First commit related to the #3108

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.7.26"
+VERSION = "1.2.7.27"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

tamper/apostrophemask.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character with its UTF-8 full width counterpart
+    Replaces apostrophe character (') with its UTF-8 full width counterpart
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

tamper/apostrophenullencode.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character with its illegal double unicode counterpart
+    Replaces apostrophe character (') with its illegal double unicode counterpart
 
     >>> tamper("1 AND '1'='1")
     '1 AND %00%271%00%27=%00%271'

tamper/appendnullbyte.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends encoded NULL byte character at the end of payload
+    Appends encoded NULL byte character (%00) at the end of payload
 
     Requirement:
         * Microsoft Access

tamper/between.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
+    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
-    Replaces equals operator ('=') with 'BETWEEN # AND #'
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/chardoubleencode.py

@@ -16,13 +16,10 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Double url-encodes all characters in a given payload (not processing
+    Double URL-encodes all characters in a given payload (not processing already encoded)
-    already encoded)
 
     Notes:
-        * Useful to bypass some weak web application firewalls that do not
+        * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
-          double url-decode the request before processing it through their
-          ruleset
 
     >>> tamper('SELECT FIELD FROM%20TABLE')
     '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

tamper/charencode.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Url-encodes all characters in a given payload (not processing already
+    URL-encodes all characters in a given payload (not processing already encoded)
-    encoded)
 
     Tested against:
         * Microsoft SQL Server 2005
@@ -26,10 +25,8 @@ def tamper(payload, **kwargs):
         * PostgreSQL 8.3, 8.4, 9.0
 
     Notes:
-        * Useful to bypass very weak web application firewalls that do not
+        * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset
-          url-decode the request before processing it through their ruleset
+        * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS
-        * The web server will anyway pass the url-decoded version behind,
-          hence it should work against any DBMS
 
     >>> tamper('SELECT FIELD FROM%20TABLE')
     '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

tamper/charunicodeencode.py

@@ -18,8 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Unicode-url-encodes non-encoded characters in a given payload (not
+    Unicode-URL-encodes all characters in a given payload (not processing already encoded)
-    processing already encoded)
 
     Requirement:
         * ASP
@@ -32,9 +31,7 @@ def tamper(payload, **kwargs):
         * PostgreSQL 9.0.3
 
     Notes:
-        * Useful to bypass weak web application firewalls that do not
+        * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset
-          unicode url-decode the request before processing it through their
-          ruleset
 
     >>> tamper('SELECT FIELD%20FROM TABLE')
     '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

tamper/charunicodeescape.py

@@ -13,8 +13,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Unicode-escapes non-encoded characters in a given payload (not
+    Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
-    processing already encoded)
 
     Notes:
         * Useful to bypass weak filtering and/or WAFs in JSON contexes

tamper/commalesslimit.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
+    Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
 
     Requirement:
         * MySQL

tamper/commalessmid.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'
+    Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart
 
     Requirement:
         * MySQL

tamper/commentbeforeparentheses.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Prepends (inline) comment before parentheses
+    Prepends (inline) comment before parentheses (e.g. ( -> /**/()
 
     Tested against:
         * Microsoft SQL Server

tamper/concat2concatws.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'
+    Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
 
     Requirement:
         * MySQL

tamper/equaltolike.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces all occurrences of operator equal ('=') with operator 'LIKE'
+    Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/escapequotes.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Slash escape quotes (' and ")
+    Slash escape single and double quotes (e.g. ' -> \')
 
     >>> tamper('1" AND SLEEP(5)#')
     '1\\\\" AND SLEEP(5)#'

tamper/halfversionedmorekeywords.py

@@ -21,7 +21,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds versioned MySQL comment before each keyword
+    Adds (MySQL) versioned comment before each keyword
 
     Requirement:
         * MySQL < 5.1

tamper/htmlencode.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    HTML encode (using code points) all non-alphanumeric characters
+    HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
 
