Update for #2378

Minor parse-error extension

extra/shutils/postcommit-hook.sh

@@ -13,7 +13,7 @@ then
     NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
     if [ -n "$NEW_TAG" ]
     then
-        git commit -am "Automatic monthly tagging"
+        #git commit -am "Automatic monthly tagging"
         echo "Creating new tag ${NEW_TAG}"
         git tag $NEW_TAG
         git push origin $NEW_TAG

extra/shutils/pypi.sh

@@ -107,7 +107,7 @@ If you prefer fetching daily updates, you can download sqlmap by cloning the
 
 ::
 
-    git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
+    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
 
 sqlmap works out of the box with
 `Python <http://www.python.org/download/>`__ version **2.6.x** and

lib/core/agent.py

@@ -1079,5 +1079,20 @@ class Agent(object):
 
         return query
 
+    def whereQuery(self, query):
+        if conf.dumpWhere and query:
+            prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
+
+            if "%s)" % conf.tbl.upper() in prefix.upper():
+                prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
+            elif re.search(r"(?i)\bWHERE\b", prefix):
+                prefix += " AND %s" % conf.dumpWhere
+            else:
+                prefix += " WHERE %s" % conf.dumpWhere
+
+            query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
+
+        return query
+
 # SQL agent
 agent = Agent()

lib/core/common.py

@@ -628,7 +628,7 @@ def paramToDict(place, parameters=None):
                                                     current[key] = "%s%s" % (str(value).lower(), BOUNDED_INJECTION_MARKER)
                                                 else:
                                                     current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER)
-                                                candidates["%s (%s)" % (parameter, key)] = json.dumps(deserialized)
+                                                candidates["%s (%s)" % (parameter, key)] = re.sub("(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized), parameters)
                                                 current[key] = original
 
                                 deserialized = json.loads(testableParameters[parameter])
@@ -1260,7 +1260,7 @@ def parseTargetDirect():
     remote = False
 
     for dbms in SUPPORTED_DBMS:
-        details = re.search("^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>.+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I)
+        details = re.search("^(?P<dbms>%s)://(?P<credentials>(?P<user>.+?)\:(?P<pass>.*)\@)?(?P<remote>(?P<hostname>[\w.-]+?)\:(?P<port>[\d]+)\/)?(?P<db>[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I)
 
         if details:
             conf.dbms = details.group("dbms")

lib/core/enums.py

@@ -176,6 +176,7 @@ class HTTP_HEADER:
     PROXY_CONNECTION = "Proxy-Connection"
     RANGE = "Range"
     REFERER = "Referer"
+    REFRESH = "Refresh"  # Reference: http://stackoverflow.com/a/283794
     SERVER = "Server"
     SET_COOKIE = "Set-Cookie"
     TRANSFER_ENCODING = "Transfer-Encoding"

lib/core/option.py

@@ -897,13 +897,15 @@ def _setTamperingFunctions():
         for script in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
             found = False
 
+            path = paths.SQLMAP_TAMPER_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
             script = script.strip().encode(sys.getfilesystemencoding() or UNICODE_ENCODING)
 
+            try:
                 if not script:
                     continue
 
-            elif os.path.exists(os.path.join(paths.SQLMAP_TAMPER_PATH, script if script.endswith(".py") else "%s.py" % script)):
-                script = os.path.join(paths.SQLMAP_TAMPER_PATH, script if script.endswith(".py") else "%s.py" % script)
+                elif os.path.exists(os.path.join(path, script if script.endswith(".py") else "%s.py" % script)):
+                    script = os.path.join(path, script if script.endswith(".py") else "%s.py" % script)
 
                 elif not os.path.exists(script):
                     errMsg = "tamper script '%s' does not exist" % script
@@ -912,6 +914,9 @@ def _setTamperingFunctions():
                 elif not script.endswith(".py"):
                     errMsg = "tamper script '%s' should have an extension '.py'" % script
                     raise SqlmapSyntaxException(errMsg)
+            except UnicodeDecodeError:
+                errMsg = "invalid character provided in option '--tamper'"
+                raise SqlmapSyntaxException(errMsg)
 
             dirname, filename = os.path.split(script)
             dirname = os.path.abspath(dirname)
@@ -928,7 +933,7 @@ def _setTamperingFunctions():
                 sys.path.insert(0, dirname)
 
             try:
-                module = __import__(filename[:-3])
+                module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
             except (ImportError, SyntaxError), ex:
                 raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], getSafeExString(ex)))
 
@@ -1001,7 +1006,7 @@ def _setWafFunctions():
             try:
                 if filename[:-3] in sys.modules:
                     del sys.modules[filename[:-3]]
-                module = __import__(filename[:-3])
+                module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING))
             except ImportError, msg:
                 raise SqlmapSyntaxException("cannot import WAF script '%s' (%s)" % (filename[:-3], msg))
 

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1"
+VERSION = "1.1.2.0"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -303,6 +303,7 @@ ERROR_PARSING_REGEXES = (
     r"(?m)^(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
     r"(?P<result>[^\n>]*SQL Syntax[^\n<]+)",
     r"<li>Error Type:<br>(?P<result>.+?)</li>",
+    r"CDbCommand (?P<result>[^<>\n]*SQL[^<>\n]+)",
     r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P<result>[^<>]+)",
     r"\[[^\n\]]+(ODBC|JDBC)[^\n\]]+\](\[[^\]]+\])?(?P<result>[^\n]+(in query expression|\(SQL| at /[^ ]+pdo)[^\n<]+)"
 )
@@ -587,7 +588,7 @@ BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample
 DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">"
 
 # Regular expression used for recognition of file inclusion errors
-FI_ERROR_REGEX = "(?i)[^\n]*(no such file|failed (to )?open)[^\n]*"
+FI_ERROR_REGEX = "(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}"
 
 # Length of prefix and suffix used in non-SQLI heuristic checks
 NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6

lib/core/threads.py

@@ -7,12 +7,11 @@ See the file 'doc/COPYING' for copying permission
 
 import difflib
 import random
+import thread
 import threading
 import time
 import traceback
 
-from thread import error as ThreadError
-
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -151,7 +150,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
 
             try:
                 thread.start()
-            except ThreadError, ex:
+            except thread.error, ex:
                 errMsg = "error occurred while starting new thread ('%s')" % ex.message
                 logger.critical(errMsg)
                 break

lib/parse/cmdline.py

@@ -900,6 +900,9 @@ def cmdLineParser(argv=None):
             elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):
                 dataToStdout("[!] copy-pasting illegal (non-console) quote characters from Internet is, well, illegal (%s)\n" % argv[i])
                 raise SystemExit
+            elif len(argv[i]) > 1 and u"\uff0c" in argv[i].split('=', 1)[-1]:
+                dataToStdout("[!] copy-pasting illegal (non-console) comma characters from Internet is, well, illegal (%s)\n" % argv[i])
+                raise SystemExit
             elif re.search(r"\A-\w=.+", argv[i]):
                 dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i])
                 raise SystemExit

lib/parse/configfile.py

@@ -14,13 +14,14 @@ from lib.core.common import UnicodeRawConfigParser
 from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.enums import OPTION_TYPE
 from lib.core.exception import SqlmapMissingMandatoryOptionException
 from lib.core.exception import SqlmapSyntaxException
 from lib.core.optiondict import optDict
 
 config = None
 
-def configFileProxy(section, option, boolean=False, integer=False):
+def configFileProxy(section, option, datatype):
     """
     Parse configuration file and save settings into the configuration
     advanced dictionary.
@@ -30,10 +31,12 @@ def configFileProxy(section, option, boolean=False, integer=False):
 
     if config.has_option(section, option):
         try:
-            if boolean:
+            if datatype == OPTION_TYPE.BOOLEAN:
                 value = config.getboolean(section, option) if config.get(section, option) else False
-            elif integer:
+            elif datatype == OPTION_TYPE.INTEGER:
                 value = config.getint(section, option) if config.get(section, option) else 0
+            elif datatype == OPTION_TYPE.FLOAT:
+                value = config.getfloat(section, option) if config.get(section, option) else 0.0
             else:
                 value = config.get(section, option)
         except ValueError, ex:
@@ -91,8 +94,4 @@ def configFileParser(configFile):
     for family, optionData in optDict.items():
         for option, datatype in optionData.items():
             datatype = unArrayizeValue(datatype)
-
-            boolean = datatype == "boolean"
-            integer = datatype == "integer"
-
-            configFileProxy(family, option, boolean, integer)
+            configFileProxy(family, option, datatype)

