Fixes #3762

stamparm · stamparm · commit 797bc7b75f8d · 2019-06-17T14:59:48.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.6.44"
+VERSION = "1.3.6.45"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
@@ -41,6 +41,8 @@ def tamper(payload, **kwargs):
     'f()'
     >>> tamper('function()')
     'FuNcTiOn()'
+    >>> tamper('SELECT id FROM `user`')
+    'SeLeCt id FrOm `user`'
     """
 
     retVal = payload
@@ -49,7 +51,7 @@ def tamper(payload, **kwargs):
         for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal):
             word = match.group()
 
-            if word.upper() in kb.keywords or ("%s(" % word) in payload:
+            if (word.upper() in kb.keywords and re.search(r"(?i)[`\"\[]%s[`\"\]]" % word, retVal) is None) or ("%s(" % word) in payload:
                 while True:
                     _ = ""
 
