Fixes #3762

tamper/randomcase.py

@@ -41,6 +41,8 @@ def tamper(payload, **kwargs):
     'f()'
     >>> tamper('function()')
     'FuNcTiOn()'
+    >>> tamper('SELECT id FROM `user`')
+    'SeLeCt id FrOm `user`'
     """
 
     retVal = payload
@@ -49,7 +51,7 @@ def tamper(payload, **kwargs):
         for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal):
             word = match.group()
 
-            if word.upper() in kb.keywords or ("%s(" % word) in payload:
+            if (word.upper() in kb.keywords and re.search(r"(?i)[`\"\[]%s[`\"\]]" % word, retVal) is None) or ("%s(" % word) in payload:
                 while True:
                     _ = ""