From 60d145ab6b7042049aaaccab1799693b7cf573cc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Dec 2025 01:04:41 +0100
Subject: [PATCH 1/3] Implementing support for v2.x for H2

---
 data/txt/sha256sums.txt        | 8 ++++----
 data/xml/queries.xml           | 8 ++++----
 lib/core/settings.py           | 2 +-
 plugins/dbms/h2/fingerprint.py | 4 ++++
 plugins/generic/users.py       | 2 ++
 5 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index f6b516fc95d..8188d331b8e 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -83,7 +83,7 @@ b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/paylo
 0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689  data/xml/payloads/stacked_queries.xml
 997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1  data/xml/payloads/time_blind.xml
 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
-e6761589b8c33c11d0a3d65ff2ee8579515f4ce3c5614ecb90c1faea451a9c0b  data/xml/queries.xml
+dd0ee0fac1a4f7fdbecc8fcceb0a1a4e2d15cec3847198740a1994851c56ad27  data/xml/queries.xml
 abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
 2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe  doc/CHANGELOG.md
 2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-426ae23bf138273edc5241f923fc161c13f5517666c8f2162ebbf3a0b48d6ebf  lib/core/settings.py
+b1b416ae195be51eadd8f31be271f5774eed1dc8d90cb5e7421d2f60ca9ff26f  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@@ -342,7 +342,7 @@ fd9d9030d054b9b74cf6973902ca38b0a6cad5898b828366162df6bdc8ea10d2  plugins/dbms/f
 ed39a02193934768cf65d86f9424005f60e0ef03052b5fea1103c78818c19d45  plugins/dbms/h2/connector.py
 8556f37d4739f8eafcde253b2053d1af41959f6ec09af531304d0e695e3eed6b  plugins/dbms/h2/enumeration.py
 080b0c1173ffe7511dc6990b6de8385b5e63a5c19b8d5e2d04de23ac9513a45c  plugins/dbms/h2/filesystem.py
-d08c1a912f8334c3e706b598db2869edbb1a291a2ccb00c9523ee371de9db0d0  plugins/dbms/h2/fingerprint.py
+355f941c74cbd0d43726408970aab9518f50f588e780aa764ed237e4bc0c3316  plugins/dbms/h2/fingerprint.py
 94ee6a0f41bb17b863a0425f95c0dcf90963a7f0ed92f5a2b53659c33b5910b8  plugins/dbms/h2/__init__.py
 9899a908eb064888d0e385156395d0436801027b2f4a9846b588211dc4b61f83  plugins/dbms/h2/syntax.py
 53951b2ba616262df5a24aa53e83c1e401d7829bd4b7386dd07704fd05811de2  plugins/dbms/h2/takeover.py
@@ -471,7 +471,7 @@ ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e  plugins/generi
 546486bd4221729d7d85b6ce3dbc263c818d091c67774bd781d7d72896eb733b  plugins/generic/search.py
 9be0e2f931b559052518b68511117d6d6e926e69e463ddfa6dc8e9717c0ca677  plugins/generic/syntax.py
 7bb6403d83cc9fd880180e3ad36dca0cc8268f05f9d7e6f6dba6d405eea48c3a  plugins/generic/takeover.py
-115ee30c77698bb041351686a3f191a3aa247adb2e0da9844f1ad048d0e002cd  plugins/generic/users.py
+cbc7684de872fac4baeabd1fce3938bc771316c36e54d69ac6a301e8a99f07b2  plugins/generic/users.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  plugins/__init__.py
 f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697  README.md
 535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc  sqlmapapi.py
diff --git a/data/xml/queries.xml b/data/xml/queries.xml
index 14b012db311..d169832b782 100644
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -770,8 +770,8 @@
         <is_dba query="SELECT CURRENT_USER='SA'"/>
         <check_udf/>
         <users>
-            <inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
-            <blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
+            <inband query="SELECT USER_NAME FROM INFORMATION_SCHEMA.USERS" query2="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
+            <blind query="SELECT USER_NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(USER_NAME) FROM INFORMATION_SCHEMA.USERS" query2="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count2="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
         </users>
         <passwords/>
         <privileges/>
@@ -786,8 +786,8 @@
             <blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
         </tables>
         <columns>
-            <blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
-            <inband query="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME"/>
+            <blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
+            <inband query="SELECT COLUMN_NAME,DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME" query2="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition2="COLUMN_NAME"/>
         </columns>
         <dump_table>
             <blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/>
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 91763d82d77..dc6927b2a13 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.7"
+VERSION = "1.9.12.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py
index 524731b6b05..e6e26aa5366 100644
--- a/plugins/dbms/h2/fingerprint.py
+++ b/plugins/dbms/h2/fingerprint.py
@@ -103,6 +103,10 @@ def checkDbms(self):
             else:
                 setDbms(DBMS.H2)
 
+                result = inject.checkBooleanExpression("JSON_OBJECT() IS NOT NULL")
+                version = '2' if result else '1'
+                Backend.setVersion(version)
+
                 self.getBanner()
 
                 return True
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index 4e50bac1e37..18ae477ed43 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -13,6 +13,7 @@
 from lib.core.common import filterPairValues
 from lib.core.common import getLimitRange
 from lib.core.common import isAdminFromPrivileges
+from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isInferenceAvailable
 from lib.core.common import isNoneValue
 from lib.core.common import isNullValue
@@ -104,6 +105,7 @@ def getUsers(self):
 
         condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
         condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
+        condition |= (Backend.isDbms(DBMS.H2) and not isDBMSVersionAtLeast("2"))
 
         if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
             if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):

From 1a7538ae0fb03a9f93e1b2b6d13e48bf791dc2c7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Dec 2025 02:33:56 +0100
Subject: [PATCH 2/3] Minor patch for Apache Derby

---
 data/txt/sha256sums.txt | 4 ++--
 data/xml/queries.xml    | 4 ++--
 lib/core/settings.py    | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index 8188d331b8e..cd9ea3111d3 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -83,7 +83,7 @@ b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609  data/xml/paylo
 0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689  data/xml/payloads/stacked_queries.xml
 997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1  data/xml/payloads/time_blind.xml
 40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089  data/xml/payloads/union_query.xml
-dd0ee0fac1a4f7fdbecc8fcceb0a1a4e2d15cec3847198740a1994851c56ad27  data/xml/queries.xml
+eeaec8f6590db3315a740b04f21fed8ae229d9d0ef8b85af5ad83a905e9bfd6e  data/xml/queries.xml
 abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e  doc/AUTHORS
 2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe  doc/CHANGELOG.md
 2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d  doc/THANKS.md
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-b1b416ae195be51eadd8f31be271f5774eed1dc8d90cb5e7421d2f60ca9ff26f  lib/core/settings.py
+ff7faea73b5ed207c8b5648dd5ce03d8bee4e06801f7c70bd95d6eb7d0023cc1  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
diff --git a/data/xml/queries.xml b/data/xml/queries.xml
index d169832b782..d497f3d8cf2 100644
--- a/data/xml/queries.xml
+++ b/data/xml/queries.xml
@@ -946,8 +946,8 @@
         <limitstring/>
         <order query="ORDER BY %s ASC"/>
         <count query="COUNT(%s)"/>
-        <!-- NOTE: comment without alphanumeric char in continuation is invalid -->
-        <comment query="--x"/>
+        <!-- NOTE: https://issues.apache.org/jira/browse/DERBY-3157 -->
+        <comment query="--aa"/>
         <substring query="SUBSTR((%s),%d,%d)"/>
         <concatenate query="%s||%s"/>
         <!-- NOTE: Apache Derby does not support implicit conversion from int to string -->
diff --git a/lib/core/settings.py b/lib/core/settings.py
index dc6927b2a13..38fe9000cc0 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.8"
+VERSION = "1.9.12.9"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

From 870e11a38e5080446b12333b8bcaf5e60553d45d Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Dec 2025 02:52:39 +0100
Subject: [PATCH 3/3] Minor optimization

---
 data/txt/sha256sums.txt | 4 ++--
 lib/core/dump.py        | 7 +++++--
 lib/core/settings.py    | 5 ++++-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index cd9ea3111d3..b2250c14926 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -174,7 +174,7 @@ ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024  lib/core/datat
 1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead  lib/core/decorators.py
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
 ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
-4f1b858d433daa6f898d5ded54066cad63fab7ee245ad9eb1613c626448d5a0e  lib/core/dump.py
+1e801218f301968181cb876ca27bace622b8646f041bdab72cda5d6a57542408  lib/core/dump.py
 2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
 1c48804c10b94da696d3470efbd25d2fff0f0bbf2af0101aaac8f8c097fce02b  lib/core/gui.py
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-ff7faea73b5ed207c8b5648dd5ce03d8bee4e06801f7c70bd95d6eb7d0023cc1  lib/core/settings.py
+ee57c7420ef2648450c540411f881a4807fcf1be70fefabfa701f3200340c99e  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
diff --git a/lib/core/dump.py b/lib/core/dump.py
index 269d13f6789..37baf2c10c3 100644
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -45,6 +45,7 @@
 from lib.core.exception import SqlmapSystemException
 from lib.core.exception import SqlmapValueException
 from lib.core.replication import Replication
+from lib.core.settings import CHECK_SQLITE_TYPE_THRESHOLD
 from lib.core.settings import DUMP_FILE_BUFFER_SIZE
 from lib.core.settings import HTML_DUMP_CSS_STYLE
 from lib.core.settings import IS_WIN
@@ -509,7 +510,8 @@ def dbTableValues(self, tableValues):
                 if column != "__infos__":
                     colType = Replication.INTEGER
 
-                    for value in tableValues[column]['values']:
+                    for i in xrange(min(CHECK_SQLITE_TYPE_THRESHOLD, len(tableValues[column]['values']))):
+                        value = tableValues[column]['values'][i]
                         try:
                             if not value or value == " ":  # NULL
                                 continue
@@ -522,7 +524,8 @@ def dbTableValues(self, tableValues):
                     if colType is None:
                         colType = Replication.REAL
 
-                        for value in tableValues[column]['values']:
+                        for i in xrange(min(CHECK_SQLITE_TYPE_THRESHOLD, len(tableValues[column]['values']))):
+                            value = tableValues[column]['values'][i]
                             try:
                                 if not value or value == " ":  # NULL
                                     continue
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 38fe9000cc0..9992ad947cc 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.9"
+VERSION = "1.9.12.10"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -790,6 +790,9 @@
 # Check for empty columns only if table is sufficiently large
 CHECK_ZERO_COLUMNS_THRESHOLD = 10
 
+# Threshold for checking types of columns in case of SQLite dump format
+CHECK_SQLITE_TYPE_THRESHOLD = 100
+
 # Boldify all logger messages containing these "patterns"
 BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ")