sqlmap/tamper/randomcase.py

39 lines
1003 B
Python
Raw Normal View History

2010-10-14 18:05:05 +04:00
#!/usr/bin/env python
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
2010-10-13 23:51:10 +04:00
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
2010-10-13 23:51:10 +04:00
"""
2010-10-14 10:20:32 +04:00
value -> chars from value with random case (e.g., INSERT->InsERt)
2010-10-13 23:51:10 +04:00
"""
def tamper(place, value):
retVal = value
2010-10-13 23:51:10 +04:00
if value:
if place != "URI":
retVal = urldecode(retVal)
for match in re.finditer(r"[A-Za-z_]+", retVal):
word = match.group()
if word.upper() in kb.keywords:
newWord = str()
for i in xrange(len(word)):
newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
retVal = retVal.replace(word, newWord)
if place != "URI":
retVal = urlencode(retVal)
2010-10-13 23:51:10 +04:00
return retVal