sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 02:53:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper overlongutf8.py (Issue #806)

Browse Source
This commit is contained in:
Miroslav Stampar 2018-02-07 23:59:36 +01:00
parent a16663f9a1
commit 061c8da36b
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.2.3" VERSION = "1.2.2.4"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

5
tamper/overlongutf8.py
View File

@ -20,9 +20,10 @@ def tamper(payload, **kwargs):
encoded) encoded)
Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
>>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1' 'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'
""" """
retVal = payload retVal = payload
@ -37,7 +38,7 @@ def tamper(payload, **kwargs):
i += 3 i += 3
else: else:
if payload[i] not in (string.ascii_letters + string.digits): if payload[i] not in (string.ascii_letters + string.digits):
retVal += "%%C0%%%.2X" % (0x8A | ord(payload[i])) retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
else: else:
retVal += payload[i] retVal += payload[i]
i += 1 i += 1

4
txt/checksum.md5
View File

@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
a2aed50a1a6605d67d688b524bda5f56 lib/core/settings.py 20d4b1198a1583059a993ea7864c79c4 lib/core/settings.py
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py
@ -254,7 +254,7 @@ e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py
f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py
abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py
be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py
aca15cb5474fb0a32e517ae5e940cbd0 tamper/overlongutf8.py 7de367954d124c29847c23909d82d92e tamper/overlongutf8.py
bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py
4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py 4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py
5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py 5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py