added new tamper script by request

2024-11-22 09:36:35 +03:00 · 2011-06-09 09:01:54 +00:00 · 2011-06-09 09:01:54 +00:00 · 083a5535eb
commit 083a5535eb
parent fae089646b
1 changed files with 29 additions and 0 deletions
--- a/tamper/apostrophemask.py
+++ b/tamper/apostrophemask.py
@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import string
+
+from lib.core.enums import PRIORITY
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+__priority__ = PRIORITY.LOWEST
+
+def tamper(payload):
+    """
+    Replaces apostrophe character with it's UTF8 fullwidth counterpart
+    Example: "AND '1'='1'" becomes "AND %EF%BC%871%EF%BC%87=%EF%BC%871%EF%BC%87"
+    Reference: http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = payload.replace('\'', '%EF%BC%87')
+
+    return retVal