sqlmap/tamper/symboliclogical.py

32 lines
623 B
Python
Raw Normal View History

2015-05-29 00:49:44 +03:00
#!/usr/bin/env python
"""
2019-01-05 23:38:52 +03:00
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
2015-05-29 00:49:44 +03:00
"""
import re
2018-10-02 15:07:14 +03:00
import urllib
2015-05-29 00:49:44 +03:00
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)
>>> tamper("1 AND '1'='1")
"1 %26%26 '1'='1"
2015-05-29 00:49:44 +03:00
"""
retVal = payload
if payload:
2018-10-02 15:07:14 +03:00
retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload))
2015-05-29 00:49:44 +03:00
return retVal