diff --git a/tamper/between.py b/tamper/between.py index 89c97f902..2f7869da7 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -11,39 +11,39 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST -def tamper(value): +def tamper(payload): """ Replaces '>' with 'NOT BETWEEN 0 AND #' Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B' """ - retVal = value + retVal = payload - if value: + if payload: retVal = "" quote, doublequote, firstspace = False, False, False - for i in xrange(len(value)): + for i in xrange(len(payload)): if not firstspace: - if value[i].isspace(): + if payload[i].isspace(): firstspace = True retVal += " " continue - elif value[i] == '\'': + elif payload[i] == '\'': quote = not quote - elif value[i] == '"': + elif payload[i] == '"': doublequote = not doublequote - elif value[i] == ">" and not doublequote and not quote: - retVal += " " if i > 0 and not value[i-1].isspace() else "" + elif payload[i] == ">" and not doublequote and not quote: + retVal += " " if i > 0 and not payload[i-1].isspace() else "" retVal += "NOT BETWEEN 0 AND" - retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else "" + retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else "" continue - retVal += value[i] + retVal += payload[i] return retVal diff --git a/tamper/charencode.py b/tamper/charencode.py index ebf449fc1..751abefdc 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -14,24 +14,24 @@ from lib.core.exception import sqlmapUnsupportedFeatureException __priority__ = PRIORITY.LOWEST -def tamper(value): +def tamper(payload): """ - Urlencodes all characters in a given value (not processing already encoded) + Urlencodes all characters in a given payload (not processing already encoded) Example: 'SELECT FIELD FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45' """ - retVal = value + retVal = payload - if value: + if payload: retVal = "" i = 0 - while i < len(value): - if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits: - retVal += value[i:i+3] + while i < len(payload): + if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits: + retVal += payload[i:i+3] i += 3 else: - retVal += '%%%X' % ord(value[i]) + retVal += '%%%X' % ord(payload[i]) i += 1 return retVal diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index 5c1d19662..42726178a 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -14,24 +14,24 @@ from lib.core.exception import sqlmapUnsupportedFeatureException __priority__ = PRIORITY.LOWEST -def tamper(value): +def tamper(payload): """ - Replaces value with unicode-urlencode of non-encoded chars in value (not processing already encoded) + Replaces payload with unicode-urlencode of non-encoded chars in payload (not processing already encoded) Example: 'SELECT FIELD%20FROM TABLE' becomes '%u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045' """ - retVal = value + retVal = payload - if value: + if payload: retVal = "" i = 0 - while i < len(value): - if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits: - retVal += "%%u00%s" % value[i+1:i+3] + while i < len(payload): + if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits: + retVal += "%%u00%s" % payload[i+1:i+3] i += 3 else: - retVal += '%%u00%X' % ord(value[i]) + retVal += '%%u00%X' % ord(payload[i]) i += 1 return retVal diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 0d549a4e9..79bae2a2c 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -11,39 +11,39 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST -def tamper(value): +def tamper(payload): """ Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)' """ - if value and value.find("IFNULL") > -1: + if payload and payload.find("IFNULL") > -1: - while value.find("IFNULL(") > -1: - index = value.find("IFNULL(") + while payload.find("IFNULL(") > -1: + index = payload.find("IFNULL(") deepness = 1 comma, end = None, None - for i in xrange(index + len("IFNULL("), len(value)): - if deepness == 1 and value[i] == ',': + for i in xrange(index + len("IFNULL("), len(payload)): + if deepness == 1 and payload[i] == ',': comma = i - elif deepness == 1 and value[i] == ')': + elif deepness == 1 and payload[i] == ')': end = i break - elif value[i] == '(': + elif payload[i] == '(': deepness += 1 - elif value[i] == ')': + elif payload[i] == ')': deepness -= 1 if comma and end: - A = value[index + len("IFNULL("):comma] - B = value[comma + 1:end] + A = payload[index + len("IFNULL("):comma] + B = payload[comma + 1:end] newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A) - value = value[:index] + newVal + value[end+1:] + payload = payload[:index] + newVal + payload[end+1:] else: break - return value + return payload diff --git a/tamper/randomcase.py b/tamper/randomcase.py index cca53a6c7..6f2a33413 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -15,15 +15,15 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL -def tamper(value): +def tamper(payload): """ Replaces each character with random case value Example: 'INSERT' might become 'InsERt' """ - retVal = value + retVal = payload - if value: + if payload: for match in re.finditer(r"[A-Za-z_]+", retVal): word = match.group() diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 7c8cf3d46..ffd4aa8c3 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -15,16 +15,16 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW -def tamper(value): +def tamper(payload): """ - Add random comments to SQL keywords in value + Add random comments to SQL keywords Example: 'INSERT' becomes 'IN/**/S/**/ERT' """ - retVal = value + retVal = payload - if value: - for match in re.finditer(r"[A-Za-z_]+", retVal): + if payload: + for match in re.finditer(r"[A-Za-z_]+", payload): word = match.group() if len(word) < 2: diff --git a/tamper/space2comment.py b/tamper/space2comment.py index a6cd85ca4..19a373875 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -11,36 +11,36 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW -def tamper(value): +def tamper(payload): """ Replaces ' ' with '/**/' Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users' """ - retVal = value + retVal = payload - if value: + if payload: retVal = "" quote, doublequote, firstspace = False, False, False - for i in xrange(len(value)): + for i in xrange(len(payload)): if not firstspace: - if value[i].isspace(): + if payload[i].isspace(): firstspace = True retVal += "/**/" continue - elif value[i] == '\'': + elif payload[i] == '\'': quote = not quote - elif value[i] == '"': + elif payload[i] == '"': doublequote = not doublequote - elif value[i]==" " and not doublequote and not quote: + elif payload[i]==" " and not doublequote and not quote: retVal += "/**/" continue - retVal += value[i] + retVal += payload[i] return retVal diff --git a/tamper/space2plus.py b/tamper/space2plus.py index f25bf8bd2..209c16560 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -11,36 +11,35 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW -def tamper(value): +def tamper(payload): """ Replaces ' ' with '+' Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users' """ - retVal = value + retVal = payload - if value: + if payload: retVal = "" quote, doublequote, firstspace = False, False, False - for i in xrange(len(value)): + for i in xrange(len(payload)): if not firstspace: - if value[i].isspace(): + if payload[i].isspace(): firstspace = True retVal += "+" continue - elif value[i] == '\'': + elif payload[i] == '\'': quote = not quote - elif value[i] == '"': + elif payload[i] == '"': doublequote = not doublequote - elif value[i]==" " and not doublequote and not quote: + elif payload[i]==" " and not doublequote and not quote: retVal += "+" continue - retVal += value[i] + retVal += payload[i] return retVal - diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index a41b664cb..22ab71a8d 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -13,37 +13,37 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW -def tamper(value): +def tamper(payload): """ Replaces ' ' with a random blank char from a set ('\r', '\n', '\t') Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers' """ blanks = ['\r', '\n', '\t'] - retVal = value + retVal = payload - if value: + if payload: retVal = "" quote, doublequote, firstspace = False, False, False - for i in xrange(len(value)): + for i in xrange(len(payload)): if not firstspace: - if value[i].isspace(): + if payload[i].isspace(): firstspace = True retVal += random.choice(blanks) continue - elif value[i] == '\'': + elif payload[i] == '\'': quote = not quote - elif value[i] == '"': + elif payload[i] == '"': doublequote = not doublequote - elif value[i]==" " and not doublequote and not quote: + elif payload[i]==" " and not doublequote and not quote: retVal += random.choice(blanks) continue - retVal += value[i] + retVal += payload[i] return retVal