts allowed to decline/escape without a single validated success before the technique latches itself off (safety against trimmed/blocked long IN() payloads)
HUFFMAN_PROBE_LIMIT = 8
# Cold-start (prior) weights for the order-0 Huffman model used in adaptive blind retrieval. Gently
# biases the initial tree toward bytes that dominate real DBMS output (lowercase text, digits, common
# identifier punctuation) so SHORT extractions don't pay the full balanced-tree depth before the online
# frequency model warms up. Magnitude is small so genuine learned counts overtake it within a few dozen
# characters (kept low-risk for uniform/hex columns: hex digits 0-9a-f are themselves favored here).
HUFFMAN_PRIOR_WEIGHTS = {}
for _weight, _chars in ((6, " etaoinsrhldcumfgypwbvkxjqz"), (4, "0123456789"), (3, "_.-/@:,'")):
for _char in _chars:
HUFFMAN_PRIOR_WEIGHTS[ord(_char)] = _weight
# Minimum range between minimum and maximum of statistical set
MIN_STATISTICAL_RANGE = 0.01

3
lib/techniques/blind/inference.py
View file

@ -43,6 +43,7 @@ from lib.core.exception import SqlmapThreadException
from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.settings import HUFFMAN_PROBE_LIMIT
from lib.core.settings import HUFFMAN_PRIOR_WEIGHTS
from lib.core.settings import INFERENCE_BLANK_BREAK
from lib.core.settings import INFERENCE_EQUALS_CHAR
from lib.core.settings import INFERENCE_GREATER_CHAR
@ -296,7 +297,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
heap = []
for order, ordinal in enumerate(xrange(128)):
heapq.heappush(heap, (model.get(ordinal, 0) + 1, order, (ordinal,)))
heapq.heappush(heap, (model.get(ordinal, 0) + HUFFMAN_PRIOR_WEIGHTS.get(ordinal, 1), order, (ordinal,)))
heapq.heappush(heap, (max(model.get(ESCAPE, 0), 1), 128, (ESCAPE,)))
counter = 129