diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 9204a51a7e4..1fd2fa5c733 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -165,9 +165,9 @@ ced1c82713afc1309c1495485b3d25a11c95af1f7460ea7922dbb96dacac37b4 lib/controller c1881685bef8504ded32c51abed00ab51849008c84b74e8a66117e5f5041b3df lib/controller/controller.py d69e84f1648cdb907f5d2dd454f03874a4613752b07867510145d51d84b3c56f lib/controller/handler.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/controller/__init__.py -9e694e4864d865c5da745aaf9d35da885eff697a9a0f7b37c3e85d47b4378f64 lib/core/agent.py +b2555d11529689f5d7d02bee0741d3228969e2bf29a2b9140bf1560ff60249e7 lib/core/agent.py b13462712ec5ac07541dba98631ddcda279d210b838f363d15ac97a1413b67a2 lib/core/bigarray.py -9abf4df5ef34cfaf188249483a3e95a486212fd4504eb322dcb07a17b2fff16b lib/core/common.py +2a9d87359d4b7d4fa8a818e4ee8f7a6fd3d3cf46feae17d21e7a3370c5cee5d2 lib/core/common.py a6397b10de7ae7c56ed6b0fa3b3c58eb7a9dbede61bf93d786e73258175c981e lib/core/compat.py 461f2666d500f9a91210fec558e6ee68af61c752de5498490bc96c11b32a6b0a lib/core/convert.py c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data.py @@ -175,20 +175,20 @@ c03dc585f89642cfd81b087ac2723e3e1bb3bfa8c60e6f5fe58ef3b0113ebfe6 lib/core/data. 70fb2528e580b22564899595b0dff6b1bc257c6a99d2022ce3996a3d04e68e4e lib/core/decorators.py 147823c37596bd6a56d677697781f34b8d1d1671d5a2518fbc9468d623c6d07d lib/core/defaults.py 2f44a1bfe6f18aafe64147b99e69aa93cf438c0e7befe59f4e2aee9065c8b7b6 lib/core/dicts.py -ccd3b414727ef75f5d533f9518198b61322781f3ee53a86643763e029b2874c0 lib/core/dump.py +b37d3b745f82fe93eb3608683e87305b767e04f7cbf93dbb13ff33452c67d90a lib/core/dump.py 23e33f0b457e2a7114c9171ba9b42e1751b71ee3f384bba7fad39e4490adb803 lib/core/enums.py 5387168e5dfedd94ae22af7bb255f27d6baaca50b24179c6b98f4f325f5cc7b4 lib/core/exception.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/core/__init__.py 914a13ee21fd610a6153a37cbe50830fcbd1324c7ebc1e7fc206d5e598b0f7ad lib/core/log.py 67ea32c993cbf23cdbd5170360c020ca33363b7c516ff3f8da4124ef7cb0254d lib/core/optiondict.py d197388e8e2aabe19f2529bfcac780e18e22a905d01319080d7afe4cb2b1c4c9 lib/core/option.py -789320dcb3f93137d3065080ee98429280bf10b20b66a1c08d3fcc1747b30d94 lib/core/patch.py +c65ce3cd38ee85c443c6619cfea84920390bad171f2999b95149485c0d1bc4a2 lib/core/patch.py 49c0fa7e3814dfda610d665ee02b12df299b28bc0b6773815b4395514ddf8dec lib/core/profiling.py 03db48f02c3d07a047ddb8fe33a757b6238867352d8ddda2a83e4fec09a98d04 lib/core/readlineng.py 48797d6c34dd9bb8a53f7f3794c85f4288d82a9a1d6be7fcf317d388cb20d4b3 lib/core/replication.py 0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py -3fea7262bc40f5a7cf31ae81c1f2d1a12361d7b7e1d45411d6617475bd691608 lib/core/settings.py +a94bd355c8c2a9e60009c536b03de1d86f085121de60b36d22073e3620588e47 lib/core/settings.py cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82 lib/core/shell.py bcb5d8090d5e3e0ef2a586ba09ba80eef0c6d51feb0f611ed25299fbb254f725 lib/core/subprocessng.py 70ea3768f1b3062b22d20644df41c86238157ec80dd43da40545c620714273c6 lib/core/target.py @@ -220,7 +220,7 @@ aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e lib/request/in ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4 lib/request/methodrequest.py 43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568 lib/request/pkihandler.py b90feeb16e89a844427df42373b0139eb6f6cf3c48ccec32b3e3a3f540c2451e lib/request/rangehandler.py -47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30 lib/request/redirecthandler.py +673fbe28e3031a9be6f1d5b9ee8af4985dd9f69458ca1264e2eb3c3eec8d8c3d lib/request/redirecthandler.py 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb lib/request/templates.py 01600295b17c00d4a5ada4c77aa688cfe36c89934da04c031be7da8040a3b457 lib/takeover/abstraction.py d3c93562d78ebdaf9e22c0ea2e4a62adb12f0ce9e9d9631c1ea000b1a07d04ab lib/takeover/icmpsh.py @@ -241,13 +241,13 @@ f552b6140d4069be6a44792a08f295da8adabc1c4bb6a5e100f222f87144ca9d lib/techniques 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/techniques/union/__init__.py 30cae858e2a5a75b40854399f65ad074e6bb808d56d5ee66b94d4002dc6e101b lib/techniques/union/test.py a8a795f29ec6fd66482926f04b054ed492a033982c3b7837c5d2ea32368acec0 lib/techniques/union/use.py -f64f2e9df844061ff0b7b97907ac959e6e03c0eda4cbb273145985b90adc081d lib/utils/api.py -ea5e14f8c9d74b0fb17026b14e3fb70ee90e4046e51ab2c16652d86b3ca9b949 lib/utils/brute.py +9ff41fda2d5738c7cc3ab794ab25e7d6b28dd17f7d9b096da9ba9ee395445f30 lib/utils/api.py +442555ab85277aff7c9e0cf465ea5b0d28395c326f68363449b2d3941f4b6de2 lib/utils/brute.py da5bcbcda3f667582adf5db8c1b5d511b469ac61b55d387cec66de35720ed718 lib/utils/crawler.py a94958be0ec3e9d28d8171813a6a90655a9ad7e6aa33c661e8d8ebbfcf208dbb lib/utils/deps.py 51cfab194cd5b6b24d62706fb79db86c852b9e593f4c55c15b35f175e70c9d75 lib/utils/getch.py 853c3595e1d2efc54b8bfb6ab12c55d1efc1603be266978e3a7d96d553d91a52 lib/utils/gui.py -366e6fd5356fae7e3f2467c070d064b6695be80b50f1530ea3c01e86569b58b2 lib/utils/har.py +972c5db9c9e30ac0f91c0f8d4df4531d0304e151dac99f1399c37c952ba9f935 lib/utils/har.py e890d2ee4787589b2464d9c561d10a6896546781c349b48bfe4d42dd3954468b lib/utils/hashdb.py 84bf572a9e7915e91dbffea996e1a7b749392725f1ad7f412d0ff48c636a2896 lib/utils/hash.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/utils/__init__.py @@ -277,7 +277,7 @@ c07f786b06dc694fa6e300f69b3e838dc9c917cf8120306f1c23e834193d3694 plugins/dbms/a b55d9c944cf390cd496bd5e302aa5815c9c327d5bb400dc9426107c91a40846d plugins/dbms/altibase/__init__.py 859cc5b9be496fe35f2782743f8e573ff9d823de7e99b0d32dbc250c361c653e plugins/dbms/altibase/syntax.py 2c3bb750d3c1fb1547ec59eb392d66df37735bd74cca4d2c745141ea577cce1e plugins/dbms/altibase/takeover.py -c03bf2d0584327f83956209f4f4697661b908b32b6fe5a1f9f2e06560870b084 plugins/dbms/cache/connector.py +584e1ecd6ab812b52a0e959d1e061895411109f145fb81faf435a2c568f91c53 plugins/dbms/cache/connector.py 49b591c1b1dc7927f59924447ad8ec5cb9d97a74ad4b34b43051253876c27cdc plugins/dbms/cache/enumeration.py 672dc9b3d291aa4f5d6c4cbe364e92b92e19ee6de86f6d9b9a4dda7d5611b409 plugins/dbms/cache/filesystem.py ef270e87f7fc2556f900c156a4886f995a185ff920df9d2cd954db54ee1f0b77 plugins/dbms/cache/fingerprint.py @@ -347,9 +347,9 @@ c14d73712d9d6fcfa6b580d72075d51901c472bdd7e1bc956973363ad1fca4d8 plugins/dbms/h 742d4a29f8875c8dabe58523b5e3b27c66e29a964342ec6acd19a71714b46bb1 plugins/dbms/h2/__init__.py 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/h2/syntax.py c994c855cf0d30cf0fa559a1d9afc22c3e31a14ba2634f11a1a393c7f6ec4b95 plugins/dbms/h2/takeover.py -eedf40aa079cfaae5616b213ff994f796b726fcfb99c567db51cdf2cd75aacc7 plugins/dbms/hsqldb/connector.py +cda313311ae5041eb8129db7cff8f9d9d42296313929cf72938e962d6ec46466 plugins/dbms/hsqldb/connector.py 03c8dd263a4d175f3b55e9cbcaa2823862abf858bab5363771792d8fd49d77a1 plugins/dbms/hsqldb/enumeration.py -2e64d477331cb7da88757d081abf2885d025b51874f6b16bde83d82f1430bc35 plugins/dbms/hsqldb/filesystem.py +efce2b895a68cfeb78bd59803d8d4b543c478b090a57a1edd11bcaa67d125368 plugins/dbms/hsqldb/filesystem.py b5b86da64fc24453a3354523a786a2047b99cd200eae7015eef180655be5cff5 plugins/dbms/hsqldb/fingerprint.py 321a8efe7b65cbdf69ff4a8c1509bd97ed5f0edd335a3742e3d19bca2813e24a plugins/dbms/hsqldb/__init__.py 1df5c5d522b381ef48174cfc5c9e1149194e15c80b9d517e3ed61d60b1a46740 plugins/dbms/hsqldb/syntax.py @@ -363,7 +363,7 @@ d4a7721fa80465ac30679ba79e7a448aa94b2efa1dbf4119766bc7084d7e87e4 plugins/dbms/i 1ce793ee91c4de6eb7839adc379652d55ef54f162a9a030b948c54d55dc93c14 plugins/dbms/informix/takeover.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 plugins/dbms/__init__.py 3869c8a1d6ddd4dbfe432217bb269398ecd658aaa7af87432e8fa3d4d4294bbc plugins/dbms/maxdb/connector.py -3d0fef588c8972fc1aeab0c58d800cd128b557a48d8666c36c5b6dbc9617d19d plugins/dbms/maxdb/enumeration.py +fee0735986508dbbe2524d8c758694cea0d9b258547ee2a940ea139b0f6210b4 plugins/dbms/maxdb/enumeration.py e67ecd7a1faf1ef9e263c387526f4cdeefd58e07532750b4ebffccc852fab4d2 plugins/dbms/maxdb/filesystem.py 78d04c8a298f9525c9f0f392fa542c86d5629b0e35dd9383960a238ee937fb93 plugins/dbms/maxdb/fingerprint.py 10db7520bc988344e10fe1621aa79796d7e262c53da2896a6b46fcf9ee6f5ba4 plugins/dbms/maxdb/__init__.py @@ -392,28 +392,28 @@ ba04af3683b9a6e29e8fa6b3bf436a57e59435cebb042414f2df82018d91599e plugins/dbms/m 236fd244f0bbc3976b389429a8176feda6c243267564c2a0eff6fc2458c1b3f9 plugins/dbms/monetdb/takeover.py 6bdc774463ac87b1bd1b6a9d5c2346b7edbf40d9848b7870a30d1eaedde4fc51 plugins/dbms/mssqlserver/connector.py 52c19e9067f22f5c386206943d1807af4c661500bf260930a5986e9a180e96c7 plugins/dbms/mssqlserver/enumeration.py -838ed364ce46ae37fb5b02f47d2767f7d49595f81caf4bc51c1e25fd18e4aa65 plugins/dbms/mssqlserver/filesystem.py +67cd70b64aed27af467682ceae8e20992b6765d2374d5762efb5a4585b8a6f79 plugins/dbms/mssqlserver/filesystem.py 38ade085f9f1b227eda8c89f78e3ce869e8f430c98bef0cc7cbd2c7dcd60c24e plugins/dbms/mssqlserver/fingerprint.py 1ecde09e80d7b709a710281f4983a6831bc02ca3458ae0b97b28446d6db241b4 plugins/dbms/mssqlserver/__init__.py a89074020253365b6c95a4fa53e41fb0dc16f26a209b31f28e65910f26b81d21 plugins/dbms/mssqlserver/syntax.py 57f263084438e9b2ec2e62909fc51871e9eefb1a9156bbe87908592c5274b639 plugins/dbms/mssqlserver/takeover.py 275ffb2a63c179a5b1673866fcd4020d7f30a68e6d7736e7e21094e2a3234578 plugins/dbms/mysql/connector.py 51590c30177adf8c435e4d6d4be070f6708d81793f70577d9317daa4ef2485ba plugins/dbms/mysql/enumeration.py -9523715aa823ecfc7a914afabf5fe3091583c93a23ccc270c61a78b007b7a652 plugins/dbms/mysql/filesystem.py +5114ca85e5aac6eaebf2ca2cf6b944250329d2d5c36a36015ac34599c9437838 plugins/dbms/mysql/filesystem.py b5708a7e3179896f0242f6188642d0f613371b2f621ad8ebb0a53c934dd36259 plugins/dbms/mysql/fingerprint.py e2289734859246e6c1a150d12914a711901d10140659beded7aa14f22d11bca3 plugins/dbms/mysql/__init__.py 02a37c42e8a87496858fd6f9d77a5ab9375ea63a004c5393e3d02ca72bc55f19 plugins/dbms/mysql/syntax.py 1e6a7c6cc77772a4051d88604774ba5cc9e06b1180f7dba9809d0739bc65cf37 plugins/dbms/mysql/takeover.py af1b89286e8d918e1d749db7cce87a1eae2b038c120fb799cc8ee766eb6b03e1 plugins/dbms/oracle/connector.py 5965da4e8020291beb6f35a5e11a6477edb749bdeba668225aea57af9754a4b3 plugins/dbms/oracle/enumeration.py -94132121cd085e314e9fe63d2ac174e0e26acd4ed17cdce46f93ab36c71967d9 plugins/dbms/oracle/filesystem.py +b8812b1e1a7c68283de3dd264bbeef1fed91eaada720fcfe088f3a62fd9fc614 plugins/dbms/oracle/filesystem.py 0b2dd004b9c9c41dbdd6e93f536f31a2a0b62c2815eb8099299cd692b0dd08a1 plugins/dbms/oracle/fingerprint.py fd0bfc194540bd83843e4b45f431ad7e9c8fd4a01959f15f2a5e30dcfa6acf60 plugins/dbms/oracle/__init__.py a5ec593a2e57d658e3448dd108781a3761484c41c0f67f6a3db59d9def57d71a plugins/dbms/oracle/syntax.py a74fc203fbcc1c4a0656f40ed51274c53620be095e83b3933b5d2e23c6cea577 plugins/dbms/oracle/takeover.py cc55a6bb81c182fca0482acd77ff065c441944ed7a7ef28736e4dff35d9dce5b plugins/dbms/postgresql/connector.py 81a6554971126121465060fd671d361043383e2930102e753c1ad5a1bea0abf6 plugins/dbms/postgresql/enumeration.py -cd6e7b03623f9cecd8151ddaac111072edb79e16588da8e7b3c37e9d233b290b plugins/dbms/postgresql/filesystem.py +bdb13225f822227c32051a296918b3ed423a0644ce0c962db13a0dc0e9636395 plugins/dbms/postgresql/filesystem.py 56a3c0b692187aef120fedb639e10cecf02fbf46e9625d327a0cd4ae07c6724e plugins/dbms/postgresql/fingerprint.py 9c14f8ad202051f3f7b72147bae891abb9aa848a6645aa614a051314ac91891a plugins/dbms/postgresql/__init__.py 4fce63dd766a35b7273351df2de706c37a0392479578705853b4333c119f2270 plugins/dbms/postgresql/syntax.py @@ -454,7 +454,7 @@ f5b28fe6ff99de3716e7e2cd2304784a4c49b1df7a292381dae0964fb9ef80f3 plugins/dbms/s 351a9accf1af8f7d18680b71d9c591afbe2dec8643c774e2a3c67cc56474a409 plugins/dbms/sqlite/syntax.py e56033f9a9a1ef904a6cdbc0d71f02f93e8931a46fe050d465a87e38eb92df67 plugins/dbms/sqlite/takeover.py b801f9ed84dd26532a4719d1bf033dfde38ecaccbdea9e6f5fd6b3395b67430d plugins/dbms/sybase/connector.py -8173165097ac6720258cf8a5ccf97600d5aa94378182ad0e1ccaa4cfcfa0c038 plugins/dbms/sybase/enumeration.py +397836e1d3cff87627f92633b4852bbbb143ca4306fe99ab577b25b7aa69c9cb plugins/dbms/sybase/enumeration.py 73b41e33381cd8b13c21959006ef1c6006540d00d53b3ccb1a7915578b860f23 plugins/dbms/sybase/filesystem.py 49ec03fe92dab994ee7f75713144b71df48469dca9eb8f9654d54cdcb227ea2c plugins/dbms/sybase/fingerprint.py 0d234ddd3f66b5153feb422fc1d75937b432d96b5e5f8df2301ddcadf6c722b2 plugins/dbms/sybase/__init__.py @@ -508,20 +508,20 @@ c7892bff56b2b85dfdf9f24c783c569edac57a3fd5a254cf4554987a374206c9 tamper/charenc d0d8f2df2c29d81315a867ecb6baa9ca430e8f98d04f4df3879f2bcd697fac16 tamper/commalesslimit.py 1aee4e920b8ffa4a79b2ac9a42e2d7de13434970b3d1e0c6911c26bdd0c7b4e7 tamper/commalessmid.py ff8d05da2c5a123a231671c97ee80bb77b6631d7e5356d836cfe15ef212b73e5 tamper/commentbeforeparentheses.py -66cad47087c78a5658445f8a00f2e1cd533a6d7c57aec2d1eb1fe486956aa3ea tamper/concat2concatws.py +27f74b1c007713f753e0278bc056b09cd715c364847977962d6a198ecefa14ff tamper/concat2concatws.py b5a5ba94a78cf83b35cdb0b08d9d69dbf1f33c07cc5152c560ae5aee54a4c066 tamper/decentities.py 1d6bcc5ffe235840370cd9738b5e8067f8b24e8c0e2bb629d330a7e5c379328a tamper/dunion.py 99c59e6fd7cafc9238c53e037eff457823854eef7cb0c5ea05941e0223229209 tamper/equaltolike.py b3940e8d029150a81f17a2da1141928c31b6abb9ade3672d093051e310439995 tamper/equaltorlike.py d528e74ae7c9fc0cd45369046d835a8f1e6f9252eeef6d84d9978d7e329ab35f tamper/escapequotes.py 0694f202a4f57e0a5c4d5aa72eee121b6f344d4e03692d9e267e2212abed719c tamper/greatest.py -26e57bc7c118168f20a5fc80d2d2fdbef05c027328c5c55cbbe92047ee8123da tamper/halfversionedmorekeywords.py +89c2606da517d063f5a898a33d5bfd8737eef837552fc1127cea512ab82d0ea5 tamper/halfversionedmorekeywords.py f0a7b635061385a3bf399cc51faf4d5e10694266aaa21fba557ca655c00a09bc tamper/hex2char.py 9096cbf2283137d592408325347f46866fd139966c946f8ba1ea61826472d0bb tamper/hexentities.py 3e518ace6940d54e8844c83781756e85d5670c53dfac0a092c4ee36cd5111885 tamper/htmlencode.py -04028ea55034ef5c82167db35cb1276d3d5c717f6b22507b791342ccf82722ad tamper/if2case.py -365085e79d296791464ec3f041a26554b19ba4865c4a727e258e9586b0bcfbe7 tamper/ifnull2casewhenisnull.py -e73e3723d4b61515d7ad2c0fe6e9a9dcaeeac6a93ed6149f44d59e4e41543226 tamper/ifnull2ifisnull.py +d05dafb86e82807e75bb8f54dcd6afbb4a08ba3b83b35562fee7f7022a75dbd7 tamper/if2case.py +55092820a856f583cf1b661001b60216886d172cb7d0008920bf4ab3df88aff0 tamper/ifnull2casewhenisnull.py +eeda2b2fd54a4aa5fcf5630f8bfae43e0a38a840ae908e2f6b0878959067413c tamper/ifnull2ifisnull.py 94fe273bee7df27c9b4f1ee043779d06e4553169d9aec30c301d469275883dd1 tamper/informationschemacomment.py 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 tamper/__init__.py 017c91ba64c669382aa88ce627f925b00101a81c1a37a23dba09bfa2bfaf42ae tamper/least.py @@ -538,22 +538,22 @@ b17748d63b763a7bfd2188f44145345507ce71e1b46f29d747132da5c56d7ed0 tamper/overlon dea9ab017cc4bde6f61f95a4f400ecba441525ff2d2dba886a2bf3ecdc1af605 tamper/percentage.py 5437bc272398173c997d7b156dac1606dcde30421923bfc8f744d3668441d79e tamper/plus2concat.py 3cec7391b8b586474455ef4b089a27c67406ba02f91698647bb113c291f38692 tamper/plus2fnconcat.py -007a21d189bfedd48d4ca2704fb7ea709ea72f4b206e38a7fe40446a12b0a6e3 tamper/randomcase.py -27dfb51abe8f97a833309c2a42c31a63c0eda4711d122639c5ea31e5b5a9021a tamper/randomcomments.py +f5e2cccbe669b732c0b8aaa56c16522fd579168ff61a92d31f94c6970070dfe0 tamper/randomcase.py +5a7047f97c1e6a29e37c13607d92776f1b0eebce96f7e4d6926f459e73abb382 tamper/randomcomments.py e11f10ab09c2a7f44ca2a42b35f9db30d1d3715981bd830ea4e00968be51931b tamper/schemasplit.py 21fae428f0393ab287503cc99997fba33c9a001a19f6dd203bbcc420a62a4b90 tamper/scientific.py 7a71736657ca2b27a01f5f988a5c938d67a0f7e9558caba9041bd17b2cef9813 tamper/sleep2getlock.py -856de1573ba9b08f6f33e28ca5a96341697762afa163835dcd4772ba6e1dadc6 tamper/space2comment.py -715b56e60e8f7bf0a1198b356a32374797a8c2e1ba1f888794626205d63c63d5 tamper/space2dash.py -21c43aafe994e798335e6756fbed15f430629beb49042b56d47f232022044a65 tamper/space2hash.py -329fa6e9bb27e1770ccc1c42c3b3ddc8e57a970959d8482ff102d7bfee546a49 tamper/space2morecomment.py -c088e7061a1a4676bc7714f64005ac275fae349f3dc665f2d565f56ecae7619f tamper/space2morehash.py -f823e5afbd5ab8e3fb478d984528c7f675561cf2b4eb6634a5bc11756097a01f tamper/space2mssqlblank.py -0d3b1336a5ca15de0ce5617c153f91ff8715c34cf886a71cb8df5ae887df301d tamper/space2mssqlhash.py -528723c9cea1d91dac22cb44cab6f8f0174f98c3c547b42017589d9a19a314e1 tamper/space2mysqlblank.py -466bb10955155a042fe4ec3b3df6b98193fba1187a376179e0d4dbc068215d91 tamper/space2mysqldash.py -4ea418f8b226b0ab369f3a8e726b7df0bc4701a2d93585de70e13febe5f438b7 tamper/space2plus.py -b3b79bbcf48ba943af57978e32b928d567f28ed4e45651f15f9fe898e00c0331 tamper/space2randomblank.py +7e23241588e21e17e2d167f696ebaa82b441338370e654357bbf29ee5393cb87 tamper/space2comment.py +68b541ef75925f8e88a93129d3da259e0bbf7254febf637275382964a2763789 tamper/space2dash.py +181b201f230aa6104c1a184091e292f8529b0bb1b0c5c1b69ded33c248c2d1e3 tamper/space2hash.py +e390a99ea7c8de562a489c11c245c8b778b58090f636d231ce06a22829eaddb5 tamper/space2morecomment.py +cd972178ac4464c6692939c347a03a8c1f3f5dae9d3ef83ae82328fa542b7f49 tamper/space2morehash.py +45994faf85d0329efae3a6d34cc978dde5802f5f34614c52575e38e36c98b7d2 tamper/space2mssqlblank.py +7fbaceff3722a32c65f3e3857a61188f05f9ea241f6393670dbb14f7081b542c tamper/space2mssqlhash.py +05ea031d1de1073cf0efd336ec70814403169e4123709447854129a0d4032e24 tamper/space2mysqlblank.py +0a3bc5380bddbfddfd32ce0a353f1abf57894f03262503c4f6e88748ae4a7f58 tamper/space2mysqldash.py +ef090bed1c71b5d6cd6422748799236dbdadbc70593a7b8ccb26ad07c7a76946 tamper/space2plus.py +93d1cf1f6fb977356c4c8dc2d7784d4564b8da3d9f16e8253f957f80af2491f3 tamper/space2randomblank.py 6769cbe7b42265ff257a49e17e894bc19ff805802e19f27d57c07a212de70a11 tamper/sp_password.py 8e52309b893770bce57215fd3bf42d53d7f0d164690b4121b598126cbaaf6bc3 tamper/substring2leftright.py d4b29c9a47961430dd0a24c22f8fe2968374ca5b0611e8b2837481c8d77672bf tamper/symboliclogical.py @@ -561,8 +561,8 @@ c442ec7bb6676bdc58447fa54c719a9322b1728ba96c2358081a73fa8a4612ff tamper/unional 9ebf67b9ce10b338edc3e804111abe56158fa0a69e53aacdd0ffa0e0b6af1f70 tamper/unmagicquotes.py 67a83f8b6e99e9bb3344ad6f403e1d784cf9d3f3b7e8e40053cf3181fabe47fa tamper/uppercase.py 3e54d7f98ca75181e6b16aa306d5a5f5f0dce857d5b3e6ce5a07d501f5d915aa tamper/varnish.py -7d469ee594390cbc10378f83af403bba249240eab00f0ad5a5fe0e3fa1fcbf0d tamper/versionedkeywords.py -dcb7a5584390f1604adff075c94139dd23711f2f516b68683ec4208dd0a00fda tamper/versionedmorekeywords.py +7afc4d262b97773e67dcfa3e253a9a060dc964750f01d739636d17ee069f1512 tamper/versionedkeywords.py +0694e721b07b8242245688be5c7951a3a22f512ed73776a998885e4b1bc82bc7 tamper/versionedmorekeywords.py ce1b6bf8f296de27014d6f21aa8b3df9469d418740cd31c93d1f5e36d6c509cf tamper/xforwardedfor.py 55eaefc664bd8598329d535370612351ec8443c52465f0a37172ea46a97c458a thirdparty/ansistrm/ansistrm.py e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 thirdparty/ansistrm/__init__.py diff --git a/lib/core/agent.py b/lib/core/agent.py index aacdf578982..be235b7447e 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -203,7 +203,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N origValue = encodeBase64(origValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING) if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER): - _ = "%s%s" % (origValue, kb.customInjectionMark) + _ = "%s%s" % (_origValue if base64Encoding else origValue, kb.customInjectionMark) if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '"%s"' % _ not in paramString: newValue = '"%s"' % self.addPayloadDelimiters(newValue) diff --git a/lib/core/common.py b/lib/core/common.py index 4baadd4da9c..798de5a216f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2884,9 +2884,6 @@ def extractErrorMessage(page): retVal = None if isinstance(page, six.string_types): - if wasLastResponseDBMSError(): - page = re.sub(r"<[^>]+>", "", page) - for regex in ERROR_PARSING_REGEXES: match = re.search(regex, page, re.IGNORECASE) @@ -2897,6 +2894,7 @@ def extractErrorMessage(page): break if not retVal and wasLastResponseDBMSError(): + page = re.sub(r"<[^>]+>", "", page) match = re.search(r"[^\n]*SQL[^\n:]*:[^\n]*", page, re.IGNORECASE) if match: diff --git a/lib/core/dump.py b/lib/core/dump.py index 26d5056908a..1172526f300 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -623,7 +623,7 @@ def dbTableValues(self, tableValues): if len(value) > MIN_BINARY_DISK_DUMP_SIZE and r'\x' in value: try: - mimetype = getText(magic.from_buffer(value, mime=True)) + mimetype = getText(magic.from_buffer(getBytes(value), mime=True)) if any(mimetype.startswith(_) for _ in ("application", "image")): if not os.path.isdir(dumpDbPath): os.makedirs(dumpDbPath) diff --git a/lib/core/patch.py b/lib/core/patch.py index 55ac8d3f1d7..35fde349782 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -85,7 +85,7 @@ def _(self, *args): _http_client.LineAndFileWrapper.readline = _ # to prevent too much "guessing" in case of binary data retrieval - thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90 + thirdparty.chardet.universaldetector.UniversalDetector.MINIMUM_THRESHOLD = 0.90 match = re.search(r" --method[= ](\w+)", " ".join(sys.argv)) if match and match.group(1).upper() != PLACE.POST: diff --git a/lib/core/settings.py b/lib/core/settings.py index 62b7a4d6807..0422327d1cb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six # sqlmap version (...) -VERSION = "1.10.6.12" +VERSION = "1.10.6.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index a51b6dd809b..0c1e9d08694 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -136,7 +136,7 @@ def http_error_302(self, req, fp, code, msg, headers): delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER last = None - for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []): + for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, "")).split(delimiter): if '=' in part: part = part.strip() key, value = part.split('=', 1) @@ -145,6 +145,12 @@ def http_error_302(self, req, fp, code, msg, headers): elif last: cookies[last] += "%s%s" % (delimiter, part) + if HTTP_HEADER.SET_COOKIE in headers: + for match in re.finditer(r"(?:^|,\s*)([^=;,]+)=([^;,]+)", headers[HTTP_HEADER.SET_COOKIE]): + key = match.group(1).strip() + if key.lower() not in ("expires", "path", "domain", "max-age", "secure", "httponly", "samesite"): + cookies[key] = match.group(2).strip() + req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) try: diff --git a/lib/utils/api.py b/lib/utils/api.py index 5e5bc61e886..d576c7ba1e3 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -660,7 +660,7 @@ def download(taskid, target, filename): path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename)) # Prevent file path traversal - if not path.startswith(paths.SQLMAP_OUTPUT_PATH): + if not path.startswith(os.path.join(paths.SQLMAP_OUTPUT_PATH, "")): logger.warning("[%s] Forbidden path (%s)" % (taskid, target)) return jsonize({"success": False, "message": "Forbidden path"}) diff --git a/lib/utils/brute.py b/lib/utils/brute.py index 7833a3982ce..5f917e26a39 100644 --- a/lib/utils/brute.py +++ b/lib/utils/brute.py @@ -310,7 +310,9 @@ def columnExistsThread(): else: columns[column] = "non-numeric" - kb.data.cachedColumns[conf.db] = {table: columns} + if conf.db not in kb.data.cachedColumns: + kb.data.cachedColumns[conf.db] = {} + kb.data.cachedColumns[conf.db][table] = columns for _ in ((conf.db, table, item[0], item[1]) for item in columns.items()): if _ not in kb.brute.columns: diff --git a/lib/utils/har.py b/lib/utils/har.py index cb34bf39179..e5dde561cf3 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -185,7 +185,7 @@ def toDict(self): "size": len(self.content or "") } - binary = set([b'\0', b'\1']) + binary = set([b'\0', b'\1', u'\0', u'\1', 0, 1]) if any(c in binary for c in self.content): content["encoding"] = "base64" content["text"] = getText(base64.b64encode(self.content)) diff --git a/plugins/dbms/cache/connector.py b/plugins/dbms/cache/connector.py index 2f2d3c5102f..67a661e4a4a 100644 --- a/plugins/dbms/cache/connector.py +++ b/plugins/dbms/cache/connector.py @@ -37,8 +37,9 @@ def connect(self): jar = readInput(msg) checkFile(jar) args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) + if not jpype.isJVMStarted(): + jvm_path = jpype.getDefaultJVMPath() + jpype.startJVM(jvm_path, args) except Exception