Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0bc5069

Browse files
committed
Implements #3834
1 parent bd1ea4f commit 0bc5069

4 files changed

Lines changed: 25 additions & 6 deletions

File tree

lib/core/common.py

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4868,6 +4868,8 @@ def zeroDepthSearch(expression, value):
48684868
48694869
>>> _ = "SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL"; _[zeroDepthSearch(_, "FROM")[0]:]
48704870
'FROM DUAL'
4871+
>>> _ = "a(b; c),d;e"; _[zeroDepthSearch(_, "[;, ]")[0]:]
4872+
',d;e'
48714873
"""
48724874

48734875
retVal = []
@@ -4878,8 +4880,13 @@ def zeroDepthSearch(expression, value):
48784880
depth += 1
48794881
elif expression[index] == ')':
48804882
depth -= 1
4881-
elif depth == 0 and expression[index:index + len(value)] == value:
4882-
retVal.append(index)
4883+
elif depth == 0:
4884+
found = False
4885+
if value.startswith('[') and value.endswith(']'):
4886+
if re.search(value, expression[index:index + 1]):
4887+
retVal.append(index)
4888+
elif expression[index:index + len(value)] == value:
4889+
retVal.append(index)
48834890

48844891
return retVal
48854892

lib/core/option.py

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1583,8 +1583,17 @@ def _cleanupOptions():
15831583
conf.user = conf.user.replace(" ", "")
15841584

15851585
if conf.rParam:
1586-
conf.rParam = conf.rParam.replace(" ", "")
1587-
conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)
1586+
if all(_ in conf.rParam for _ in ('=', ',')):
1587+
original = conf.rParam
1588+
conf.rParam = []
1589+
for part in original.split(';'):
1590+
if '=' in part:
1591+
left, right = part.split('=', 1)
1592+
conf.rParam.append(left)
1593+
kb.randomPool[left] = filterNone(_.strip() for _ in right.split(','))
1594+
else:
1595+
conf.rParam = conf.rParam.replace(" ", "")
1596+
conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)
15881597
else:
15891598
conf.rParam = []
15901599

@@ -1946,6 +1955,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
19461955
kb.processUserMarks = None
19471956
kb.proxyAuthHeader = None
19481957
kb.queryCounter = 0
1958+
kb.randomPool = {}
19491959
kb.redirectChoice = None
19501960
kb.reflectiveMechanism = True
19511961
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0}

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.3.7.36"
21+
VERSION = "1.3.7.37"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/connect.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
import binascii
99
import logging
10+
import random
1011
import re
1112
import socket
1213
import string
@@ -1102,7 +1103,8 @@ def _randomizeParameter(paramString, randomParameter):
11021103
match = re.search(r"(\A|\b)%s=(?P<value>[^&;]*)" % re.escape(randomParameter), paramString)
11031104
if match:
11041105
origValue = match.group("value")
1105-
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
1106+
newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]
1107+
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, newValue), paramString)
11061108
return retVal
11071109

11081110
for randomParameter in conf.rParam:

0 commit comments

Comments
 (0)