2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2016-09-15 18:58:37 +03:00
|
|
|
|
|
|
|
|
"""
|
2024-01-04 01:11:52 +03:00
|
|
|
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2016-09-15 18:58:37 +03:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
|
|
from lib.core.enums import PRIORITY
|
|
|
|
|
|
|
|
|
|
__priority__ = PRIORITY.LOW
|
|
|
|
|
|
|
|
|
|
def dependencies():
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
def tamper(payload, **kwargs):
|
|
|
|
|
"""
|
2018-07-31 02:17:11 +03:00
|
|
|
HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
|
2016-09-15 18:58:37 +03:00
|
|
|
|
|
|
|
|
>>> tamper("1' AND SLEEP(5)#")
|
|
|
|
|
'1' AND SLEEP(5)#'
|
2022-10-17 13:21:47 +03:00
|
|
|
>>> tamper("1' AND SLEEP(5)#")
|
|
|
|
|
'1' AND SLEEP(5)#'
|
2016-09-15 18:58:37 +03:00
|
|
|
"""
|
|
|
|
|
|
2022-10-17 13:21:47 +03:00
|
|
|
if payload:
|
|
|
|
|
payload = re.sub(r"&#(\d+);", lambda match: chr(int(match.group(1))), payload) # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5203
|
|
|
|
|
payload = re.sub(r"[^\w]", lambda match: "&#%d;" % ord(match.group(0)), payload)
|
|
|
|
|
|
|
|
|
|
return payload
|
