From 50144756376a51205d46c23d679b7e47fbea1965 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 11 Jul 2011 09:22:29 +0000
Subject: [PATCH] minor update (changing form of payload[i+1] with
 payload[i+1:i+2] which is much safer for not crashing the script with invalid
 char index)

---
 tamper/between.py           | 2 +-
 tamper/chardoubleencode.py  | 2 +-
 tamper/charencode.py        | 2 +-
 tamper/charunicodeencode.py | 2 +-
 tamper/percentage.py        | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tamper/between.py b/tamper/between.py
index 77d3f5a66..79007c37f 100644
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -57,7 +57,7 @@ def tamper(payload):
             elif payload[i] == ">" and not doublequote and not quote:
                 retVal += " " if i > 0 and not payload[i-1].isspace() else ""
                 retVal += "NOT BETWEEN 0 AND"
-                retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else ""
+                retVal += " " if i < len(payload) - 1 and not payload[i+1:i+2].isspace() else ""
 
                 continue
 
diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py
index 40dcb5f94..5807390b3 100644
--- a/tamper/chardoubleencode.py
+++ b/tamper/chardoubleencode.py
@@ -38,7 +38,7 @@ def tamper(payload):
         i = 0
 
         while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                 retVal += payload[i:i+3]
                 i += 3
             else:
diff --git a/tamper/charencode.py b/tamper/charencode.py
index 051ebc191..16eb28cd4 100644
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@@ -46,7 +46,7 @@ def tamper(payload):
         i = 0
 
         while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                 retVal += payload[i:i+3]
                 i += 3
             else:
diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py
index fa34bab93..c082b78fe 100644
--- a/tamper/charunicodeencode.py
+++ b/tamper/charunicodeencode.py
@@ -36,7 +36,7 @@ def tamper(payload):
         i = 0
 
         while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                 retVal += "%%u00%s" % payload[i+1:i+3]
                 i += 3
             else:
diff --git a/tamper/percentage.py b/tamper/percentage.py
index ef61eadd1..6b476c54c 100644
--- a/tamper/percentage.py
+++ b/tamper/percentage.py
@@ -43,7 +43,7 @@ def tamper(payload):
         i = 0
 
         while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                 retVal += payload[i:i+3]
                 i += 3
             elif payload[i] != ' ':