Merge branch 'master' of github.com:sqlmapproject/sqlmap

lib/core/common.py

@@ -1360,7 +1360,7 @@ def normalizePath(filepath):
     retVal = filepath
 
     if retVal:
-        retVal = retVal.strip("\r").strip("\n")
+        retVal = retVal.strip("\r\n")
         retVal = ntpath.normpath(retVal) if isWindowsDriveLetterPath(retVal) else posixpath.normpath(retVal)
 
     return retVal

lib/core/option.py

@@ -916,7 +916,7 @@ def _setDNSCache():
 
 def _setHTTPProxy():
     """
-    Check and set the HTTP proxy to pass by all HTTP requests.
+    Check and set the HTTP/SOCKS proxy for all HTTP requests.
     """
 
     global proxyHandler
@@ -927,7 +927,7 @@ def _setHTTPProxy():
 
         return
 
-    debugMsg = "setting the HTTP/SOCKS proxy to pass by all HTTP requests"
+    debugMsg = "setting the HTTP/SOCKS proxy for all HTTP requests"
     logger.debug(debugMsg)
 
     proxySplit = urlparse.urlsplit(conf.proxy)
@@ -1376,7 +1376,7 @@ def _cleanupOptions():
         if not any([char in conf.testFilter for char in ('.', ')', '(', ']', '[')]):
             conf.testFilter = conf.testFilter.replace('*', '.*')
 
-    if conf.timeSec not in kb.explicitSettings:
+    if "timeSec" not in kb.explicitSettings:
         if conf.tor:
             conf.timeSec = 2 * conf.timeSec
             kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE

plugins/generic/filesystem.py

@@ -65,7 +65,7 @@ class Filesystem:
                 if localFileSize == remoteFileSize:
                     sameFile = True
                     infoMsg = "the local file %s and the remote file " % localFile
-                    infoMsg += "%s have the same size" % remoteFile
+                    infoMsg += "%s has the same size" % remoteFile
                 elif remoteFileSize > localFileSize:
                     infoMsg = "the remote file %s is larger than " % remoteFile
                     infoMsg += "the local file %s" % localFile

tamper/between.py

@@ -38,29 +38,10 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        retVal = ""
-        quote, doublequote, firstspace = False, False, False
+        match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload)
 
-        for i in xrange(len(payload)):
-            if not firstspace:
-                if payload[i].isspace():
-                    firstspace = True
-                    retVal += " "
-                    continue
-
-            elif payload[i] == '\'':
-                quote = not quote
-
-            elif payload[i] == '"':
-                doublequote = not doublequote
-
-            elif payload[i] == ">" and not doublequote and not quote:
-                retVal += " " if i > 0 and not payload[i - 1].isspace() else ""
-                retVal += "NOT BETWEEN %s AND" % ('0' if re.search(r"\A[^\w]*\d", payload[i + 1:]) else "NULL")
-                retVal += " " if i < len(payload) - 1 and not payload[i + 1:i + 2].isspace() else ""
-
-                continue
-
-            retVal += payload[i]
+        if match:
+            _ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5))
+            retVal = retVal.replace(match.group(0), _)
 
     return retVal

xml/queries.xml

@@ -19,7 +19,7 @@
         <concatenate query="CONCAT(%s,%s)"/>
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
         <hex query="HEX(%s)"/>
-        <inference query="ORD(MID((%s),%d,1)) > %d"/>
+        <inference query="ORD(MID((%s),%d,1))>%d"/>
         <banner query="VERSION()"/>
         <current_user query="CURRENT_USER()"/>
         <current_db query="DATABASE()"/>
@@ -87,7 +87,7 @@
         <concatenate query="%s||%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
         <hex query="ENCODE(CONVERT_TO((%s),'UTF8'),'HEX')"/>
-        <inference query="ASCII(SUBSTR((%s)::text,%d,1)) > %d"/>
+        <inference query="ASCII(SUBSTR((%s)::text,%d,1))>%d"/>
         <banner query="VERSION()"/>
         <current_user query="CURRENT_USER"/>
         <current_db query="CURRENT_DATABASE()"/>
@@ -155,7 +155,7 @@
         <concatenate query="%s+%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
         <hex query="master.sys.fn_varbintohexstr(CAST(%s AS VARBINARY(MAX)))"/>
-        <inference query="UNICODE(SUBSTRING((%s),%d,1)) > %d"/>
+        <inference query="UNICODE(SUBSTRING((%s),%d,1))>%d"/>
         <banner query="SELECT @@VERSION"/>
         <current_user query="SELECT SYSTEM_USER"/>
         <current_db query="SELECT DB_NAME()"/>
@@ -221,7 +221,7 @@
         <concatenate query="%s||%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
         <hex query="RAWTOHEX(%s)"/>
-        <inference query="ASCII(SUBSTRC((%s),%d,1)) > %d"/>
+        <inference query="ASCII(SUBSTRC((%s),%d,1))>%d"/>
         <banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
         <current_user query="SELECT USER FROM DUAL"/>
         <!--
@@ -310,7 +310,7 @@
         <concatenate query="%s||%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
         <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1) > '%c'"/>
+        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
         <banner query="SELECT SQLITE_VERSION()"/>
         <current_user/>
         <current_db/>
@@ -359,7 +359,7 @@
         <substring query="MID((%s),%d,%d)"/>
         <concatenate query="%s&amp;%s"/>
         <case query="SELECT (IIF(%s,1,0))"/>
-        <inference query="ASCW(MID((%s),%d,1)) > %d"/>
+        <inference query="ASCW(MID((%s),%d,1))>%d"/>
         <banner/>
         <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
         <current_user/>
@@ -401,7 +401,7 @@
         <substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
         <concatenate query="%s||%s"/>
         <case query="SELECT IIF(%s,1,0)"/>
-        <inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version="&gt;=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
+        <inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1))>%d" dbms_version="&gt;=2.1" query2="SUBSTRING((%s) FROM %d FOR 1)>'%c'"/>
         <banner query="SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE" dbms_version="&gt;=2.1"/>
         <current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
         <current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
@@ -457,7 +457,7 @@
         <concatenate query="CONCAT(%s,%s)"/>
         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
         <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1) > '%c'"/>
+        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
         <banner query="SELECT ID FROM SYSINFO.VERSION"/>
         <current_user query="SELECT USER() FROM DUAL"/>
         <current_db query="SELECT DATABASE() FROM DUAL"/>
@@ -507,7 +507,7 @@
         <concatenate query="%s+%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
         <hex query="BINTOSTR(CONVERT(VARBINARY,%s))"/>
-        <inference query="ASCII(SUBSTRING((%s),%d,1)) > %d"/>
+        <inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
         <banner query="SELECT @@VERSION"/>
         <current_user query="SELECT SUSER_NAME()"/>
         <current_db query="SELECT DB_NAME()"/>
@@ -576,7 +576,7 @@
         <concatenate query="%s||%s"/>
         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/>
         <hex query="HEX(%s)"/>
-        <inference query="SUBSTR((%s),%d,1) > '%c'"/>
+        <inference query="SUBSTR((%s),%d,1)>'%c'"/>
         <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
         <banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS foobar WHERE LIMIT=1"/>
         <current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>