diff --git a/lib/core/settings.py b/lib/core/settings.py index 3acf4423f..6186f35fc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.9.13" +VERSION = "1.4.9.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/sleepgetlock.py b/tamper/sleep2getlock.py similarity index 57% rename from tamper/sleepgetlock.py rename to tamper/sleep2getlock.py index 1aa63d334..6a8323797 100644 --- a/tamper/sleepgetlock.py +++ b/tamper/sleep2getlock.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from lib.core.compat import xrange +from lib.core.data import kb from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST @@ -14,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'SLEEP(x)' with "get_lock('sqlmap',x)" + Replaces instances like 'SLEEP(5)' with (e.g.) "get_lock('ETgP',5)" Requirement: * MySQL @@ -28,19 +30,11 @@ def tamper(payload, **kwargs): * Reference: https://zhuanlan.zhihu.com/p/35245598 - >>> tamper('SLEEP(2)') - "get_lock('sqlmap',2)" + >>> tamper('SLEEP(5)') == "get_lock('%s',5)" % kb.aliasName + True """ - if payload and payload.find("SLEEP") > -1: - while payload.find("SLEEP(") > -1: - index = payload.find("SLEEP(") - depth = 1 - - num = payload[index+6] - - newVal = "get_lock('sqlmap',%s)" % (num) - payload = payload[:index] + newVal + payload[index+8:] - + if payload: + payload = payload.replace("SLEEP(", "get_lock('%s'," % kb.aliasName) return payload