From fa9dc20c6e0d1cb7b5c6cf71f59e62a38a81141e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 Feb 2025 14:11:03 +0100 Subject: [PATCH] Minor update --- data/txt/sha256sums.txt | 22 +++++++++++----------- lib/core/settings.py | 2 +- tamper/0eunion.py | 2 +- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/base64encode.py | 2 +- tamper/between.py | 2 +- tamper/binary.py | 2 +- tamper/bluecoat.py | 2 +- tamper/chardoubleencode.py | 2 +- tamper/randomcomments.py | 2 +- 12 files changed, 22 insertions(+), 22 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 3b43e3e19..a7c8b17ef 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -188,7 +188,7 @@ c6a182f6b7d3b0ad6f0888ea2a4de4148f0770549038d7de8bc3267b4c6635f7 lib/core/readl 63ae69713c6ea9abfa10e71dfab8f2dcf42432177a38d2c1e98785bf1468674c lib/core/replication.py 5bad5bc7115051cef7b84efa73fbafbf5e1db46eef32a445056b56cda750b66f lib/core/revision.py 0dcb52c9c76a4b0acf2e9038f7d8f08c14543cef3cf7032831c6c0a99376ad24 lib/core/session.py -6bb2a76f94ecadb3f97a33901856a20c8d90d7b8b2866a264975c0501192ca72 lib/core/settings.py +167941c1f7c279d31a377a80915de0cae31f06ba39bf802571a9980bb5ffbfff lib/core/settings.py a1e4f2860bffc73bbf2e5db293fa49dcb600ea35f950cda43dc953b3160ab3db lib/core/shell.py 841716e87b90a3b598515910841f7cf8d33bb87c24a27fba1a80e36a831cbcd7 lib/core/subprocessng.py 9731092f195e346716929323ea3c93247b23b9b92b0f32d3fd0acc3adf9876cc lib/core/target.py @@ -478,15 +478,15 @@ b3d9d0644197ecb864e899c04ee9c7cd63891ecf2a0d3c333aad563eef735294 plugins/generi 168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml 6da15963699aa8916118f92c8838013bc02c84e4d7b9f33d971324c2ff348728 sqlmap.conf 3795c6d03bc341a0e3aef3d7990ea8c272d91a4c307e1498e850594375af39f7 sqlmap.py -d6788235cd599e05cb65e9c3279a03b1cf769d4aa15c78d226a1d2cf6aa14e86 tamper/0eunion.py -35ad42cc9fbe66f025d9f6d0b1284a9f00213510e3c39e60a2d8f3e8b6a77e7b tamper/apostrophemask.py -71bc240d0153fccb9caa828f05eca4e9d51c2e5510dee9fb8533b70226d29207 tamper/apostrophenullencode.py -847b5dc53e195f30abaa6e60b9bc9f39e15df7e6c2a99b31a435b69a345c0937 tamper/appendnullbyte.py -510b050400bf8cf3ed30d29635083dd69692ec0ca20fe9cb9958feb4f89e34fe tamper/base64encode.py -c41f1f5fa2fa73b130f9194e89a04b512fe21784cf1a94e3a61680995999b1dd tamper/between.py -576aa77cacbe18695038eeab851be217347ed28d1c0505a098e93fcb3db3575b tamper/binary.py -805239f02e8f1bbc3374cb02aec3aa6ae37b72716344f201094c9f39ff35e655 tamper/bluecoat.py -5e52fb35fbd46cd5293c03491913b655eb47ddb7e99c2830e454945eee693a22 tamper/chardoubleencode.py +9d408612a6780f7f50a7f7887f923ff3f40be5bfa09a951c6dc273ded05b56c0 tamper/0eunion.py +c1c2eaa7df016cc7786ccee0ae4f4f363b1dce139c61fb3e658937cb0d18fc54 tamper/apostrophemask.py +19023093ab22aec3bce9523f28e8111e8f6125973e6d9c82adb60da056bdf617 tamper/apostrophenullencode.py +ffb81905dfbfa346f949aed54755944403bfbc0cc015cd196e412d7c516c5111 tamper/appendnullbyte.py +50c270f6073a2dab08a5d64a91db1d1b372a206abd85ad54a630e1067ad614cf tamper/base64encode.py +874aea492eed81c646488cd184a2c07b0fba2be247208227c91de9b223b016ee tamper/between.py +386ede29943456818e22ec9d1555693c9d676c9330bc527dbb9b3f52c9b3cbb1 tamper/binary.py +63a3fc494ff07b9f0e37025ff932b386aaeafd24a65da7f530f562ed78083c51 tamper/bluecoat.py +4635c3b863e624169347d37834021402d95b4240bd138bec2ffc9d4f28d23422 tamper/chardoubleencode.py fa25e5a74c6cf0787b4f72321294095a3b7690f53423f058187ad08b458ef1fe tamper/charencode.py 1c87fc49792df6091b7eb880108142b42a0a3810cc0cd2316a858ccdbf1c5ce4 tamper/charunicodeencode.py 00d51073f9e40d8dfa5fcb04eafda359bd0ecb91e358b3910f3ec43c1a381111 tamper/charunicodeescape.py @@ -523,7 +523,7 @@ a1e7d8907e7b4b25b1a418e8d5221e909096f719dcb611d15b5e91c83454ccdc tamper/overlon 704551003e62d4fc1949855931d6cebd57cc5cdbf2221dbd43e51cbdad6f130d tamper/plus2concat.py