as ex: raise SqlmapConnectionException(getSafeExString(ex)) diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index 429337d20bd..95630b76e6b 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -37,8 +37,9 @@ def connect(self): jar = readInput(msg) checkFile(jar) args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) + if not jpype.isJVMStarted(): + jvm_path = jpype.getDefaultJVMPath() + jpype.startJVM(jvm_path, args) except Exception as ex: raise SqlmapConnectionException(getSafeExString(ex)) diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index d5e78548412..869279e7e4a 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -47,7 +47,7 @@ def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=Fals logger.debug(debugMsg) # Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures - invokeQuery = "CALL %s('%s', CAST('%s' AS VARBINARY(%s)))" % (func_name, remoteFile, fcEncodedStr, max_bytes) + invokeQuery = "CALL %s('%s', X'%s')" % (func_name, remoteFile, fcEncodedStr) inject.goStacked(invokeQuery) logger.debug("cleaning up the database management system") diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index ab791f6e74c..be85e648d7c 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -197,9 +197,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod return {conf.db: kb.data.cachedColumns[conf.db]} if dumpMode and colList: - table = {} - table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) continue infoMsg = "fetching columns " @@ -219,8 +219,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod for columnname, datatype, length in _zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]): columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length) - table[tbl] = columns - kb.data.cachedColumns[conf.db] = table + if conf.db not in kb.data.cachedColumns: + kb.data.cachedColumns[conf.db] = {} + kb.data.cachedColumns[conf.db][tbl] = columns return kb.data.cachedColumns diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 416cf2d28f5..870f51e65b9 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -119,7 +119,7 @@ def stackedReadFile(self, remoteFile): DECLARE @firstint INT DECLARE @secondint INT - SET @tempint = CONVERT(INT, (SELECT ASCII(SUBSTRING(%s, @counter, 1)) FROM %s)) + SET @tempint = CONVERT(INT, (SELECT TOP 1 ASCII(SUBSTRING(%s, @counter, 1)) FROM %s)) SET @firstint = floor(@tempint/16) SET @secondint = @tempint - (@firstint * 16) SET @hexstr = @hexstr + SUBSTRING(@charset, @firstint+1, 1) + SUBSTRING(@charset, @secondint+1, 1) @@ -336,6 +336,7 @@ def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType): # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5581 vbs = codecs.decode(vbs, "rot13") vbs = vbs.replace(" ", "") + vbs = vbs % (randFilePath, remoteFile) encodedFileContent = encodeBase64(localFileContent, binary=False) logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index acde3cc35c9..f8c83be25ef 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -79,7 +79,7 @@ def stackedReadFile(self, remoteFile): if length > chunkSize: result = [] - for i in xrange(1, length, chunkSize): + for i in xrange(1, length + 1, chunkSize): chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) result.append(chunk) else: diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index 197b9bddc99..258a79147cb 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -31,25 +31,24 @@ def readFile(self, remoteFile): payload = agent.payload(newValue=query) Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) - for remoteFile in remoteFile.split(','): - if not kb.bruteMode: - infoMsg = "fetching file: '%s'" % remoteFile - logger.info(infoMsg) + if not kb.bruteMode: + infoMsg = "fetching file: '%s'" % remoteFile + logger.info(infoMsg) - kb.fileReadMode = True - fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) - kb.fileReadMode = False + kb.fileReadMode = True + fileContent = inject.getValue("SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL) + kb.fileReadMode = False - if not isNoneValue(fileContent): - fileContent = decodeDbmsHexValue(fileContent, True) + if not isNoneValue(fileContent): + fileContent = decodeDbmsHexValue(fileContent, True) - if fileContent.strip(): - localFilePath = dataToOutFile(remoteFile, fileContent) - localFilePaths.append(localFilePath) + if fileContent.strip(): + localFilePath = dataToOutFile(remoteFile, fileContent) + localFilePaths.append(localFilePath) - elif not kb.bruteMode: - errMsg = "no data retrieved" - logger.error(errMsg) + elif not kb.bruteMode: + errMsg = "no data retrieved" + logger.error(errMsg) return localFilePaths diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index d0298f2b627..01d8631d1c4 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -65,7 +65,7 @@ def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False): for sqlQuery in sqlQueries: inject.goStacked(sqlQuery) - inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT %s FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName)) + inject.goStacked("INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT ARRAY_TO_STRING(ARRAY_AGG(%s), '') FROM %s), 'base64'))" % (self.oid, self.page, self.tblField, self.fileTblName)) inject.goStacked("DELETE FROM %s" % self.fileTblName) self.page += 1 diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index afc4bba1a78..cc984bce978 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -265,9 +265,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod return {conf.db: kb.data.cachedColumns[conf.db]} if dumpMode and colList: - table = {} - table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) continue infoMsg = "fetching columns " @@ -286,8 +286,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod for name, type_ in filterPairValues(_zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])): columns[name] = SYBASE_TYPES.get(int(type_) if hasattr(type_, "isdigit") and type_.isdigit() else type_, type_) - table[safeSQLIdentificatorNaming(tbl, True)] = columns - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns: + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {} + kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns break diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 1aeca3098e2..fdfb1a49b79 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -6,6 +6,7 @@ """ import os +import re from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS @@ -35,6 +36,6 @@ def tamper(payload, **kwargs): """ if payload: - payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),") + payload = re.sub(r"(?i)(?>> tamper("value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa") - "value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa" + >>> tamper("1' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa") + "1'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa" """ def process(match): @@ -49,7 +49,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) retVal = retVal.replace(" /*!0", "/*!0") return retVal diff --git a/tamper/if2case.py b/tamper/if2case.py index e43c4f8f217..f3c01ddb1c4 100644 --- a/tamper/if2case.py +++ b/tamper/if2case.py @@ -36,26 +36,30 @@ def tamper(payload, **kwargs): 'SELECT CASE WHEN (1=1) THEN (SELECT "foo") ELSE (NULL) END' """ - if payload and payload.find("IF") > -1: + if payload and payload.find("IF(") > -1: payload = payload.replace("()", REPLACEMENT_MARKER) while payload.find("IF(") > -1: index = payload.find("IF(") depth = 1 commas, end = [], None + quote, doublequote = False, False for i in xrange(index + len("IF("), len(payload)): - if depth == 1 and payload[i] == ',': - commas.append(i) - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + commas.append(i) + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if len(commas) == 2 and end: a = payload[index + len("IF("):commas[0]].strip("()") diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index 36c8eb9462d..9d94e467145 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -33,25 +33,29 @@ def tamper(payload, **kwargs): 'CASE WHEN ISNULL(1) THEN (2) ELSE (1) END' """ - if payload and payload.find("IFNULL") > -1: + if payload and payload.find("IFNULL(") > -1: while payload.find("IFNULL(") > -1: index = payload.find("IFNULL(") depth = 1 comma, end = None, None + quote, doublequote = False, False for i in xrange(index + len("IFNULL("), len(payload)): - if depth == 1 and payload[i] == ',': - comma = i - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + comma = i + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if comma and end: _ = payload[index + len("IFNULL("):comma] diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index a6399f290dd..3ede6ac358f 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -33,25 +33,29 @@ def tamper(payload, **kwargs): 'IF(ISNULL(1),2,1)' """ - if payload and payload.find("IFNULL") > -1: + if payload and payload.find("IFNULL(") > -1: while payload.find("IFNULL(") > -1: index = payload.find("IFNULL(") depth = 1 comma, end = None, None + quote, doublequote = False, False for i in xrange(index + len("IFNULL("), len(payload)): - if depth == 1 and payload[i] == ',': - comma = i - - elif depth == 1 and payload[i] == ')': - end = i - break - - elif payload[i] == '(': - depth += 1 - - elif payload[i] == ')': - depth -= 1 + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if depth == 1 and payload[i] == ',': + comma = i + elif depth == 1 and payload[i] == ')': + end = i + break + elif payload[i] == '(': + depth += 1 + elif payload[i] == ')': + depth -= 1 if comma and end: _ = payload[index + len("IFNULL("):comma] diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 24cf7876ff7..9535444cc33 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -61,6 +61,6 @@ def tamper(payload, **kwargs): if len(_) > 1 and _ not in (_.lower(), _.upper()): break - retVal = retVal.replace(word, _) + retVal = re.sub(r"\b%s\b" % word, _, retVal) return retVal diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index a4a185f79ad..5e25d073212 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -45,6 +45,6 @@ def tamper(payload, **kwargs): index = randomRange(1, len(word) - 1) _ = word[:index] + "/**/" + word[index:] - retVal = retVal.replace(word, _) + retVal = re.sub(r"\b%s\b" % word, _, retVal) return retVal diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 818e118526e..016b17cc6c4 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -43,10 +43,10 @@ def tamper(payload, **kwargs): retVal += "/**/" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2dash.py b/tamper/space2dash.py index b865e60fcf3..88ccea33d6e 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -34,13 +34,23 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "--%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "--%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2hash.py b/tamper/space2hash.py index 4a8d6916dc2..cf7ac3323da 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -42,13 +42,23 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "%%23%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py index df823e70660..9db2791c9f4 100644 --- a/tamper/space2morecomment.py +++ b/tamper/space2morecomment.py @@ -40,10 +40,10 @@ def tamper(payload, **kwargs): retVal += "/**_**/" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index d6365f9b77f..a079a2ecedd 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -54,15 +54,25 @@ def process(match): retVal = "" if payload: - payload = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, payload) + payload = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, payload) + + quote, doublequote = False, False for i in xrange(len(payload)): - if payload[i].isspace(): - randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) - retVal += "%%23%s%%0A" % randomStr - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12))) + retVal += "%%23%s%%0A" % randomStr + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 0413f447413..1754e630b09 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -67,10 +67,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == '#' or payload[i:i + 3] == '-- ': diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index 49ac43a0a51..befd6966ee0 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -28,12 +28,22 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - retVal += "%23%0A" - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + retVal += "%23%0A" + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index a0891989ca6..ec5b7ffe5dc 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -57,10 +57,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index e5fb85aafab..40023493212 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -35,12 +35,22 @@ def tamper(payload, **kwargs): retVal = "" if payload: + quote, doublequote = False, False + for i in xrange(len(payload)): - if payload[i].isspace(): - retVal += "--%0A" - elif payload[i] == '#' or payload[i:i + 3] == '-- ': - retVal += payload[i:] - break + if payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): + quote = not quote + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): + doublequote = not doublequote + + if not quote and not doublequote: + if payload[i].isspace(): + retVal += "--%0A" + elif payload[i] == '#' or payload[i:i + 3] == '-- ': + retVal += payload[i:] + break + else: + retVal += payload[i] else: retVal += payload[i] diff --git a/tamper/space2plus.py b/tamper/space2plus.py index a6ec73fc093..1856b7718f0 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -38,10 +38,10 @@ def tamper(payload, **kwargs): retVal += "+" continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index cbf162ffcd9..ac86ffc4762 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -52,10 +52,10 @@ def tamper(payload, **kwargs): retVal += random.choice(blanks) continue - elif payload[i] == '\'': + elif payload[i] == '\'' and (i == 0 or payload[i - 1] != '\\'): quote = not quote - elif payload[i] == '"': + elif payload[i] == '"' and (i == 0 or payload[i - 1] != '\\'): doublequote = not doublequote elif payload[i] == ' ' and not doublequote and not quote: diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 7ab70933198..3ee8e1aca73 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -46,7 +46,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=[^\w(]|\Z)", process, retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index aea7d50e598..e53d0235ac8 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -47,7 +47,7 @@ def process(match): retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) + retVal = re.sub(r"(?:^|(?<=\W))(?P[A-Za-z_]+)(?=\W|\Z)", process, retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal