sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update for #4344

Browse Source
This commit is contained in:
Miroslav Stampar 2020-09-17 15:22:50 +02:00
parent e0ea1ab5e9
commit 3258e29cf9
2 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.4.9.13" VERSION = "1.4.9.14"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

20
tamper/sleepgetlock.py → tamper/sleep2getlock.py
View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission See the file 'LICENSE' for copying permission
""" """
from lib.core.compat import xrange
from lib.core.data import kb
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST __priority__ = PRIORITY.HIGHEST
@ -14,7 +16,7 @@ def dependencies():
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
""" """
Replaces instances like 'SLEEP(x)' with "get_lock('sqlmap',x)" Replaces instances like 'SLEEP(5)' with (e.g.) "get_lock('ETgP',5)"
Requirement: Requirement:
* MySQL * MySQL
@ -28,19 +30,11 @@ def tamper(payload, **kwargs):
* Reference: https://zhuanlan.zhihu.com/p/35245598 * Reference: https://zhuanlan.zhihu.com/p/35245598
>>> tamper('SLEEP(2)') >>> tamper('SLEEP(5)') == "get_lock('%s',5)" % kb.aliasName
"get_lock('sqlmap',2)" True
""" """
if payload and payload.find("SLEEP") > -1: if payload:
while payload.find("SLEEP(") > -1: payload = payload.replace("SLEEP(", "get_lock('%s'," % kb.aliasName)
index = payload.find("SLEEP(")
depth = 1
num = payload[index+6]
newVal = "get_lock('sqlmap',%s)" % (num)
payload = payload[:index] + newVal + payload[index+8:]
return payload return payload