     >>> tamper("1' AND SLEEP(5)#")
     '1' AND SLEEP(5)#'

tamper/informationschemacomment.py

@@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier
+    Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
 
     >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
     'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'

tamper/modsecurityversioned.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Embraces complete query with versioned comment
+    Embraces complete query with (MySQL) versioned comment
 
     Requirement:
         * MySQL

tamper/modsecurityzeroversioned.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Embraces complete query with zero-versioned comment
+    Embraces complete query with (MySQL) zero-versioned comment
 
     Requirement:
         * MySQL

tamper/multiplespaces.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds multiple spaces around SQL keywords
+    Adds multiple spaces (' ') around SQL keywords
 
     Notes:
         * Useful to bypass very weak and bespoke web application firewalls

tamper/nonrecursivereplacement.py

@@ -15,8 +15,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload, **kwargs):
     """
-    Replaces predefined SQL keywords with representations
+    Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT)
-    suitable for replacement (e.g. .replace("SELECT", "")) filters
 
     Notes:
         * Useful to bypass very weak custom filters

tamper/overlongutf8.py

@@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
     """
     Converts all (non-alphanum) characters in a given payload (not processing already encoded)
 
-    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+    Reference:
-    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
+        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
 
     >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
     'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'

tamper/overlongutf8more.py

@@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
     """
     Converts all characters in a given payload (not processing already encoded)
 
-    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+    Reference:
-    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
+        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
 
     >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
     '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1'

tamper/plus2concat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus ('+') character with function CONCAT()
+    Replaces plus operator ('+') with (MsSQL) function CONCAT()
 
     Tested against:
         * Microsoft SQL Server 2012

tamper/plus2fnconcat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus ('+') character with ODBC function {fn CONCAT()}
+    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
 
     Tested against:
         * Microsoft SQL Server 2008

tamper/randomcomments.py

@@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW
 
 def tamper(payload, **kwargs):
     """
-    Add random comments to SQL keywords
+    Add random inline comments inside SQL keywords
 
     >>> import random
     >>> random.seed(0)

tamper/securesphere.py

@@ -14,11 +14,10 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends special crafted string
+    Appends special crafted string for bypassing Imperva SecureSphere WAF
 
-    Notes:
+    Reference:
-        * Useful for bypassing Imperva SecureSphere WAF
+        * http://seclists.org/fulldisclosure/2011/May/163
-        * Reference: http://seclists.org/fulldisclosure/2011/May/163
 
     >>> tamper('1 AND 1=1')
     "1 AND 1=1 and '0having'='0having'"

tamper/sp_password.py

@@ -11,7 +11,7 @@ __priority__ = PRIORITY.HIGH
 
 def tamper(payload, **kwargs):
     """
-    Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
+    Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
 
     Requirement:
         * MSSQL

tamper/space2plus.py

@@ -17,8 +17,7 @@ def tamper(payload, **kwargs):
     Replaces space character (' ') with plus ('+')
 
     Notes:
-        * Is this any useful? The plus get's url-encoded by sqlmap engine
+        * Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards
-          invalidating the query afterwards
         * This tamper script works against all databases
 
     >>> tamper('SELECT id FROM users')

tamper/unmagicquotes.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces quote character (') with a multi-byte combo %bf%27 together with
+    Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work)
-    generic comment at the end (to make it work)
 
