Fallback for --randomize in case of empty value

stamparm · stamparm · commit c89c1e7abf18 · 2019-02-28T02:29:13.000+01:00
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -3947,6 +3947,9 @@ def randomizeParameterValue(value):
         parts[-1] = random.sample(RANDOMIZATION_TLDS, 1)[0]
         retVal = '.'.join(parts)
 
+    if not retVal:
+        retVal = randomStr(lowercase=True)
+
     return retVal
 
 @cachedmethod
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.2.32"
+VERSION = "1.3.2.33"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -1040,10 +1040,10 @@ def _adjustParameter(paramString, parameter, newValue):
         if conf.rParam:
             def _randomizeParameter(paramString, randomParameter):
                 retVal = paramString
-                match = re.search(r"(\A|\b)%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
+                match = re.search(r"(\A|\b)%s=(?P<value>[^&;]*)" % re.escape(randomParameter), paramString)
                 if match:
                     origValue = match.group("value")
-                    retVal = re.sub(r"(\A|\b)%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
+                    retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
                 return retVal
 
             for randomParameter in conf.rParam:
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -30,7 +30,7 @@ c1da277517c7ec4c23e953a51b51e203  lib/controller/handler.py
 fb6be55d21a70765e35549af2484f762  lib/controller/__init__.py
 ed7874be0d2d3802f3d20184f2b280d5  lib/core/agent.py
 a932126e7d80e545c5d44af178d0bc0c  lib/core/bigarray.py
-fa9741a9a530283e0071ada4ef54917e  lib/core/common.py
+9deec4762d61e057b6e069b2538bdcf8  lib/core/common.py
 de8d27ae6241163ff9e97aa9e7c51a18  lib/core/convert.py
 abcb1121eb56d3401839d14e8ed06b6e  lib/core/data.py
 00828c4455321b6987e3f882f4ef4f92  lib/core/datatype.py
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb  lib/core/readlineng.py
 7d8a22c582ad201f65b73225e4456170  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-e5ff2d732c840830f7b34635966f4727  lib/core/settings.py
+7992ca5bdf434688788659bbd586b4fc  lib/core/settings.py
 4483b4a5b601d8f1c4281071dff21ecc  lib/core/shell.py
 10fd19b0716ed261e6d04f311f6f527c  lib/core/subprocessng.py
 43772ea73e9e3d446f782af591cb4eda  lib/core/target.py
@@ -72,7 +72,7 @@ adcecd2d6a8667b22872a563eb83eac0  lib/parse/payloads.py
 e4ea70bcd461f5176867dcd89d372386  lib/request/basicauthhandler.py
 b23163d485e0dbc038cbf1ba80be11da  lib/request/basic.py
 fc25d951217077fe655ed2a3a81552ae  lib/request/comparison.py
-493bc4d43b56abec083100d52a1fffe0  lib/request/connect.py
+2b58b3ed5f3aff7025e02bb1427bc637  lib/request/connect.py
 43005bd6a78e9cf0f3ed2283a1cb122e  lib/request/direct.py
 2b7509ba38a667c61cefff036ec4ca6f  lib/request/dns.py
 ceac6b3bf1f726f8ff43c6814e9d7281  lib/request/httpshandler.py
