diff --git a/lib/core/settings.py b/lib/core/settings.py index 91cde6c40..e8dccade6 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.0.11.16" +VERSION = "1.0.12.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py new file mode 100644 index 000000000..1db19708d --- /dev/null +++ b/tamper/plus2concat.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +from lib.core.common import zeroDepthSearch +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.HIGHEST + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + Replaces plus ('+') character with function CONCAT() + + Tested against: + * Microsoft SQL Server 2012 + + Requirements: + * Microsoft SQL Server 2012+ + + Notes: + * Useful in case ('+') character is filtered + + >>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL') + 'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL' + """ + + retVal = payload + + if payload: + while True: + indexes = zeroDepthSearch(retVal, '+') + if indexes: + first, last = 0, 0 + for i in xrange(1, len(indexes)): + if ' ' in retVal[indexes[0]:indexes[i]]: + break + else: + last = i + + start = retVal[:indexes[first]].rfind(' ') + 1 + end = (retVal[indexes[last] + 1:].find(' ') + indexes[last] + 1) if ' ' in retVal[indexes[last] + 1:] else len(retVal) - 1 + + chars = [char for char in retVal] + for index in indexes[first:last + 1]: + chars[index] = ',' + + retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:]) + else: + break + + return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 187159926..8ecd69050 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -7f04f7e55179f45470b137dbb15657c6 lib/core/settings.py +079c062fb2fa5b45e2dbbf25323bc48a lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py @@ -252,6 +252,7 @@ c16c3ed0ce302034d99ee0b8f34fbd0b tamper/modsecurityzeroversioned.py e65ff0680df2fc89444ec5953bb2f161 tamper/nonrecursivereplacement.py 6780d738236ac200d230c4cb497bd1a2 tamper/overlongutf8.py 3f05d5218b22280adcd91fe53830bcb4 tamper/percentage.py +9741ad2359382dc8673189224995a5f7 tamper/plus2concat.py 7a93f510f231278897650da1c7d13b23 tamper/randomcase.py 34c255f3bca6d5fee2dfb18ed86d406f tamper/randomcomments.py f5e9eb84d4c5e9a19fe7154a8aebe13d tamper/securesphere.py