     Notes:
         * Useful for bypassing magic_quotes/addslashes feature

txt/checksum.md5

@@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-08a55a677bb2cd0da088110f81cf529b  lib/core/settings.py
+ec2adffae2982c11332c573fe4e68d6d  lib/core/settings.py
 dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 12bed9603b6fba3e5ffda11d584bc449  lib/core/target.py
@@ -228,43 +228,43 @@ ec2ba8c757ac96425dcd2b97970edd3a  shell/stagers/stager.asp_
 4eaeef94314956e4517e5310a28d579a  sqlmapapi.py
 a35b5b83c12841fdf3925190c9d24299  sqlmap.py
 523dab9e1093eb59264c6beb366b255a  tamper/0x2char.py
-4c3b8a7daa4bff52e01d4168be0eedbe  tamper/apostrophemask.py
+4e6956958ef8135cd543d7a57f2e73ff  tamper/apostrophemask.py
-4115a55b8aba464723d645b7d3156b6e  tamper/apostrophenullencode.py
+7c838eadd96b20800ba0bd394f5014f0  tamper/apostrophenullencode.py
-d7e9a979eff4d7315d804a181e66fc93  tamper/appendnullbyte.py
+0d7e8a3a0e17c92d51c49415884a47c9  tamper/appendnullbyte.py
 0298d81e9dfac7ff18a5236c0f1d84b6  tamper/base64encode.py
-9a3da4aa7b220448aa3ecbb92f68330f  tamper/between.py
+e77a89b2af931a1820f6ba4b86d19cd4  tamper/between.py
 e1d2329adc6ca89828a2eaec2951806c  tamper/bluecoat.py
-e3cdf13caedb4682bee3ff8fac103606  tamper/chardoubleencode.py
+1807417f8a7fc0bb30c36ead458da0c8  tamper/chardoubleencode.py
-3b2f68476fbcf8223199e8dd4ec14b64  tamper/charencode.py
+043c97c7b214335838a6bb15eeedcba3  tamper/charencode.py
-b502023ac6c48e49e652ba524b8e18cc  tamper/charunicodeencode.py
+0c0d0e5d0caf4258a75112ab59fa3e75  tamper/charunicodeencode.py
-2c2b38974dc773568de7e7d771d7042c  tamper/charunicodeescape.py
+18b2ca09390686f895c3bbd6460ac034  tamper/charunicodeescape.py
-6a395de07b60f47d9474ace0a98c160f  tamper/commalesslimit.py
+6c618b9310ed5c8de93c927e920b1d31  tamper/commalesslimit.py
-211bb8fa36a6ecb42b719c951c362851  tamper/commalessmid.py
+50f6532870d2e109bf46468e8d3ded49  tamper/commalessmid.py
-6082358eb328d1cdd4587e73c95bbefc  tamper/commentbeforeparentheses.py
+4951fec0a1af043e4b9c0728882d3452  tamper/commentbeforeparentheses.py
-334e4a2485b3a1bbc1734823b93ea694  tamper/concat2concatws.py
+376dc1203bfcd88380d902d36e7e0c5a  tamper/concat2concatws.py
-dcdc433fe946f1b9005bcd427a951dd6  tamper/equaltolike.py
+6c882baf74213f401841968c04ce5e42  tamper/equaltolike.py
-06df880df5d8749963f5562f60fd1637  tamper/escapequotes.py
+22ab48f5b8ca449ac651637016be4369  tamper/escapequotes.py
 4393cc5220d2e39c5c9c5a9af4e2635d  tamper/greatest.py
-25ec62158d3e289bda8a04c8b65686ba  tamper/halfversionedmorekeywords.py
+6124bc647bfa04f2b16ff8cad98382d4  tamper/halfversionedmorekeywords.py
-9d8c350cbb90d4b21ec9c9db184a213a  tamper/htmlencode.py
+ef0639557a79e57b06296c4bc223ebef  tamper/htmlencode.py
 3f79551baf811ff70b2ba8795a2064be  tamper/ifnull2casewhenisnull.py
 e2c2b6a67546b36983a72f129a817ec0  tamper/ifnull2ifisnull.py
