minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index)

2024-11-22 01:26:42 +03:00 · 2011-07-11 09:22:29 +00:00 · 2011-07-11 09:22:29 +00:00 · 5014475637
commit 5014475637
parent 7a6bddf811
5 changed files with 5 additions and 5 deletions
--- a/tamper/between.py
+++ b/tamper/between.py
@ -57,7 +57,7 @@ def tamper(payload):
            elif payload[i] == ">" and not doublequote and not quote:
                retVal += " " if i > 0 and not payload[i-1].isspace() else ""
                retVal += "NOT BETWEEN 0 AND"
-                retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else ""
+                retVal += " " if i < len(payload) - 1 and not payload[i+1:i+2].isspace() else ""

                continue

--- a/tamper/chardoubleencode.py
+++ b/tamper/chardoubleencode.py
@ -38,7 +38,7 @@ def tamper(payload):
        i = 0

        while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                retVal += payload[i:i+3]
                i += 3
            else:
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@ -46,7 +46,7 @@ def tamper(payload):
        i = 0

        while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                retVal += payload[i:i+3]
                i += 3
            else:
--- a/tamper/charunicodeencode.py
+++ b/tamper/charunicodeencode.py
@ -36,7 +36,7 @@ def tamper(payload):
        i = 0

        while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                retVal += "%%u00%s" % payload[i+1:i+3]
                i += 3
            else:
--- a/tamper/percentage.py
+++ b/tamper/percentage.py
@ -43,7 +43,7 @@ def tamper(payload):
        i = 0

        while i < len(payload):
-            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
+            if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1:i+2] in string.hexdigits and payload[i+2:i+3] in string.hexdigits:
                retVal += payload[i:i+3]
                i += 3
            elif payload[i] != ' ':