diff --git a/lib/core/settings.py b/lib/core/settings.py index dcfff6897..59a3fa0ba 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.1" +VERSION = "1.2.10.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/securesphere.py b/tamper/securesphere.py deleted file mode 100644 index 998a69e2c..000000000 --- a/tamper/securesphere.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -from lib.core.enums import PRIORITY - -__priority__ = PRIORITY.NORMAL - -def dependencies(): - pass - -def tamper(payload, **kwargs): - """ - Appends special crafted string for bypassing Imperva SecureSphere WAF - - Reference: - * http://seclists.org/fulldisclosure/2011/May/163 - - >>> tamper('1 AND 1=1') - "1 AND 1=1 and '0having'='0having'" - """ - - return payload + " and '0having'='0having'" if payload else payload diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py index ea34b54c9..aad77f172 100644 --- a/tamper/symboliclogical.py +++ b/tamper/symboliclogical.py @@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission """ import re +import urllib from lib.core.enums import PRIORITY @@ -25,6 +26,6 @@ def tamper(payload, **kwargs): retVal = payload if payload: - retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload)) + retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload)) return retVal diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index b6419e74d..84746e9eb 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -25,7 +25,7 @@ def tamper(payload, **kwargs): * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string >>> tamper("1' AND 1=1") - '1%bf%27-- ' + '1%bf%27-- -' """ retVal = payload @@ -46,7 +46,7 @@ def tamper(payload, **kwargs): _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal) if _ != retVal: retVal = _ - retVal += "-- " + retVal += "-- -" elif not any(_ in retVal for _ in ('#', '--', '/*')): - retVal += "-- " + retVal += "-- -" return retVal diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index e14b49092..b0c8d8595 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -14,8 +14,10 @@ def dependencies(): def randomIP(): numbers = [] + while not numbers or numbers[0] in (10, 172, 192): numbers = sample(xrange(1, 255), 4) + return '.'.join(str(_) for _ in numbers) def tamper(payload, **kwargs): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 428403d53..a49cf03c9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5f2410ec4abd6170ac6244321a959323 lib/core/settings.py +501b38eaa341d98935b4fc3cecefaffc lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -265,7 +265,6 @@ a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py 759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py 078494e1217400b485ef653108d32699 tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py -938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py 7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py @@ -278,14 +277,14 @@ b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py 72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py 93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py -041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py +690eb5200c9e61e54cd8952edaefda23 tamper/symboliclogical.py 6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py -51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py +0a7e97374019321ffc606d41535f26d6 tamper/unmagicquotes.py cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py -bb87c2c0ec66927015c9709aaaf93561 tamper/xforwardedfor.py +d8279aa1633e2485ed751eb0361d1c8e tamper/xforwardedfor.py 1ebf563bb2cb18b68ea952418bba0ec5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py