update of tampering modules

2024-11-22 09:36:35 +03:00 · 2010-10-13 19:51:10 +00:00 · 2010-10-13 19:51:10 +00:00 · 1b3b916587
commit 1b3b916587
parent f700692c74
4 changed files with 54 additions and 6 deletions
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@ -0,0 +1,25 @@
+import re
+import string
+
+from lib.core.convert import urlencode
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+"""
+value -> urlencode of nonencoded chars in value
+"""
+def tamper(place, value):
+    retVal = value
+    if value:
+        if place != "URI":
+            retVal = ""
+            i = 0
+            while i < len(value):
+                if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
+                    retVal += value[i:i+3]
+                    i += 3
+                else:
+                    retVal += '%%%X' % ord(value[i])
+                    i += 1
+        else:
+            raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
+    return retVal
--- a/tamper/ifnull2ifisnull.py
+++ b/tamper/ifnull2ifisnull.py
@ -4,7 +4,7 @@ from lib.core.convert import urldecode
 from lib.core.convert import urlencode

 """
-Tampering IFNULL(A,B) -> IF(ISNULL(A),B,A)
+IFNULL(A,B) -> IF(ISNULL(A),B,A)
 """
 def tamper(place, value):
    if value and value.find("IFNULL") > -1:
@ -25,10 +25,13 @@ def tamper(place, value):
                    deepness += 1
                elif value[i] == ')':
                    deepness -= 1
+            if comma and end:
                A = value[index + len("IFNULL("):comma]
                B = value[comma + 1:end]
                newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
                value = value[:index] + newVal + value[end+1:]
+            else:
+                break
        if place != "URI":
            value = urlencode(value)
    return value
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -0,0 +1,20 @@
+import re
+import string
+
+from lib.core.convert import urlencode
+from lib.core.common import randomRange
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+"""
+value -> random case of chars in value
+"""
+def tamper(place, value):
+    retVal = value
+    if value:
+        retVal = ""
+        for i in xrange(len(value)):
+            if value[i].isalpha():
+                retVal += value[i].upper() if randomRange(0,1) else value[i].lower()
+            else:
+                retVal += value[i]
+    return retVal
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@ -4,7 +4,7 @@ from lib.core.convert import urldecode
 from lib.core.convert import urlencode

 """
-Tampering ' ' -> /**/
+' ' -> /**/
 """
 def tamper(place, value):
    if value: