Update for an Issue #806

2024-11-22 09:36:35 +03:00 · 2018-02-08 00:04:04 +01:00 · 2018-02-08 00:04:04 +01:00 · 5b99180ffe
commit 5b99180ffe
parent 061c8da36b
4 changed files with 47 additions and 5 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.2.4"
+VERSION = "1.2.2.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/tamper/overlongutf8.py
+++ b/tamper/overlongutf8.py
@ -16,8 +16,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Converts all characters in a given payload (not processing already
-    encoded)
+    Converts all (non-alphanum) characters in a given payload (not processing already encoded)

    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
--- a/tamper/overlongutf8more.py
+++ b/tamper/overlongutf8more.py
@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import string
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOWEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Converts all characters in a given payload (not processing already encoded)
+
+    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
+
+    >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
+    '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        i = 0
+
+        while i < len(payload):
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
+                retVal += payload[i:i + 3]
+                i += 3
+            else:
+                retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
+                i += 1
+
+    return retVal
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-20d4b1198a1583059a993ea7864c79c4  lib/core/settings.py
+15c5a15fc1c24170aff99c32d2bae75d  lib/core/settings.py
 d0adc28a38e43a787df4471f7f027413  lib/core/shell.py
 63491be462c515a1a3880c27c2acc4a2  lib/core/subprocessng.py
 505aaa61e1bba3c3d4567c3e667699e3  lib/core/target.py
@ -254,7 +254,8 @@ e44163d21e055805b5e55667e72f5978  tamper/modsecurityversioned.py
 f83a11d594fad3ed3291074c7b37b281  tamper/modsecurityzeroversioned.py
 abd6490408551a8c8226a32fbc2b5345  tamper/multiplespaces.py
 be757e4c9a6fb36af7b9a8c444fddb05  tamper/nonrecursivereplacement.py
-7de367954d124c29847c23909d82d92e  tamper/overlongutf8.py
+e298e486c06bb39d81f10d61a5c4ceec  tamper/overlongutf8more.py
+b9f698556f8333d9fa6eadaab44a77ab  tamper/overlongutf8.py
 bc0363e4fc04240c9f7b81e4ecce0714  tamper/percentage.py
 4fa8b6c0e7573e395330bb6a405abbaf  tamper/plus2concat.py
 5b947c6cd78eab22ee53f5f534c532d3  tamper/plus2fnconcat.py