diff --git a/lib/core/settings.py b/lib/core/settings.py index 88f3320a9..92a92a449 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.6.44" +VERSION = "1.3.6.45" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/randomcase.py b/tamper/randomcase.py index b25078493..ca93286a9 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -41,6 +41,8 @@ def tamper(payload, **kwargs): 'f()' >>> tamper('function()') 'FuNcTiOn()' + >>> tamper('SELECT id FROM `user`') + 'SeLeCt id FrOm `user`' """ retVal = payload @@ -49,7 +51,7 @@ def tamper(payload, **kwargs): for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal): word = match.group() - if word.upper() in kb.keywords or ("%s(" % word) in payload: + if (word.upper() in kb.keywords and re.search(r"(?i)[`\"\[]%s[`\"\]]" % word, retVal) is None) or ("%s(" % word) in payload: while True: _ = ""