mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-04-06 02:04:17 +03:00
Implements #3834
This commit is contained in:
parent
bd1ea4fd73
commit
0bc5069042
|
@ -4868,6 +4868,8 @@ def zeroDepthSearch(expression, value):
|
|||
|
||||
>>> _ = "SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL"; _[zeroDepthSearch(_, "FROM")[0]:]
|
||||
'FROM DUAL'
|
||||
>>> _ = "a(b; c),d;e"; _[zeroDepthSearch(_, "[;, ]")[0]:]
|
||||
',d;e'
|
||||
"""
|
||||
|
||||
retVal = []
|
||||
|
@ -4878,8 +4880,13 @@ def zeroDepthSearch(expression, value):
|
|||
depth += 1
|
||||
elif expression[index] == ')':
|
||||
depth -= 1
|
||||
elif depth == 0 and expression[index:index + len(value)] == value:
|
||||
retVal.append(index)
|
||||
elif depth == 0:
|
||||
found = False
|
||||
if value.startswith('[') and value.endswith(']'):
|
||||
if re.search(value, expression[index:index + 1]):
|
||||
retVal.append(index)
|
||||
elif expression[index:index + len(value)] == value:
|
||||
retVal.append(index)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -1583,8 +1583,17 @@ def _cleanupOptions():
|
|||
conf.user = conf.user.replace(" ", "")
|
||||
|
||||
if conf.rParam:
|
||||
conf.rParam = conf.rParam.replace(" ", "")
|
||||
conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)
|
||||
if all(_ in conf.rParam for _ in ('=', ',')):
|
||||
original = conf.rParam
|
||||
conf.rParam = []
|
||||
for part in original.split(';'):
|
||||
if '=' in part:
|
||||
left, right = part.split('=', 1)
|
||||
conf.rParam.append(left)
|
||||
kb.randomPool[left] = filterNone(_.strip() for _ in right.split(','))
|
||||
else:
|
||||
conf.rParam = conf.rParam.replace(" ", "")
|
||||
conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)
|
||||
else:
|
||||
conf.rParam = []
|
||||
|
||||
|
@ -1946,6 +1955,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.processUserMarks = None
|
||||
kb.proxyAuthHeader = None
|
||||
kb.queryCounter = 0
|
||||
kb.randomPool = {}
|
||||
kb.redirectChoice = None
|
||||
kb.reflectiveMechanism = True
|
||||
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0}
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.7.36"
|
||||
VERSION = "1.3.7.37"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import binascii
|
||||
import logging
|
||||
import random
|
||||
import re
|
||||
import socket
|
||||
import string
|
||||
|
@ -1102,7 +1103,8 @@ class Connect(object):
|
|||
match = re.search(r"(\A|\b)%s=(?P<value>[^&;]*)" % re.escape(randomParameter), paramString)
|
||||
if match:
|
||||
origValue = match.group("value")
|
||||
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
|
||||
newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]
|
||||
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, newValue), paramString)
|
||||
return retVal
|
||||
|
||||
for randomParameter in conf.rParam:
|
||||
|
|
Loading…
Reference in New Issue
Block a user