mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index)
This commit is contained in:
parent
7a6bddf811
commit
5014475637
|
@ -57,7 +57,7 @@ def tamper(payload):
|
||||||
elif payload[i] == ">" and not doublequote and not quote:
|
elif payload[i] == ">" and not doublequote and not quote:
|
||||||
retVal += " " if i > 0 and not payload[i-1].isspace() else ""
|
retVal += " " if i > 0 and not payload[i-1].isspace() else ""
|
||||||
retVal += "NOT BETWEEN 0 AND"
|
retVal += "NOT BETWEEN 0 AND"
|
||||||
retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else ""
|
retVal += " " if i < len(payload) - 1 and not payload[i+1:i+2].isspace() else ""
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ def tamper(payload):
|
||||||
i = 0
|
i = 0
|
||||||
|
|
||||||
while i < len(payload):
|
while i < len(payload):
|
||||||
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
|
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
|
||||||
retVal += payload[i:i+3]
|
retVal += payload[i:i+3]
|
||||||
i += 3
|
i += 3
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -46,7 +46,7 @@ def tamper(payload):
|
||||||
i = 0
|
i = 0
|
||||||
|
|
||||||
while i < len(payload):
|
while i < len(payload):
|
||||||
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
|
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
|
||||||
retVal += payload[i:i+3]
|
retVal += payload[i:i+3]
|
||||||
i += 3
|
i += 3
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -36,7 +36,7 @@ def tamper(payload):
|
||||||
i = 0
|
i = 0
|
||||||
|
|
||||||
while i < len(payload):
|
while i < len(payload):
|
||||||
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
|
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
|
||||||
retVal += "%%u00%s" % payload[i+1:i+3]
|
retVal += "%%u00%s" % payload[i+1:i+3]
|
||||||
i += 3
|
i += 3
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -43,7 +43,7 @@ def tamper(payload):
|
||||||
i = 0
|
i = 0
|
||||||
|
|
||||||
while i < len(payload):
|
while i < len(payload):
|
||||||
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
|
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
|
||||||
retVal += payload[i:i+3]
|
retVal += payload[i:i+3]
|
||||||
i += 3
|
i += 3
|
||||||
elif payload[i] != ' ':
|
elif payload[i] != ' ':
|
||||||
|
|
Loading…
Reference in New Issue
Block a user