Fixes #3762

2024-11-21 17:16:35 +03:00 · 2019-06-17 14:59:48 +02:00 · 2019-06-17 14:59:48 +02:00 · 797bc7b75f
commit 797bc7b75f
parent 8220b6264c
2 changed files with 4 additions and 2 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.6.44"
+VERSION = "1.3.6.45"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -41,6 +41,8 @@ def tamper(payload, **kwargs):
    'f()'
    >>> tamper('function()')
    'FuNcTiOn()'
+    >>> tamper('SELECT id FROM `user`')
+    'SeLeCt id FrOm `user`'
    """

    retVal = payload
@ -49,7 +51,7 @@ def tamper(payload, **kwargs):
        for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal):
            word = match.group()

-            if word.upper() in kb.keywords or ("%s(" % word) in payload:
+            if (word.upper() in kb.keywords and re.search(r"(?i)[`\"\[]%s[`\"\]]" % word, retVal) is None) or ("%s(" % word) in payload:
                while True:
                    _ = ""