Minor update of #3527

This commit is contained in:
Miroslav Stampar 2019-03-11 11:38:16 +01:00
parent a3fe4be6c5
commit f4338952ac
3 changed files with 10 additions and 9 deletions

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.3.14" VERSION = "1.3.3.15"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -24,23 +24,23 @@ def tamper(payload, **kwargs):
Note: Note:
* Useful to bypass weak web application firewalls that filter SUBSTRING (but not LEFT and RIGHT) * Useful to bypass weak web application firewalls that filter SUBSTRING (but not LEFT and RIGHT)
>>> tamper('SUBSTRING((X FROM 1 FOR 1))') >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 1 FOR 1)')
'LEFT(X,1)' 'LEFT((SELECT usename FROM pg_user)::text,1)'
>>> tamper('SUBSTRING((X FROM 5 FOR 1))') >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 3 FOR 1)')
'LEFT(RIGHT(X,-4),1)' 'LEFT(RIGHT((SELECT usename FROM pg_user)::text,-2),1)'
""" """
retVal = payload retVal = payload
if payload: if payload:
match = re.search(r"SUBSTRING\(\((.*)\sFROM\s(\d+)\sFOR\s1\)\)", payload) match = re.search(r"SUBSTRING\((.+?)\s+FROM[^)]+(\d+)[^)]+FOR[^)]+1\)", payload)
if match: if match:
pos = int(match.group(2)) pos = int(match.group(2))
if pos == 1: if pos == 1:
_ = "LEFT((%s,1))" % (match.group(1)) _ = "LEFT(%s,1)" % (match.group(1))
else: else:
_ = "LEFT(RIGHT((%s,%d),1))" % (match.group(1), 1-pos) _ = "LEFT(RIGHT(%s,%d),1)" % (match.group(1), 1 - pos)
retVal = retVal.replace(match.group(0), _) retVal = retVal.replace(match.group(0), _)

View File

@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
e0e8419f3e68202e2cb336544c83c6cc lib/core/settings.py 70d40f6779a871d6cd824aa8827426a8 lib/core/settings.py
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
0a5b0a97a36c19022665f66858fd7450 lib/core/target.py 0a5b0a97a36c19022665f66858fd7450 lib/core/target.py
@ -286,6 +286,7 @@ a308787c9dad835cb21498defcd218e6 tamper/space2mysqlblank.py
dc99c639a9bdef91a4225d884c29bb40 tamper/space2plus.py dc99c639a9bdef91a4225d884c29bb40 tamper/space2plus.py
190bc9adca68e4a628298b78e8e455e8 tamper/space2randomblank.py 190bc9adca68e4a628298b78e8e455e8 tamper/space2randomblank.py
eec5c82c86f5108f9e08fb4207a8a9b1 tamper/sp_password.py eec5c82c86f5108f9e08fb4207a8a9b1 tamper/sp_password.py
abfdf3a9f02d0755b3c9db768bd87f9a tamper/substring2leftright.py
64b9486995d38c99786f7ceefa22fbce tamper/symboliclogical.py 64b9486995d38c99786f7ceefa22fbce tamper/symboliclogical.py
08f2ce540ee1f73b6a211bffde18e697 tamper/unionalltounion.py 08f2ce540ee1f73b6a211bffde18e697 tamper/unionalltounion.py
628f74fc6049dd1450c832cabb28e0da tamper/unmagicquotes.py 628f74fc6049dd1450c832cabb28e0da tamper/unmagicquotes.py