-21665e68ef9f91b2395e81d2f341412d  tamper/informationschemacomment.py
+4615cbeff722583e7ab3dbe774e38c93  tamper/informationschemacomment.py
 1e5532ede194ac9c083891c2f02bca93  tamper/__init__.py
 2dc49bcd6c55f4e2322b07fa92685356  tamper/least.py
 1834b5409c449d2ea1b70a5038fed9eb  tamper/lowercase.py
-de4c83d33968a0cbf00cdfd8d35deddc  tamper/modsecurityversioned.py
+1c4d622d1c2c77fc3db1f8b3849467ee  tamper/modsecurityversioned.py
-39981d5d6cb84aca950458739102bb07  tamper/modsecurityzeroversioned.py
+f177a624c2cd3431c433769c6eb995e7  tamper/modsecurityzeroversioned.py
-5ee5147612ebe4769a67a8e2305d62f7  tamper/multiplespaces.py
+91b63afdb96b1d51c12a14cbd425d310  tamper/multiplespaces.py
-be757e4c9a6fb36af7b9a8c444fddb05  tamper/nonrecursivereplacement.py
+efd1917c6ccc632f044084a30e0e0f98  tamper/nonrecursivereplacement.py
-e298e486c06bb39d81f10d61a5c4ceec  tamper/overlongutf8more.py
+95bf07047343c68a05658f5f11c6b413  tamper/overlongutf8more.py
-b9f698556f8333d9fa6eadaab44a77ab  tamper/overlongutf8.py
+db4687249dedddbe057c8b163923ef01  tamper/overlongutf8.py
 bc0363e4fc04240c9f7b81e4ecce0714  tamper/percentage.py
-91272e566ceb4644254cd6abd613db21  tamper/plus2concat.py
+db9cd6325d1814e5fe88323fe4add4e1  tamper/plus2concat.py
-265314f4b3b921f4c0d470ddaa6506e4  tamper/plus2fnconcat.py
+bcad55e2f7ce3e58a4cc7fcef77d4a4a  tamper/plus2fnconcat.py
 e94a1c7e4dc7450ac224436269d823bb  tamper/randomcase.py
-6368a971a80b1acbbbc6b76616bd96b9  tamper/randomcomments.py
+e50d9ed1c988638899cf82f18452e96c  tamper/randomcomments.py
-48228322d40d97016b05e408c5234634  tamper/securesphere.py
+938bfac6e55a8823e4a66cd29166d980  tamper/securesphere.py
 cac8a56f8cc6c14524ee392daa5ae2fd  tamper/space2comment.py
 62d4d07b640d9d54d26ba33a77de9474  tamper/space2dash.py
 ab91c20f71973b1a9a5fecfb9f2a1d1f  tamper/space2hash.py
@@ -274,12 +274,12 @@ ad45e799126d2d563b3958f714d2e7c6  tamper/space2mssqlblank.py
 74334d72bffb99b0ac092f87f4da2675  tamper/space2mssqlhash.py
 fd1bff6caefe5007444f7a0fabbc8ce9  tamper/space2mysqlblank.py
 48a1f013657186e336d249adefbdbc7b  tamper/space2mysqldash.py
-36958b2a5f5915de8b7cc157a64b267a  tamper/space2plus.py
+72a547bc3bf32dba0d1c3093988df8af  tamper/space2plus.py
 6ce135f89259c379d84c85e538300091  tamper/space2randomblank.py
-95c91853034d9e276a6570e4d01b5f74  tamper/sp_password.py
+93fc10b57586936cef05e88227c84ad0  tamper/sp_password.py
 041cb567dff6bb6e7389e12ab3fb84c6  tamper/symboliclogical.py
 6459c62914ae643799667de8bd283c97  tamper/unionalltounion.py
-3b8182b8caef857b9af397e47d0c9938  tamper/unmagicquotes.py
+51d20b5cb5a50fc2e44d39087f865d23  tamper/unmagicquotes.py
 371afb396f0bb18d97147c5db83354f4  tamper/uppercase.py
 557ce5bf5ae9b7ab26f2c6b57312f41a  tamper/varnish.py
 929a2586dbb7b758a454eb09e13e5a73  tamper/versionedkeywords.py