lib/request/basic.py

@@ -314,6 +314,12 @@ def decodePage(page, contentEncoding, contentType):
             page = re.sub(r"&([^;]+);", lambda _: chr(htmlEntities[_.group(1)]) if htmlEntities.get(_.group(1), 256) < 256 else _.group(0), page)
 
             kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))
+
+            if kb.pageEncoding and kb.pageEncoding.lower() == "utf-8-sig":
+                kb.pageEncoding = "utf-8"
+                if page and page.startswith("\xef\xbb\xbf"):  # Reference: https://docs.python.org/2/library/codecs.html (Note: noticed problems when "utf-8-sig" is left to Python for handling)
+                    page = page[3:]
+
             page = getUnicode(page, kb.pageEncoding)
 
             # e.g. &#8217;&#8230;&#8482;
@@ -363,7 +369,7 @@ def processResponse(page, responseHeaders):
                         if readInput(msg, default='N').strip().upper() != 'Y':
                             continue
                         conf.paramDict[PLACE.POST][name] = value
-                conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % name, r"\g<1>%s" % value, conf.parameters[PLACE.POST])
+                conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST])
 
     if not kb.captchaDetected and re.search(r"(?i)captcha", page or ""):
         for match in re.finditer(r"(?si)<form.+?</form>", page):

lib/request/connect.py

@@ -475,7 +475,7 @@ class Connect(object):
                     return conn, None, None
 
                 # Get HTTP response
-                if hasattr(conn, 'redurl'):
+                if hasattr(conn, "redurl"):
                     page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
                     else Connect._connReadProxy(conn)) if not skipRead else None
                     skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
@@ -491,12 +491,16 @@ class Connect(object):
 
             kb.connErrorCounter = 0
 
-            if extractRegexResult(META_REFRESH_REGEX, page) and not refreshing:
+            if not refreshing:
+                refresh = responseHeaders.get(HTTP_HEADER.REFRESH, "").split("url=")[-1].strip()
+
+                if extractRegexResult(META_REFRESH_REGEX, page):
                     refresh = extractRegexResult(META_REFRESH_REGEX, page)
 
                     debugMsg = "got HTML meta refresh header"
                     logger.debug(debugMsg)
 
+                if refresh:
                     if kb.alwaysRefresh is None:
                         msg = "sqlmap got a refresh request "
                         msg += "(redirect like response common to login pages). "
@@ -513,10 +517,10 @@ class Connect(object):
                             url = urlparse.urljoin(url, refresh)
 
                         threadData.lastRedirectMsg = (threadData.lastRequestUID, page)
-                    kwargs['refreshing'] = True
-                    kwargs['url'] = url
-                    kwargs['get'] = None
-                    kwargs['post'] = None
+                        kwargs["refreshing"] = True
+                        kwargs["url"] = url
+                        kwargs["get"] = None
+                        kwargs["post"] = None
 
                         try:
                             return Connect._getPageProxy(**kwargs)

lib/utils/api.py

@@ -6,6 +6,7 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """
 
+import contextlib
 import logging
 import os
 import re
@@ -163,6 +164,8 @@ class Task(object):
     def engine_start(self):
         if os.path.exists("sqlmap.py"):
             self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
+        elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")):
+            self.process = Popen(["python", "sqlmap.py", "--pickled-options", base64pickle(self.options)], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)
         else:
             self.process = Popen(["sqlmap", "--pickled-options", base64pickle(self.options)], shell=False, close_fds=not IS_WIN)
 
@@ -646,6 +649,11 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
     DataStore.admin_id = hexencode(os.urandom(16))
     Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)[1]
 
+    if port == 0:  # random
+        with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s:
+            s.bind((host, 0))
+            port = s.getsockname()[1]
+
     logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port))
     logger.info("Admin ID: %s" % DataStore.admin_id)
     logger.debug("IPC database: %s" % Database.filepath)

lib/utils/pivotdumptable.py

@@ -41,7 +41,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
 
     if count is None:
         query = dumpNode.count % table
-        query = whereQuery(query)
+        query = agent.whereQuery(query)
         count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)
 
     if isinstance(count, basestring) and count.isdigit():
@@ -91,7 +91,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
             logger.info(infoMsg)
 
             query = dumpNode.count2 % (column, table)
-            query = whereQuery(query)
+            query = agent.whereQuery(query)
             value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
 
             if isNumPosStrValue(value):
@@ -125,7 +125,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
         else:
             query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False))
 
-        query = whereQuery(query)
+        query = agent.whereQuery(query)
         return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
 
     try:
@@ -179,18 +179,3 @@ def pivotDumpTable(table, colList, count=None, blind=True):
         logger.critical(errMsg)
 
     return entries, lengths
-
-def whereQuery(query):
-    if conf.dumpWhere and query:
-        prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
-
-        if "%s)" % conf.tbl.upper() in prefix.upper():
-            prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
-        elif re.search(r"(?i)\bWHERE\b", prefix):
-            prefix += " AND %s" % conf.dumpWhere
-        else:
-            prefix += " WHERE %s" % conf.dumpWhere
-
-        query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
-
-    return query

plugins/generic/entries.py

@@ -43,7 +43,6 @@ from lib.core.settings import NULL
 from lib.request import inject
 from lib.utils.hash import attackDumpedTable
 from lib.utils.pivotdumptable import pivotDumpTable
-from lib.utils.pivotdumptable import whereQuery
 
 class Entries:
     """
@@ -190,7 +189,7 @@ class Entries:
                     else:
                         query = rootQuery.inband.query % (colString, conf.db, tbl)
 
-                    query = whereQuery(query)
+                    query = agent.whereQuery(query)
 
                     if not entries and query:
                         entries = inject.getValue(query, blind=False, time=False, dump=True)
@@ -244,7 +243,7 @@ class Entries:
                     else:
                         query = rootQuery.blind.count % (conf.db, tbl)
 
-                    query = whereQuery(query)
+                    query = agent.whereQuery(query)
 
                     count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
 
@@ -329,7 +328,7 @@ class Entries:
                                     elif Backend.isDbms(DBMS.INFORMIX):
                                         query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl, sorted(colList, key=len)[0])
 
-                                    query = whereQuery(query)
+                                    query = agent.whereQuery(query)
 
                                     value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True)
                                     value = '' if value is None else value

plugins/generic/filesystem.py

@@ -120,6 +120,8 @@ class Filesystem:
         back-end DBMS underlying file system
         """
 
+        checkFile(fileName)
+
         with open(fileName, "rb") as f:
             content = f.read()
 

tamper/space2morecomment.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces space character (' ') with comments '/**_**/'
+
+    Tested against:
+        * MySQL 5.0 and 5.5
+
+    Notes:
+        * Useful to bypass weak and bespoke web application firewalls
+
+    >>> tamper('SELECT id FROM users')
+    'SELECT/**_**/id/**_**/FROM/**_**/users'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        quote, doublequote, firstspace = False, False, False
+
+        for i in xrange(len(payload)):
+            if not firstspace:
+                if payload[i].isspace():
+                    firstspace = True
+                    retVal += "/**_**/"
+                    continue
+
+            elif payload[i] == '\'':
+                quote = not quote
+
+            elif payload[i] == '"':
+                doublequote = not doublequote
+
+            elif payload[i] == " " and not doublequote and not quote:
+                retVal += "/**_**/"
+                continue
+
+            retVal += payload[i]
+
+    return retVal

txt/checksum.md5

@@ -24,9 +24,9 @@ c55b400b72acc43e0e59c87dd8bb8d75  extra/shellcodeexec/windows/shellcodeexec.x32.
 10edc8d1057e89c145218d4c5ccaaa31  lib/controller/controller.py
 b3eec7f44bcc5d784d171a187b7fe8cb  lib/controller/handler.py
 310efc965c862cfbd7b0da5150a5ad36  lib/controller/__init__.py
-178066b5737f0e719cbf9271051559a2  lib/core/agent.py
+19905ecb4437b94512cf21d5f1720091  lib/core/agent.py
 6cc95a117fbd34ef31b9aa25520f0e31  lib/core/bigarray.py
-445bd2c2fe0dcca0dd3aab87eb3839d3  lib/core/common.py
+9ca4206c06f8a2a859b076ab7520c3ea  lib/core/common.py
 5065a4242a8cccf72f91e22e1007ae63  lib/core/convert.py
 a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 7936d78b1a7f1f008ff92bf2f88574ba  lib/core/datatype.py
@@ -34,30 +34,30 @@ a8143dab9d3a27490f7d49b6b29ea530  lib/core/data.py
 47eecd5499eaa15e931793e1d1ac3566  lib/core/defaults.py
 4029f6869b36eb5f796c2bcc948f4fae  lib/core/dicts.py
 77edcfd3d7c5522bb64baf59ac23a047  lib/core/dump.py
-0c0f18761e9bb61d289bfa884dcd7dbd  lib/core/enums.py
+18554d2eafd721a2b92dcfd202b9a0ab  lib/core/enums.py
 9381a0c7e8bc19986299e84f4edda1a0  lib/core/exception.py
 310efc965c862cfbd7b0da5150a5ad36  lib/core/__init__.py
 9ba39bf66e9ecd469446bdbbeda906c3  lib/core/log.py
 e544108e2238d756c94a240e8a1ce061  lib/core/optiondict.py
-44a61841bcd0bafc4151e31d5a14287d  lib/core/option.py
+42b491edce8822786c32f77a9b7fe5be  lib/core/option.py
 5f2f56e6c5f274408df61943f1e080c0  lib/core/profiling.py
 40be71cd774662a7b420caeb7051e7d5  lib/core/readlineng.py
 d8e9250f3775119df07e9070eddccd16  lib/core/replication.py
 785f86e3f963fa3798f84286a4e83ff2  lib/core/revision.py
 40c80b28b3a5819b737a5a17d4565ae9  lib/core/session.py
-75d8ca625f08e39702965b2b3569b5d8  lib/core/settings.py
+689a9339741e81a2c460fc794c978163  lib/core/settings.py
 d91291997d2bd2f6028aaf371bf1d3b6  lib/core/shell.py
 2ad85c130cc5f2b3701ea85c2f6bbf20  lib/core/subprocessng.py
 afd0636d2e93c23f4f0a5c9b6023ea17  lib/core/target.py
 8970b88627902239d695280b1160e16c  lib/core/testing.py
-ce5578a2e6b25dc6fd115133f92e0643  lib/core/threads.py
+1504e8c6bdd69edc17b5f240eaa73fb2  lib/core/threads.py
 ad74fc58fc7214802fd27067bce18dd2  lib/core/unescaper.py
 1f1fa616b5b19308d78c610ec8046399  lib/core/update.py
 4d13ed693401a498b6d073a2a494bd83  lib/core/wordlist.py
 310efc965c862cfbd7b0da5150a5ad36  lib/__init__.py
 8c4b04062db2245d9e190b413985202a  lib/parse/banner.py
-7af43d486b7183862b932218ed4c988d  lib/parse/cmdline.py
-1a71306c965d563ae2d01e4c48646030  lib/parse/configfile.py
+9b12924e9da625f97b7ec87773214000  lib/parse/cmdline.py
+3a31657bc38f277d0016ff6d50bde61f  lib/parse/configfile.py
 14539f1be714d4f1ed042067d63bc50a  lib/parse/handler.py
 64e5bb3ecbdd75144500588b437ba8da  lib/parse/headers.py
 165dc27660c8559318009d44354f27cb  lib/parse/html.py
@@ -65,9 +65,9 @@ ad74fc58fc7214802fd27067bce18dd2  lib/core/unescaper.py
 0b010b7cdb2e42b5aa0caa59607279ad  lib/parse/payloads.py
 a0444cc351cd6d29015ad16d9eb46ff4  lib/parse/sitemap.py
 403d873f1d2fd0c7f73d83f104e41850  lib/request/basicauthhandler.py
-c347898f7b2e3d59d0a108b16b0542a3  lib/request/basic.py
+6d04ee525e75bf0082e9f1f6d8506546  lib/request/basic.py
 4e89d0e13de2eb3576f5412b21e9b648  lib/request/comparison.py
-30d7b0df341762c5aa7aab537878ce05  lib/request/connect.py
