Can't work out of the box (too many unknowns)

This commit is contained in:
Miroslav Stampar 2018-10-02 14:11:26 +02:00
parent 1b6365b195
commit 03bbfdbc56
3 changed files with 2 additions and 43 deletions

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.10.2"
VERSION = "1.2.10.3"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -1,40 +0,0 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import random
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs):
"""
Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT)
Notes:
* Useful to bypass very weak custom filters
>>> random.seed(0)
>>> tamper('1 UNION SELECT 2--')
'1 UNIOUNIONN SELESELECTCT 2--'
"""
keywords = ("UNION", "SELECT", "INSERT", "UPDATE", "FROM", "WHERE")
retVal = payload
warnMsg = "currently only couple of keywords are being processed %s. " % str(keywords)
warnMsg += "You can set it manually according to your needs"
singleTimeWarnMessage(warnMsg)
if payload:
for keyword in keywords:
_ = random.randint(1, len(keyword) - 1)
retVal = re.sub(r"(?i)\b%s\b" % keyword, "%s%s%s" % (keyword[:_], keyword, keyword[_:]), retVal)
return retVal

View File

@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
501b38eaa341d98935b4fc3cecefaffc lib/core/settings.py
2f0cd79e7e10a6e137f4748a589c4c0b lib/core/settings.py
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
62bc180e3e828949ffb342a8f756c183 lib/core/target.py
@ -257,7 +257,6 @@ ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py
dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py
a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py
89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py