turkdevops · pull · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -167,15 +167,15 @@ d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f  lib/controller
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/controller/__init__.py
 b2555d11529689f5d7d02bee0741d3228969e2bf29a2b9140bf1560ff60249e7  lib/core/agent.py
 b13462712ec5ac07541dba98631ddcda279d210b838f363d15ac97a1413b67a2  lib/core/bigarray.py
-2a9d87359d4b7d4fa8a818e4ee8f7a6fd3d3cf46feae17d21e7a3370c5cee5d2  lib/core/common.py
+1521efe57f554759e2550527970367615b92f3341bcb72831432a2863805a281  lib/core/common.py
 a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e  lib/core/compat.py
 461f2666d500f9a91210fec558e6ee68af61c752de5498490bc96c11b32a6b0a  lib/core/convert.py
 c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6  lib/core/data.py
 6acb645b1f285b21673c70824b03f6209acc5993b50e50da5ed2c713a30626f5  lib/core/datatype.py
 70fb2528e580b22564899595b0dff6b1bc257c6a99d2022ce3996a3d04e68e4e  lib/core/decorators.py
 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d  lib/core/defaults.py
 2f44a1bfe6f18aafe64147b99e69aa93cf438c0e7befe59f4e2aee9065c8b7b6  lib/core/dicts.py
-b37d3b745f82fe93eb3608683e87305b767e04f7cbf93dbb13ff33452c67d90a  lib/core/dump.py
+3e00b5c4ca385886f57608f7e0695bb70c696ef3454c181bbdfeea746efba96a  lib/core/dump.py
 23e33f0b457e2a7114c9171ba9b42e1751b71ee3f384bba7fad39e4490adb803  lib/core/enums.py
 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4  lib/core/exception.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/core/__init__.py
@@ -188,14 +188,14 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2  lib/core/patch
 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3  lib/core/replication.py
 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-a94bd355c8c2a9e60009c536b03de1d86f085121de60b36d22073e3620588e47  lib/core/settings.py
+94ef7db2f47a8888f8ce0cd07f5b8809fc0eb599ccbce33340ed3e2b8dcbc2fc  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725  lib/core/subprocessng.py
 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6  lib/core/target.py
 7f7d1c57917f6ccc98e2ef093e2fa4cb6424d904c772b61003d5a5a3482a848f  lib/core/testing.py
-b5b65f018d6ef4b1ceeebbc50d372e07d4733267c9f3f4b13062efd065e847b6  lib/core/threads.py
+e3e653364d08d04d7492aa40a2bd29c6a28f4d78fecdd6c10f21f6cb28b98b4c  lib/core/threads.py
 b9aacb840310173202f79c2ba125b0243003ee6b44c92eca50424f2bdfc83c02  lib/core/unescaper.py
-10719f5ca450610ad28242017b2d8a77354ca357ffa26948c5f62d20cac29a8b  lib/core/update.py
+53e396902cb2546eaa09e77073fcba8be8827ee9ce055cfc899e81b0e6ad4d6d  lib/core/update.py
 ec11fd5a3f4efd10a1cae288157ac6eb6fb75da4666d76d19f6adf74ac338b5a  lib/core/wordlist.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/__init__.py
 54bfd31ebded3ffa5848df1c644f196eb704116517c7a3d860b5d081e984d821  lib/parse/banner.py
@@ -211,7 +211,7 @@ d2e771cdacef25ee3fdc0e0355b92e7cd1b68f5edc2756ffc19f75d183ba2c73  lib/parse/payl
 132abf563aeaaf0108b7e3932cfcc9680c8f445e992de4ee71ceed1ddf60bc29  lib/request/basic.py
 bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e  lib/request/chunkedhandler.py
 09c2d8786fb5280f5f14a7b4345ecb2e7c2ca836ee06a6cf9b51770df923d94c  lib/request/comparison.py
-5a93943509a0de21322fab8df15ea56df9d5ee12363aadc1dd171622eafc8fcd  lib/request/connect.py
+9236db2abad1b1d368a3c5a5beb655055fd2445faba57a4172db264b06105bd4  lib/request/connect.py
 8e06682280fce062eef6174351bfebcb6040e19976acff9dc7b3699779783498  lib/request/direct.py
 cf019248253a5d7edb7bc474aa020b9e8625d73008a463c56ba2b539d7f2d8ec  lib/request/dns.py
 92c81cc31ff4a396723242058fb2152c9e9745f8412d01ea74480b048a53af6c  lib/request/httpshandler.py
@@ -229,7 +229,7 @@ d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab  lib/takeover/i
 f522436fbd14bdab090a1d305fcac0361800cb8e36c8cbcb47933298376a71e0  lib/takeover/registry.py
 f6e5d6e2ff368fa39943b2302982f33c47eb9a12d01419bef50fcf934b2bce34  lib/takeover/udf.py
 23d73af417604dab460b74cdc230896153f018a6c00d144019491053640a172f  lib/takeover/web.py
-14179e5273378ec8d63660a87c5cb07a42b61a6fceb7f3bb494a7b5ce10ce2cb  lib/takeover/xp_cmdshell.py
+8cc1e226d4150fe8aa1a056e5d32d858ed6444d3d4e2af7fb4bc08f0bbe9d527  lib/takeover/xp_cmdshell.py
 69928272eed889033e106527f88454dc844bfbb375fcf7c22d5f76ee30c62c9b  lib/techniques/blind/inference.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/blind/__init__.py
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/dns/__init__.py
@@ -241,7 +241,7 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d  lib/techniques
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/techniques/union/__init__.py
 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b  lib/techniques/union/test.py
 a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0  lib/techniques/union/use.py
-9ff41fda2d5738c7cc3ab794ab25e7d6b28dd17f7d9b096da9ba9ee395445f30  lib/utils/api.py
+3a418628622cf1f09346ecea12ae13a22341c8211815e01c839c9c1ab01fb12a  lib/utils/api.py
 442555ab85277aff7c9e0cf465ea5b0d28395c326f68363449b2d3941f4b6de2  lib/utils/brute.py
 da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718  lib/utils/crawler.py
 a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb  lib/utils/deps.py
@@ -492,7 +492,7 @@ cedf45d33461bd7e5400d06611a63c8a4ffae1a4510030c5696b9d46ed6a9883  plugins/generi
 c6ad39bfd1810413402dedfc275fc805fa13f85fc490e236c1e725bde4e5100b  sqlmapapi.py
 4e993cfe2889bf0f86ad0abafd9a6a25849580284ea279b2115e99707e14bb97  sqlmapapi.yaml
 627d90f1194335b800cbc9cc78db6697cf9e02e193a83598e0d4d0abb55b63b8  sqlmap.conf
-4cec2aae8d65d67cd6db60f00217aa05ab449345ed3a38e04697b85b53d755f1  sqlmap.py
+65159b82795604069a2d14ccbd1f66e888a26b05db0401a1ddadb40c665c93dc  sqlmap.py
 eb37a88357522fd7ad00d90cdc5da6b57442b4fec49366aadb2944c4fbf8b804  tamper/0eunion.py
 a9785a4c111d6fee2e6d26466ba5efb3b229c00520b26e8024b041553b53efba  tamper/apostrophemask.py
 cf26bc8006519bd25ce06d347f72770cd75b61575cf65e5812274e8ab9392eb4  tamper/apostrophenullencode.py

diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2223,7 +2223,8 @@ def safeStringFormat(format_, params):
                 match = re.search(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", retVal)
                 if match:
                     try:
-                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % params[count % len(params)], retVal, 1)
+                        _ = getUnicode(params[count % len(params)])
+                        retVal = re.sub(r"(\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\Z)", r"\g<1>%s\g<3>" % _.replace('\\', r'\\'), retVal, 1)
                     except re.error:
                         retVal = retVal.replace(match.group(0), match.group(0) % params[count % len(params)], 1)
                     count += 1

diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -605,10 +605,7 @@ def dbTableValues(self, tableValues):
                 if column != "__infos__":
                     info = tableValues[column]
 
-                    if len(info["values"]) <= i:
-                        continue
-
-                    if info["values"][i] is None:
+                    if len(info["values"]) <= i or info["values"][i] is None:
                         value = u''
                     else:
                         value = getUnicode(info["values"][i])

diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -20,7 +20,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.6.34"
+VERSION = "1.10.6.41"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

diff --git a/lib/core/threads.py b/lib/core/threads.py
@@ -213,7 +213,14 @@ def _threadFunction():
         if numThreads > 1:
             logger.info("waiting for threads to finish%s" % (" (Ctrl+C was pressed)" if isinstance(ex, KeyboardInterrupt) else ""))
         try:
-            while threading.active_count() > 1:
+            while True:
+                alive = False
+                for thread in threads:
+                    if thread.is_alive():
+                        alive = True
+                        break
+                if not alive:
+                    break
                 time.sleep(0.1)
 
         except KeyboardInterrupt:

diff --git a/lib/core/update.py b/lib/core/update.py
@@ -18,7 +18,6 @@
 from lib.core.common import getLatestRevision
 from lib.core.common import getSafeExString
 from lib.core.common import openFile
-from lib.core.common import pollProcess
 from lib.core.common import readInput
 from lib.core.convert import getText
 from lib.core.data import conf
@@ -51,7 +50,6 @@ def update():
         output = ""
         try:
             process = subprocess.Popen("pip install -U sqlmap", shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)
-            pollProcess(process, True)
             output, _ = process.communicate()
             success = not process.returncode
         except Exception as ex:
@@ -138,7 +136,6 @@ def update():
         output = ""
         try:
             process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)
-            pollProcess(process, True)
             output, _ = process.communicate()
             success = not process.returncode
         except Exception as ex:

diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -7,6 +7,7 @@
 
 import binascii
 import inspect
+import io
 import logging
 import os
 import random
@@ -530,6 +531,10 @@ def getPage(**kwargs):
                     while True:
                         try:
                             _page.append(ws.recv())
+                            if sum(len(_) for _ in _page) > MAX_CONNECTION_TOTAL_SIZE:
+                                warnMsg = "too large websocket response detected. Automatically trimming it"
+                                singleTimeWarnMessage(warnMsg)
+                                break
                         except websocket.WebSocketTimeoutException:
                             kb.webSocketRecvCount = len(_page)
                             break
@@ -639,6 +644,9 @@ class _(dict):
                     except (httpx.HTTPError, httpx.InvalidURL, httpx.CookieConflict, httpx.StreamError) as ex:
                         raise _http_client.HTTPException(getSafeExString(ex))
                     else:
+                        if conn.status_code >= 400:
+                            raise _urllib.error.HTTPError(url, conn.status_code, conn.reason_phrase, conn.headers, io.BytesIO(conn.read()))
+
                         conn.code = conn.status_code
                         conn.msg = conn.reason_phrase
                         conn.info = lambda c=conn: c.headers

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -226,8 +226,8 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
 
                 if isNumPosStrValue(count):
                     for index in getLimitRange(count):
-                        query = agent.limitQuery(index, query, self.tblField)
-                        output.append(inject.getValue(query, union=False, error=False, resumeValue=False))
+                        limitedQuery = agent.limitQuery(index, query, self.tblField)
+                        output.append(inject.getValue(limitedQuery, union=False, error=False, resumeValue=False))
 
             inject.goStacked("DELETE FROM %s" % self.cmdTblName)
 

diff --git a/lib/utils/api.py b/lib/utils/api.py
@@ -119,8 +119,8 @@ def execute(self, statement, arguments=None):
                 else:
                     break
 
-        if statement.lstrip().upper().startswith("SELECT"):
-            return self.cursor.fetchall()
+            if statement.lstrip().upper().startswith("SELECT"):
+                return self.cursor.fetchall()
 
     def init(self):
         self.execute("CREATE TABLE IF NOT EXISTS logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)")
@@ -392,6 +392,7 @@ def task_delete(taskid):
     Delete an existing task
     """
     if taskid in DataStore.tasks:
+        DataStore.tasks[taskid].engine_kill()
         DataStore.tasks.pop(taskid)
 
         logger.debug("(%s) Deleted task" % taskid)

diff --git a/sqlmap.py b/sqlmap.py
@@ -384,7 +384,7 @@ def main():
             logger.critical(errMsg)
             raise SystemExit
 
-        elif "AttributeError:" in excMsg and re.search(r"3\.11\.\d+a", sys.version):
+        elif any(_ in excMsg for _ in ("AttributeError:", "TypeError:")) and re.search(r"3\.11\.\d+a", sys.version):
             errMsg = "there is a known issue when sqlmap is run with ALPHA versions of Python 3.11. "
             errMsg += "Please download a stable Python version"
             logger.critical(errMsg)