sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-27 00:20:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

casthex2char: nex tamper script for SQLite

Browse Source
This commit is contained in:
Alexandre ZANNI 2021-04-06 16:48:31 +02:00 committed by GitHub
parent 732b9670d2
commit 4f6a04c621
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tamper/casthex2char.py Normal file
View File

@ -0,0 +1,42 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import os
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.convert import decodeHex
from lib.core.convert import getOrds
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.SQLITE))
def tamper(payload, **kwargs):
"""
Replaces each (SQLite) CAST(X'4142' AS TEXT) encoded string with equivalent CAST(CHAR(65) AS TEXT) || CAST(CHAR(66) AS TEXT) counterpart
Requirement:
* SQLite
Tested against:
* SQLite 3
Notes:
* Useful in cases when web application block single quotes or use addslashes()
>>> tamper("SELECT CAST(X'4142' AS TEXT)")
"SELECT CAST(CHAR(65) AS TEXT) || CAST(CHAR(66) AS TEXT)"
"""
retVal = payload
if payload:
for match in re.finditer(r"CAST\(X'([0-9a-f]+)' AS TEXT\)", retVal):
result = '||'.join("CAST(CHAR(%d) AS TEXT)" % _ for _ in getOrds(decodeHex(match.group(1))))
retVal = retVal.replace(match.group(0), result)
return retVal