+9853a53cc7dd567b74e04bb2acadb7fe  lib/request/connect.py
 fb6b788d0016ab4ec5e5f661f0f702ad  lib/request/direct.py
 cc1163d38e9b7ee5db2adac6784c02bb  lib/request/dns.py
 5dcdb37823a0b5eff65cd1018bcf09e4  lib/request/httpshandler.py
@@ -99,7 +99,7 @@ d3da4c7ceaf57c4687a052d58722f6bb  lib/techniques/dns/use.py
 310efc965c862cfbd7b0da5150a5ad36  lib/techniques/union/__init__.py
 4bed3ed51faad9b910899cacf56e8eac  lib/techniques/union/test.py
 8cd5655c60a638caa30ca1220896aeda  lib/techniques/union/use.py
-b3afde39a56dd767f5338ba6464b9f43  lib/utils/api.py
+2503710e4b6316e40ddde872d5bbd04a  lib/utils/api.py
 6842092e1d27b71d28acd0e421f90693  lib/utils/crawler.py
 ba12c69a90061aa14d848b8396e79191  lib/utils/deps.py
 3b9fd519164e0bf275d5fd361c3f11ff  lib/utils/getch.py
@@ -107,7 +107,7 @@ ccfdad414ce2ec0c394c3deaa39a82bf  lib/utils/hashdb.py
 aff7355d582fc6c00a675eeee2a5217a  lib/utils/hash.py
 e76a08237ee6a4cd6855af79610ea8a5  lib/utils/htmlentities.py
 310efc965c862cfbd7b0da5150a5ad36  lib/utils/__init__.py
-8e4ecc5e5bd8a5c7e2ad0a940cb1a5b1  lib/utils/pivotdumptable.py
+9d8c858417d356e49e1959ba253aede4  lib/utils/pivotdumptable.py
 8520a745c9b4db3814fe46f4c34c6fbc  lib/utils/progress.py
 2c3638d499f3c01c34187e531f77d004  lib/utils/purge.py
 2da1b35339667646e51101adaa1dfc32  lib/utils/search.py
@@ -203,9 +203,9 @@ a7f4d3a194f52fbb4fb4488be41273b1  plugins/dbms/sybase/enumeration.py
 1f46f2eac95cfdc3fa150ec5b0500eba  plugins/generic/connector.py
 a8f9d0516509e9e4226516ab4f13036a  plugins/generic/custom.py
 3b54fd65feb9f70c551d315e82653384  plugins/generic/databases.py
-085f839221138aa7931bd94c33a32768  plugins/generic/entries.py
+45c32855126546a0d9936ecdc943ab3f  plugins/generic/entries.py
 55802d1d5d65938414c77ccc27731cab  plugins/generic/enumeration.py
-b6666109aa6882ca9c526d615c1bcde3  plugins/generic/filesystem.py
+bc32b21a3ab5421b5307ff7317256229  plugins/generic/filesystem.py
 feca57a968c528a2fe3ccafbc83a17f8  plugins/generic/fingerprint.py
 310efc965c862cfbd7b0da5150a5ad36  plugins/generic/__init__.py
 8fd5913823e97e21a8eea717cd12fc96  plugins/generic/misc.py
@@ -259,6 +259,7 @@ a3a0e76922b4f40f422a0daca4e71af3  tamper/htmlencode.py
 a8a0e2150de7c7dc473f74474db857ad  tamper/space2comment.py
 8728a16a1ae0603c6d835162cc03ab96  tamper/space2dash.py
 6cc1afaeb47723886e492454e75d7b7f  tamper/space2hash.py
+b2331640743170f82be9a8c27f65b206  tamper/space2morecomment.py
 507a174c64345df8df003ddba93c8cd1  tamper/space2morehash.py
 0ce89b0d602abbd64344ab038be8acbc  tamper/space2mssqlblank.py
 fa66af20648b5538289748abe7a08fe6  tamper/space2mssqlhash.py
@@ -428,6 +429,7 @@ d4fbb2af37ad3ade3118668f2b516693  waf/requestvalidationmode.py
 c1062e5c165cdaeca51113e60973afb2  waf/sophos.py
 e909c359a9181e64271e6c7c8347fe15  waf/stingray.py
 33f3bdac403519a1f96fb9015680c575  waf/sucuri.py
+507f7c1019afd1c45c76bbcd179ddfe9  waf/tencent.py
 3de96df7edeae2f21ba7b9d77c90f4d6  waf/teros.py
 d428df1e83a6fac9d8dbc90d6b5dab20  waf/trafficshield.py
 385c84908b482c7f0fe93262ab5320fa  waf/urlscan.py

waf/tencent.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, _, code = get_page(get=vector)
+        retval = code == 405 and "waf.tencent-cloud.com" in (page or "")
+        if retval:
+            break
+
+    return retval