From ef8530af5ba25fa61b9753c9f1396d7baa73c2d2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 22 Jan 2019 11:08:57 +0100 Subject: [PATCH] Fixing mess with template payloads and URI/JSON/XML/custom cases --- lib/controller/checks.py | 9 ++++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index a8343a214..cea5a4652 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -426,11 +426,14 @@ def checkSqlInjection(place, parameter, value): templatePayload = None vector = None + origValue = value + if kb.customInjectionMark in origValue: + origValue = origValue.split(kb.customInjectionMark)[0] + origValue = re.search(r"(\w*)\Z", origValue).group(1) + # Threat the parameter original value according to the # test's tag if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix: - origValue = value - if kb.tamperFunctions: templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where) elif where == PAYLOAD.WHERE.NEGATIVE: @@ -440,7 +443,7 @@ def checkSqlInjection(place, parameter, value): if conf.invalidLogical: _ = int(kb.data.randomInt[:2]) - origValue = "%s AND %s LIKE %s" % (value, _, _ + 1) + origValue = "%s AND %s LIKE %s" % (origValue, _, _ + 1) elif conf.invalidBignum: origValue = kb.data.randomInt[:6] elif conf.invalidString: diff --git a/lib/core/settings.py b/lib/core/settings.py index 5b89cb62b..920fc29f8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.1.68" +VERSION = "1.3.1.69" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2f7fd7b9a..fb79246dd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,7 +23,7 @@ fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py -11132dd6114b3f76922bb36cff16eceb lib/controller/checks.py +9f12e798cb9b194a61f8e278c689fb22 lib/controller/checks.py b37a93767459162b30798bd9732a12a3 lib/controller/controller.py c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py @@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -83f405c564cb10f99610ae30bbbbcf70 lib/core/settings.py +9485ff3bee749146260aebe26c903a21 lib/core/settings.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py