b9d1e3ee657236b13ad5ecaf2adfa089e24a0e67738253eedb533a68f277a6e3 tamper/plus2fnconcat.py fb4b7539284db076147a530df1dd072d5d35e32a71fd7bc8e312319d5f3aaa52 tamper/randomcase.py -b27066b7ea4f69243d5a353327090a0630bbf7f512edf5e277cde2c10139b3dd tamper/randomcomments.py +f40d9267b4e9b689412cd45eb7b61540420f977370c5f9deba272bdae09d2404 tamper/randomcomments.py 35a8539ac8030d3fc176ea8231fe8983285fc576f7e0b50ccdf911a565f1f758 tamper/schemasplit.py a34524af6fe2f2bba642b3234fbf1aa8785761e7d82906005b5476b7cc724857 tamper/scientific.py 65d22c54abfa61b73140020d48a86ec8eeb4c9e4e5e088d1462e4bce4a64f18b tamper/sleep2getlock.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 99e5cde0b..01bf527b8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.2.8" +VERSION = "1.9.2.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/0eunion.py b/tamper/0eunion.py index cec753c50..f289ae456 100644 --- a/tamper/0eunion.py +++ b/tamper/0eunion.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances of UNION with e0UNION + Replaces an integer followed by UNION with an integer followed by e0UNION Requirement: * MySQL diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 92c4faa00..83a4d6129 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87) + Replaces single quotes (') with their UTF-8 full-width equivalents (e.g. ' -> %EF%BC%87) References: * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index ba14d9703..ee37a8afd 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27) + Replaces single quotes (') with an illegal double Unicode encoding (e.g. ' -> %00%27) >>> tamper("1 AND '1'='1") '1 AND %00%271%00%27=%00%271' diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index 7905fa3bc..b39105ad5 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends (Access) NULL byte character (%00) at the end of payload + Appends an (Access) NULL byte character (%00) at the end of payload Requirement: * Microsoft Access diff --git a/tamper/base64encode.py b/tamper/base64encode.py index 721713809..fcd9e6715 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -15,7 +15,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Base64-encodes all characters in a given payload + Encodes the entire payload using Base64 >>> tamper("1' AND SLEEP(5)#") 'MScgQU5EIFNMRUVQKDUpIw==' diff --git a/tamper/between.py b/tamper/between.py index a94cc90f2..c71104c98 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #' + Replaces the greater-than operator (>) with NOT BETWEEN 0 AND # and the equal sign (=) with BETWEEN # AND # Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/binary.py b/tamper/binary.py index 9e1b640bc..b0aaeae46 100644 --- a/tamper/binary.py +++ b/tamper/binary.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Injects keyword binary where possible + Injects the keyword binary where applicable Requirement: * MySQL diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index 064a4cb08..315f2aef6 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -17,7 +17,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE + Replaces the space following an SQL statement with a random valid blank character, then converts = to LIKE Requirement: * Blue Coat SGOS with WAF activated as documented in diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index 2915a85da..8ac5c16f0 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554) + Double URL-encodes each character in the payload (ignores already encoded ones) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554) Notes: * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index ec5e1f5d5..993684aba 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW def tamper(payload, **kwargs): """ - Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT) + Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT) >>> import random >>> random.seed(0)