diff --git a/lib/core/settings.py b/lib/core/settings.py index b1db0ebcc..b3eb93948 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.4" +VERSION = "1.2.2.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 6fc4a9081..70d5ff76b 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Converts all characters in a given payload (not processing already - encoded) + Converts all (non-alphanum) characters in a given payload (not processing already encoded) Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py new file mode 100644 index 000000000..3d8a8753c --- /dev/null +++ b/tamper/overlongutf8more.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import string + +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.LOWEST + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + Converts all characters in a given payload (not processing already encoded) + + Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + + >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') + '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1' + """ + + retVal = payload + + if payload: + retVal = "" + i = 0 + + while i < len(payload): + if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: + retVal += payload[i:i + 3] + i += 3 + else: + retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f)) + i += 1 + + return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8cbdc1bda..2a2a5ab74 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -20d4b1198a1583059a993ea7864c79c4 lib/core/settings.py +15c5a15fc1c24170aff99c32d2bae75d lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -254,7 +254,8 @@ e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -7de367954d124c29847c23909d82d92e tamper/overlongutf8.py +e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py +b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py 4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py 5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py