sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-11 16:43:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for a tamper script (in some cases comments were not inserted)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-07-31 09:52:10 +02:00
parent eaacbe0b12
commit 02da417b23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tamper/randomcomments.py
View File

@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
retVal = payload retVal = payload
if payload: if payload:
for match in re.finditer(r"[A-Za-z_]+", payload): for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
word = match.group() word = match.group()
if len(word) < 2: if len(word) < 2:
@ -39,6 +39,11 @@ def tamper(payload, **kwargs):
_ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i]) _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])
_ += word[-1] _ += word[-1]
if "/**/" not in _:
index = randomRange(1, len(word) - 1)
_ = word[:index] + "/**/" + word[index:]
retVal = retVal.replace(word, _) retVal = retVal.replace(word, _)
return retVal return retVal