sqlmap/tamper/charencode.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import string

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOWEST

def dependencies():
    pass

def tamper(payload, headers=None):
    """
    Url-encodes all characters in a given payload (not processing already
    encoded)

    Example:
        * Input: SELECT FIELD FROM%20TABLE
        * Output: %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45

    Tested against:
        * Microsoft SQL Server 2005
        * MySQL 4, 5.0 and 5.5
        * Oracle 10g
        * PostgreSQL 8.3, 8.4, 9.0

    Notes:
        * Useful to bypass very weak web application firewalls that do not
          url-decode the request before processing it through their ruleset
        * The web server will anyway pass the url-decoded version behind,
          hence it should work against any DBMS
    """

    retVal = payload

    if payload:
        retVal = ""
        i = 0

        while i < len(payload):
            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                retVal += payload[i:i+3]
                i += 3
            else:
                retVal += '%%%.2X' % ord(payload[i])
                i += 1

    return retVal
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`#!/usr/bin/env python`

			`"""`
modified homepage address 2012-07-12 21:38:03 +04:00			`Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`import string`

			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.LOWEST`

Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-07 01:04:45 +04:00			`def dependencies():`
			`pass`

Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 12:10:23 +04:00			`def tamper(payload, headers=None):`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`"""`
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-07 01:04:45 +04:00			`Url-encodes all characters in a given payload (not processing already`
			`encoded)`

			`Example:`
			`* Input: SELECT FIELD FROM%20TABLE`
			`* Output: %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45`

			`Tested against:`
			`* Microsoft SQL Server 2005`
			`* MySQL 4, 5.0 and 5.5`
			`* Oracle 10g`
			`* PostgreSQL 8.3, 8.4, 9.0`

			`Notes:`
			`* Useful to bypass very weak web application firewalls that do not`
			`url-decode the request before processing it through their ruleset`
			`* The web server will anyway pass the url-decoded version behind,`
			`hence it should work against any DBMS`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`"""`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`retVal = payload`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00
minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`if payload:`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`retVal = ""`
			`i = 0`

minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`while i < len(payload):`
minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index) 2011-07-11 13:22:29 +04:00			`if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:`
minor cosmetics on tamper scripts 2011-04-04 12:18:26 +04:00			`retVal += payload[i:i+3]`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`i += 3`
			`else:`
Minor refactoring 2012-07-24 03:21:32 +04:00			`retVal += '%%%.2X' % ord(payload[i])`
Converted from DOS format (\n\r to \n only) 2011-02-07 02:25:55 +03:00			`i += 1`

Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 12:10:23 +04:00			`return retVal`