Minor cleanup

2024-11-22 01:26:42 +03:00 · 2018-10-02 14:07:14 +02:00 · 2018-10-02 14:07:14 +02:00 · 1b6365b195
commit 1b6365b195
parent d38a0542d8
6 changed files with 12 additions and 36 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.10.1"
+VERSION = "1.2.10.2"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/tamper/securesphere.py
+++ b/tamper/securesphere.py
@ -1,26 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
-See the file 'LICENSE' for copying permission
-"""
-
-from lib.core.enums import PRIORITY
-
-__priority__ = PRIORITY.NORMAL
-
-def dependencies():
-    pass
-
-def tamper(payload, **kwargs):
-    """
-    Appends special crafted string for bypassing Imperva SecureSphere WAF
-
-    Reference:
-        * http://seclists.org/fulldisclosure/2011/May/163
-
-    >>> tamper('1 AND 1=1')
-    "1 AND 1=1 and '0having'='0having'"
-    """
-
-    return payload + " and '0having'='0having'" if payload else payload
--- a/tamper/symboliclogical.py
+++ b/tamper/symboliclogical.py
@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission
 """

 import re
+import urllib

 from lib.core.enums import PRIORITY

@ -25,6 +26,6 @@ def tamper(payload, **kwargs):
    retVal = payload

    if payload:
-        retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload))
+        retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload))

    return retVal
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@ -25,7 +25,7 @@ def tamper(payload, **kwargs):
        * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

    >>> tamper("1' AND 1=1")
-    '1%bf%27-- '
+    '1%bf%27-- -'
    """

    retVal = payload
@ -46,7 +46,7 @@ def tamper(payload, **kwargs):
            _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
            if _ != retVal:
                retVal = _
-                retVal += "-- "
+                retVal += "-- -"
            elif not any(_ in retVal for _ in ('#', '--', '/*')):
-                retVal += "-- "
+                retVal += "-- -"
    return retVal
--- a/tamper/xforwardedfor.py
+++ b/tamper/xforwardedfor.py
@ -14,8 +14,10 @@ def dependencies():

 def randomIP():
    numbers = []
+
    while not numbers or numbers[0] in (10, 172, 192):
        numbers = sample(xrange(1, 255), 4)
+
    return '.'.join(str(_) for _ in numbers)

 def tamper(payload, **kwargs):
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-5f2410ec4abd6170ac6244321a959323  lib/core/settings.py
+501b38eaa341d98935b4fc3cecefaffc  lib/core/settings.py
 dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 62bc180e3e828949ffb342a8f756c183  lib/core/target.py
@ -265,7 +265,6 @@ a47aafcbc1de2deb85160e29de46f748  tamper/plus2concat.py
 759b86cf3bb1d7871dc6489538253f94  tamper/plus2fnconcat.py
 078494e1217400b485ef653108d32699  tamper/randomcase.py
 28626e4b8c673228dcfe4f1627a9e08b  tamper/randomcomments.py
-938bfac6e55a8823e4a66cd29166d980  tamper/securesphere.py
 cac8a56f8cc6c14524ee392daa5ae2fd  tamper/space2comment.py
 4e6da2aca962b6110652e5f83dce5cd7  tamper/space2dash.py
 7cdbae483262f66ef5d77521c59d9621  tamper/space2hash.py
@ -278,14 +277,14 @@ b55ed15af74ffefc4dc303646c7c6482  tamper/space2mssqlblank.py
 72a547bc3bf32dba0d1c3093988df8af  tamper/space2plus.py
 a74cd6375c5d5d253e2e7014b00ecd33  tamper/space2randomblank.py
 93fc10b57586936cef05e88227c84ad0  tamper/sp_password.py
-041cb567dff6bb6e7389e12ab3fb84c6  tamper/symboliclogical.py
+690eb5200c9e61e54cd8952edaefda23  tamper/symboliclogical.py
 6679c4ffb7322315a738dcfa68c6fb7c  tamper/unionalltounion.py
-51d20b5cb5a50fc2e44d39087f865d23  tamper/unmagicquotes.py
+0a7e97374019321ffc606d41535f26d6  tamper/unmagicquotes.py
 cc212839f55692d422beef3a8e22a8d4  tamper/uppercase.py
 f2b9eac52d346315f5705f71beeda791  tamper/varnish.py
 0e40966a51d1eb5d42a2159d2015a8a4  tamper/versionedkeywords.py
 0fba004bf1be6edbefbda89f23f4e518  tamper/versionedmorekeywords.py
-bb87c2c0ec66927015c9709aaaf93561  tamper/xforwardedfor.py
+d8279aa1633e2485ed751eb0361d1c8e  tamper/xforwardedfor.py
 1ebf563bb2cb18b68ea952418bba0ec5  thirdparty/ansistrm/ansistrm.py
 d41d8cd98f00b204e9800998ecf8427e  thirdparty/ansistrm/__init__.py
 8e775c25bc9e84891ad6fcb4f0005c23  thirdparty/beautifulsoup/beautifulsoup.py