diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 7b2a97fa3..9f0868fec 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1359,7 +1359,7 @@ def checkWaf(): conf.timeout = IDS_WAF_CHECK_TIMEOUT try: - retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO + retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] < IDS_WAF_CHECK_RATIO except SqlmapConnectionException: retVal = True finally: diff --git a/lib/core/settings.py b/lib/core/settings.py index cc1ec7e17..648531af8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.12" +VERSION = "1.2.4.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 358fa22b4..1c83c5ce7 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -770,7 +770,7 @@ class Connect(object): @staticmethod @stackedmethod - def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): + def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False): """ This method calls a function to get the target URL page content and returns its page ratio (0 <= ratio <= 1) or a boolean value @@ -817,7 +817,7 @@ class Connect(object): conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType)) if payload: - if kb.tamperFunctions: + if not disableTampering and kb.tamperFunctions: for function in kb.tamperFunctions: try: payload = function(payload=payload, headers=auxHeaders) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cb3b7f417..f45269e14 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -5084b16b037ed8d29f594f6113fe78e3 lib/controller/checks.py +56d325f83671146c28ac300ff553420f lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -16bc4ff0ccd5121f1b90016b5d759ef6 lib/core/settings.py +8a247c468eef23045b8537d4ff98d823 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -18052b8924b77eb2e772350b262aae88 lib/request/connect.py +1865164621eb94c9c231006765065c17 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py