diff --git a/tamper/charencode.py b/tamper/charencode.py index f58830f93..87ccd3f8f 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -1,11 +1,10 @@ import re import string -from lib.core.convert import urlencode from lib.core.exception import sqlmapUnsupportedFeatureException """ -value -> urlencode of nonencoded chars in value +value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20TABLE -> %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45) """ def tamper(place, value): retVal = value diff --git a/tamper/doubleencode.py b/tamper/doubleencode.py index 6b88c5489..6ca004b03 100644 --- a/tamper/doubleencode.py +++ b/tamper/doubleencode.py @@ -4,7 +4,7 @@ from lib.core.convert import urlencode from lib.core.exception import sqlmapUnsupportedFeatureException """ -Tampering value -> urlencode(value) +Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE) """ def tamper(place, value): if value: diff --git a/tamper/dummy.py b/tamper/dummy.py deleted file mode 100644 index a924869fb..000000000 --- a/tamper/dummy.py +++ /dev/null @@ -1,6 +0,0 @@ -def tamper(place, value): - print "Hi, World!" - print value - if place=="GET" and value: - value=value.upper() - return value diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 7406b4723..df4fa4610 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -4,7 +4,7 @@ from lib.core.convert import urldecode from lib.core.convert import urlencode """ -IFNULL(A,B) -> IF(ISNULL(A),B,A) +IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1)) """ def tamper(place, value): if value and value.find("IFNULL") > -1: diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 28b5f0a52..a0f73ca0b 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -1,12 +1,11 @@ import re import string -from lib.core.convert import urlencode from lib.core.common import randomRange from lib.core.exception import sqlmapUnsupportedFeatureException """ -value -> chars from value with random case +value -> chars from value with random case (e.g., INSERT->InsERt) """ def tamper(place, value): retVal = value diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 8c9b1250a..6bbe76138 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -4,7 +4,7 @@ from lib.core.convert import urldecode from lib.core.convert import urlencode """ -' ' -> /**/ +' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users) """ def tamper(place, value): if value: