Bug fix for tamper script equaltolike (has been doing problems when used with MsSQL)

This commit is contained in:
Miroslav Stampar 2015-09-22 14:32:52 +02:00
parent 058f63a050
commit 158ae501c1

View File

@ -35,15 +35,10 @@ def tamper(payload, **kwargs):
'SELECT * FROM users WHERE id LIKE 1' 'SELECT * FROM users WHERE id LIKE 1'
""" """
def process(match):
word = match.group()
word = "%sLIKE%s" % (" " if word[0] != " " else "", " " if word[-1] != " " else "")
return word
retVal = payload retVal = payload
if payload: if payload:
retVal = re.sub(r"\s*=\s*", lambda match: process(match), retVal) for regex, subst in ((r"\s+=\s+", " LIKE "), (r"\s+=", " LIKE"), (r"=\s+", "LIKE ")):
retVal = re.sub(regex, subst, retVal)
return retVal return retVal