sqlmap/tamper/space2comment.py

# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.

import re

from lib.core.convert import urldecode
from lib.core.convert import urlencode

"""
' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
"""
def tamper(place, value):
    retVal = value

    if value:
        if place != "URI":
            value = urldecode(value)

        retVal = ""
        qoute, doublequote, firstspace = False, False, False

        for i in xrange(len(value)):
            if not firstspace:
                if value[i].isspace():
                    firstspace = True
                    retVal += "/**/"
                    continue

            elif value[i] == '\'':
                qoute = not qoute

            elif value[i] == '"':
                doublequote = not doublequote

            elif value[i]==" " and not doublequote and not qoute:
                retVal += "/**/"
                continue

            retVal += value[i]

        if place != "URI":
            retVal = urlencode(retVal)

    return retVal
introducing new style for copyright header 2010-10-14 18:02:43 +04:00			`# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)`
			`# See the file doc/COPYING for copying permission.`

new tampering module 2010-10-13 18:27:35 +04:00			`import re`

			`from lib.core.convert import urldecode`
			`from lib.core.convert import urlencode`

			`"""`
minor update 2010-10-14 10:20:32 +04:00			`' ' -> // (e.g., SELECT id FROM users->SELECT//id/**/FROM users)`
new tampering module 2010-10-13 18:27:35 +04:00			`"""`
			`def tamper(place, value):`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = value`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
new tampering module 2010-10-13 18:27:35 +04:00			`if value:`
			`if place != "URI":`
			`value = urldecode(value)`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00
			`retVal = ""`
			`qoute, doublequote, firstspace = False, False, False`

			`for i in xrange(len(value)):`
			`if not firstspace:`
minor bug fix 2010-10-14 15:12:03 +04:00			`if value[i].isspace():`
			`firstspace = True`
			`retVal += "/**/"`
			`continue`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`elif value[i] == '\'':`
			`qoute = not qoute`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`elif value[i] == '"':`
			`doublequote = not doublequote`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`elif value[i]==" " and not doublequote and not qoute:`
			`retVal += "/**/"`
			`continue`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal += value[i]`

new tampering module 2010-10-13 18:27:35 +04:00			`if place != "URI":`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = urlencode(retVal)`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`return retVal`