diff --git a/lib/core/settings.py b/lib/core/settings.py index 24ba83a81..c93c111ea 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.3.14" +VERSION = "1.3.3.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/substring2leftright.py b/tamper/substring2leftright.py index 9eb3eea43..4ed890c0b 100644 --- a/tamper/substring2leftright.py +++ b/tamper/substring2leftright.py @@ -24,23 +24,23 @@ def tamper(payload, **kwargs): Note: * Useful to bypass weak web application firewalls that filter SUBSTRING (but not LEFT and RIGHT) - >>> tamper('SUBSTRING((X FROM 1 FOR 1))') - 'LEFT(X,1)' - >>> tamper('SUBSTRING((X FROM 5 FOR 1))') - 'LEFT(RIGHT(X,-4),1)' + >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 1 FOR 1)') + 'LEFT((SELECT usename FROM pg_user)::text,1)' + >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 3 FOR 1)') + 'LEFT(RIGHT((SELECT usename FROM pg_user)::text,-2),1)' """ retVal = payload if payload: - match = re.search(r"SUBSTRING\(\((.*)\sFROM\s(\d+)\sFOR\s1\)\)", payload) + match = re.search(r"SUBSTRING\((.+?)\s+FROM[^)]+(\d+)[^)]+FOR[^)]+1\)", payload) if match: pos = int(match.group(2)) if pos == 1: - _ = "LEFT((%s,1))" % (match.group(1)) + _ = "LEFT(%s,1)" % (match.group(1)) else: - _ = "LEFT(RIGHT((%s,%d),1))" % (match.group(1), 1-pos) + _ = "LEFT(RIGHT(%s,%d),1)" % (match.group(1), 1 - pos) retVal = retVal.replace(match.group(0), _) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8f9570e39..9a6e944fb 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -e0e8419f3e68202e2cb336544c83c6cc lib/core/settings.py +70d40f6779a871d6cd824aa8827426a8 lib/core/settings.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 0a5b0a97a36c19022665f66858fd7450 lib/core/target.py @@ -286,6 +286,7 @@ a308787c9dad835cb21498defcd218e6 tamper/space2mysqlblank.py dc99c639a9bdef91a4225d884c29bb40 tamper/space2plus.py 190bc9adca68e4a628298b78e8e455e8 tamper/space2randomblank.py eec5c82c86f5108f9e08fb4207a8a9b1 tamper/sp_password.py +abfdf3a9f02d0755b3c9db768bd87f9a tamper/substring2leftright.py 64b9486995d38c99786f7ceefa22fbce tamper/symboliclogical.py 08f2ce540ee1f73b6a211bffde18e697 tamper/unionalltounion.py 628f74fc6049dd1450c832cabb28e0da tamper/unmagicquotes.py