PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-21 15:09:03 +00:00
Code Issues Projects Releases Wiki Activity

Fallback for --randomize in case of empty value

Browse Source
This commit is contained in:
Miroslav Stampar
2019-02-28 02:29:13 +01:00
parent 9ba4da8820
commit c89c1e7abf
4 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/common.py
View File

@@ -3947,6 +3947,9 @@ def randomizeParameterValue(value):
parts[-1] = random.sample(RANDOMIZATION_TLDS, 1)[0]
retVal = '.'.join(parts)
if not retVal:
retVal = randomStr(lowercase=True)
return retVal
@cachedmethod

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.2.32"
VERSION = "1.3.2.33"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

4
lib/request/connect.py
View File

@@ -1040,10 +1040,10 @@ class Connect(object):
if conf.rParam:
def _randomizeParameter(paramString, randomParameter):
retVal = paramString
match = re.search(r"(\A|\b)%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
match = re.search(r"(\A|\b)%s=(?P<value>[^&;]*)" % re.escape(randomParameter), paramString)
if match:
origValue = match.group("value")
retVal = re.sub(r"(\A|\b)%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
return retVal
for randomParameter in conf.rParam: