CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-10 10:07:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Minor patches to tamper scripts

Browse source
This commit is contained in:
Miroslav Štampar 2026-06-04 20:06:07 +02:00
parent 2c356ed22a
commit 2f4ff0d430
5 changed files with 53 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

8
data/txt/sha256sums.txt
View file

@ -188,7 +188,7 @@ c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch
48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py
0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py
888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py
fd9252af9bb49e13cd9be15fe4d9668224b422827b8549a76e9d99c2ec4eb68c lib/core/settings.py
1190bfd8052d2acb7216451e015da54fb482e24478499a447ae756140fdcbed8 lib/core/settings.py
cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py
bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py
70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py
@ -519,9 +519,9 @@ d528e74ae7c9fc0cd45369046d835a8f1e6f9252eeef6d84d9978d7e329ab35f tamper/escapeq
f0a7b635061385a3bf399cc51faf4d5e10694266aaa21fba557ca655c00a09bc tamper/hex2char.py
9096cbf2283137d592408325347f46866fd139966c946f8ba1ea61826472d0bb tamper/hexentities.py
3e518ace6940d54e8844c83781756e85d5670c53dfac0a092c4ee36cd5111885 tamper/htmlencode.py
04028ea55034ef5c82167db35cb1276d3d5c717f6b22507b791342ccf82722ad tamper/if2case.py
365085e79d296791464ec3f041a26554b19ba4865c4a727e258e9586b0bcfbe7 tamper/ifnull2casewhenisnull.py
e73e3723d4b61515d7ad2c0fe6e9a9dcaeeac6a93ed6149f44d59e4e41543226 tamper/ifnull2ifisnull.py
d05dafb86e82807e75bb8f54dcd6afbb4a08ba3b83b35562fee7f7022a75dbd7 tamper/if2case.py
55092820a856f583cf1b661001b60216886d172cb7d0008920bf4ab3df88aff0 tamper/ifnull2casewhenisnull.py
eeda2b2fd54a4aa5fcf5630f8bfae43e0a38a840ae908e2f6b0878959067413c tamper/ifnull2ifisnull.py
94fe273bee7df27c9b4f1ee043779d06e4553169d9aec30c301d469275883dd1 tamper/informationschemacomment.py
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 tamper/__init__.py
017c91ba64c669382aa88ce627f925b00101a81c1a37a23dba09bfa2bfaf42ae tamper/least.py

2
lib/core/settings.py
View file

@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10.6.17"
VERSION = "1.10.6.18"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

28
tamper/if2case.py
View file

@ -36,26 +36,30 @@ def tamper(payload, **kwargs):
'SELECT CASE WHEN (1=1) THEN (SELECT "foo") ELSE (NULL) END'
"""
if payload and payload.find("IF") > -1:
if payload and payload.find("IF(") > -1:
payload = payload.replace("()", REPLACEMENT_MARKER)
while payload.find("IF(") > -1:
index = payload.find("IF(")
depth = 1
commas, end = [], None
quote, doublequote = False, False
for i in xrange(index + len("IF("), len(payload)):
if depth == 1 and payload[i] == ',':
commas.append(i)
if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'):
quote = not quote
elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'):
doublequote = not doublequote
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if not quote and not doublequote:
if depth == 1 and payload[i] == ',':
commas.append(i)
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if len(commas) == 2 and end:
a = payload[index + len("IF("):commas[0]].strip("()")

28
tamper/ifnull2casewhenisnull.py
View file

@ -33,25 +33,29 @@ def tamper(payload, **kwargs):
'CASE WHEN ISNULL(1) THEN (2) ELSE (1) END'
"""
if payload and payload.find("IFNULL") > -1:
if payload and payload.find("IFNULL(") > -1:
while payload.find("IFNULL(") > -1:
index = payload.find("IFNULL(")
depth = 1
comma, end = None, None
quote, doublequote = False, False
for i in xrange(index + len("IFNULL("), len(payload)):
if depth == 1 and payload[i] == ',':
comma = i
if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'):
quote = not quote
elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'):
doublequote = not doublequote
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if not quote and not doublequote:
if depth == 1 and payload[i] == ',':
comma = i
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if comma and end:
_ = payload[index + len("IFNULL("):comma]

28
tamper/ifnull2ifisnull.py
View file

@ -33,25 +33,29 @@ def tamper(payload, **kwargs):
'IF(ISNULL(1),2,1)'
"""
if payload and payload.find("IFNULL") > -1:
if payload and payload.find("IFNULL(") > -1:
while payload.find("IFNULL(") > -1:
index = payload.find("IFNULL(")
depth = 1
comma, end = None, None
quote, doublequote = False, False
for i in xrange(index + len("IFNULL("), len(payload)):
if depth == 1 and payload[i] == ',':
comma = i
if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'):
quote = not quote
elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'):
doublequote = not doublequote
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if not quote and not doublequote:
if depth == 1 and payload[i] == ',':
comma = i
elif depth == 1 and payload[i] == ')':
end = i
break
elif payload[i] == '(':
depth += 1
elif payload[i] == ')':
depth -= 1
if comma and end:
_ = payload[index + len("IFNULL("):comma]