From 9ba4da8820a5b6f7bd96126659833fe555b55030 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 28 Feb 2019 02:23:14 +0100 Subject: [PATCH] Implements #3500 --- lib/core/common.py | 6 ++++++ lib/core/settings.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 969f483cf..11913f013 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -147,6 +147,7 @@ from lib.core.settings import PRINTABLE_CHAR_REGEX from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS from lib.core.settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT from lib.core.settings import PYVERSION +from lib.core.settings import RANDOMIZATION_TLDS from lib.core.settings import REFERER_ALIASES from lib.core.settings import REFLECTED_BORDER_REGEX from lib.core.settings import REFLECTED_MAX_REGEX_PARTS @@ -3941,6 +3942,11 @@ def randomizeParameterValue(value): retVal = retVal.replace(original, candidate) + if re.match(r"\A[^@]+@.+\.[a-z]+\Z", value): + parts = retVal.split('.') + parts[-1] = random.sample(RANDOMIZATION_TLDS, 1)[0] + retVal = '.'.join(parts) + return retVal @cachedmethod diff --git a/lib/core/settings.py b/lib/core/settings.py index 4554ee420..177298c79 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.2.31" +VERSION = "1.3.2.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -680,6 +680,9 @@ CHECK_ZERO_COLUMNS_THRESHOLD = 10 # Boldify all logger messages containing these "patterns" BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED") +# TLDs used in randomization of email-alike parameter values +RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe") + # Generic www root directory names GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 33ea99f8a..e5a195ef7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -30,7 +30,7 @@ c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py ed7874be0d2d3802f3d20184f2b280d5 lib/core/agent.py a932126e7d80e545c5d44af178d0bc0c lib/core/bigarray.py -4155b780398de5971f1b7b23b08f80d3 lib/core/common.py +fa9741a9a530283e0071ada4ef54917e lib/core/common.py de8d27ae6241163ff9e97aa9e7c51a18 lib/core/convert.py abcb1121eb56d3401839d14e8ed06b6e lib/core/data.py 00828c4455321b6987e3f882f4ef4f92 lib/core/datatype.py @@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -c84b0e1b41b6bb971d554a21838a4551 lib/core/settings.py +e5ff2d732c840830f7b34635966f4727 lib/core/settings.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 43772ea73e9e3d446f782af591cb4eda lib/core/target.py