From 1b3b916587a2f9be1c7c82db51cc52aa34ee689d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Oct 2010 19:51:10 +0000 Subject: [PATCH] update of tampering modules --- tamper/charencode.py | 25 +++++++++++++++++++++++++ tamper/ifnull2ifisnull.py | 13 ++++++++----- tamper/randomcase.py | 20 ++++++++++++++++++++ tamper/space2comment.py | 2 +- 4 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 tamper/charencode.py create mode 100644 tamper/randomcase.py diff --git a/tamper/charencode.py b/tamper/charencode.py new file mode 100644 index 000000000..79fd03789 --- /dev/null +++ b/tamper/charencode.py @@ -0,0 +1,25 @@ +import re +import string + +from lib.core.convert import urlencode +from lib.core.exception import sqlmapUnsupportedFeatureException + +""" +value -> urlencode of nonencoded chars in value +""" +def tamper(place, value): + retVal = value + if value: + if place != "URI": + retVal = "" + i = 0 + while i < len(value): + if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits: + retVal += value[i:i+3] + i += 3 + else: + retVal += '%%%X' % ord(value[i]) + i += 1 + else: + raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections" + return retVal diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 4c43bc927..7406b4723 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -4,7 +4,7 @@ from lib.core.convert import urldecode from lib.core.convert import urlencode """ -Tampering IFNULL(A,B) -> IF(ISNULL(A),B,A) +IFNULL(A,B) -> IF(ISNULL(A),B,A) """ def tamper(place, value): if value and value.find("IFNULL") > -1: @@ -25,10 +25,13 @@ def tamper(place, value): deepness += 1 elif value[i] == ')': deepness -= 1 - A = value[index + len("IFNULL("):comma] - B = value[comma + 1:end] - newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A) - value = value[:index] + newVal + value[end+1:] + if comma and end: + A = value[index + len("IFNULL("):comma] + B = value[comma + 1:end] + newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A) + value = value[:index] + newVal + value[end+1:] + else: + break if place != "URI": value = urlencode(value) return value diff --git a/tamper/randomcase.py b/tamper/randomcase.py new file mode 100644 index 000000000..35ba51120 --- /dev/null +++ b/tamper/randomcase.py @@ -0,0 +1,20 @@ +import re +import string + +from lib.core.convert import urlencode +from lib.core.common import randomRange +from lib.core.exception import sqlmapUnsupportedFeatureException + +""" +value -> random case of chars in value +""" +def tamper(place, value): + retVal = value + if value: + retVal = "" + for i in xrange(len(value)): + if value[i].isalpha(): + retVal += value[i].upper() if randomRange(0,1) else value[i].lower() + else: + retVal += value[i] + return retVal diff --git a/tamper/space2comment.py b/tamper/space2comment.py index e07a9c64e..9d64d095e 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -4,7 +4,7 @@ from lib.core.convert import urldecode from lib.core.convert import urlencode """ -Tampering ' ' -> /**/ +' ' -> /**/ """ def tamper(place, value): if value: