From 061c8da36b6208016a3091aba78b34f71ed1f5eb Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 7 Feb 2018 23:59:36 +0100
Subject: [PATCH] Proper overlongutf8.py (Issue #806)

---
 lib/core/settings.py   | 2 +-
 tamper/overlongutf8.py | 5 +++--
 txt/checksum.md5       | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 7de454f7f..b1db0ebcc 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.2.3"
+VERSION = "1.2.2.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py
index a8a9da412..6fc4a9081 100644
--- a/tamper/overlongutf8.py
+++ b/tamper/overlongutf8.py
@@ -20,9 +20,10 @@ def tamper(payload, **kwargs):
     encoded)
 
     Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
 
     >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
-    'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'
+    'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'
     """
 
     retVal = payload
@@ -37,7 +38,7 @@ def tamper(payload, **kwargs):
                 i += 3
             else:
                 if payload[i] not in (string.ascii_letters + string.digits):
-                    retVal += "%%C0%%%.2X" % (0x8A | ord(payload[i]))
+                    retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
                 else:
                     retVal += payload[i]
                 i += 1
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 2e4cd3df5..8cbdc1bda 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-a2aed50a1a6605d67d688b524bda5f56  lib/core/settings.py
+20d4b1198a1583059a993ea7864c79c4  lib/core/settings.py
 d0adc28a38e43a787df4471f7f027413  lib/core/shell.py
 63491be462c515a1a3880c27c2acc4a2  lib/core/subprocessng.py
 505aaa61e1bba3c3d4567c3e667699e3  lib/core/target.py
@@ -254,7 +254,7 @@ e44163d21e055805b5e55667e72f5978  tamper/modsecurityversioned.py
 f83a11d594fad3ed3291074c7b37b281  tamper/modsecurityzeroversioned.py
 abd6490408551a8c8226a32fbc2b5345  tamper/multiplespaces.py
 be757e4c9a6fb36af7b9a8c444fddb05  tamper/nonrecursivereplacement.py
-aca15cb5474fb0a32e517ae5e940cbd0  tamper/overlongutf8.py
+7de367954d124c29847c23909d82d92e  tamper/overlongutf8.py
 bc0363e4fc04240c9f7b81e4ecce0714  tamper/percentage.py
 4fa8b6c0e7573e395330bb6a405abbaf  tamper/plus2concat.py
 5b947c6cd78eab22ee53f5f534c532d3  tamper/plus2fnconcat.py