mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
update of tampering modules
This commit is contained in:
parent
f700692c74
commit
1b3b916587
25
tamper/charencode.py
Normal file
25
tamper/charencode.py
Normal file
|
@ -0,0 +1,25 @@
|
|||
import re
|
||||
import string
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
"""
|
||||
value -> urlencode of nonencoded chars in value
|
||||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = ""
|
||||
i = 0
|
||||
while i < len(value):
|
||||
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
|
||||
retVal += value[i:i+3]
|
||||
i += 3
|
||||
else:
|
||||
retVal += '%%%X' % ord(value[i])
|
||||
i += 1
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
|
||||
return retVal
|
|
@ -4,7 +4,7 @@ from lib.core.convert import urldecode
|
|||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
Tampering IFNULL(A,B) -> IF(ISNULL(A),B,A)
|
||||
IFNULL(A,B) -> IF(ISNULL(A),B,A)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
if value and value.find("IFNULL") > -1:
|
||||
|
@ -25,10 +25,13 @@ def tamper(place, value):
|
|||
deepness += 1
|
||||
elif value[i] == ')':
|
||||
deepness -= 1
|
||||
A = value[index + len("IFNULL("):comma]
|
||||
B = value[comma + 1:end]
|
||||
newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
|
||||
value = value[:index] + newVal + value[end+1:]
|
||||
if comma and end:
|
||||
A = value[index + len("IFNULL("):comma]
|
||||
B = value[comma + 1:end]
|
||||
newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
|
||||
value = value[:index] + newVal + value[end+1:]
|
||||
else:
|
||||
break
|
||||
if place != "URI":
|
||||
value = urlencode(value)
|
||||
return value
|
||||
|
|
20
tamper/randomcase.py
Normal file
20
tamper/randomcase.py
Normal file
|
@ -0,0 +1,20 @@
|
|||
import re
|
||||
import string
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
"""
|
||||
value -> random case of chars in value
|
||||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
if value:
|
||||
retVal = ""
|
||||
for i in xrange(len(value)):
|
||||
if value[i].isalpha():
|
||||
retVal += value[i].upper() if randomRange(0,1) else value[i].lower()
|
||||
else:
|
||||
retVal += value[i]
|
||||
return retVal
|
|
@ -4,7 +4,7 @@ from lib.core.convert import urldecode
|
|||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
Tampering ' ' -> /**/
|
||||
' ' -> /**/
|
||||
"""
|
||||
def tamper(place, value):
|
||||
if value:
|
||||
|
|
Loading…
Reference in New Issue
Block a user