mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
important update regarding (Bug #209) - probably more will be needed
This commit is contained in:
parent
a921fe0d5d
commit
5a38ac7ea9
|
@ -24,7 +24,6 @@ from lib.core.common import readInput
|
|||
from lib.core.common import showStaticWords
|
||||
from lib.core.common import wasLastRequestError
|
||||
from lib.core.common import DynamicContentItem
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
|
|
@ -11,6 +11,7 @@ import re
|
|||
|
||||
from xml.etree import ElementTree as ET
|
||||
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getInjectionCase
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
|
@ -20,6 +21,7 @@ from lib.core.data import kb
|
|||
from lib.core.data import queries
|
||||
from lib.core.datatype import advancedDict
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.core.settings import PAYLOAD_DELIMITER
|
||||
|
||||
class Agent:
|
||||
"""
|
||||
|
@ -54,18 +56,17 @@ class Agent:
|
|||
falseValue = ""
|
||||
negValue = ""
|
||||
retValue = ""
|
||||
newValue = urlencode(newValue) if place != "URI" else newValue
|
||||
|
||||
if negative or kb.unionNegative:
|
||||
negValue = "-"
|
||||
elif falseCond or kb.unionFalseCond:
|
||||
randInt = randomInt()
|
||||
falseValue = urlencode(" AND %d=%d" % (randInt, randInt + 1))
|
||||
falseValue = " AND %d=%d" % (randInt, randInt + 1)
|
||||
|
||||
# After identifing the injectable parameter
|
||||
if kb.injPlace == "User-Agent":
|
||||
retValue = kb.injParameter.replace(kb.injParameter,
|
||||
"%s%s" % (negValue, kb.injParameter + falseValue + newValue))
|
||||
self.addPayloadDelimiters("%s%s" % (negValue, kb.injParameter + falseValue + newValue)))
|
||||
elif kb.injParameter:
|
||||
paramString = conf.parameters[kb.injPlace]
|
||||
paramDict = conf.paramDict[kb.injPlace]
|
||||
|
@ -76,21 +77,21 @@ class Agent:
|
|||
iterator = root.getiterator(kb.injParameter)
|
||||
|
||||
for child in iterator:
|
||||
child.text = "%s%s" % (negValue, value + falseValue + newValue)
|
||||
child.text = self.addPayloadDelimiters(negValue + value + falseValue + newValue)
|
||||
|
||||
retValue = ET.tostring(root)
|
||||
elif kb.injPlace == "URI":
|
||||
retValue = paramString.replace("*",
|
||||
"%s%s" % (negValue, falseValue + newValue))
|
||||
self.addPayloadDelimiters("%s%s" % (negValue, falseValue + newValue)))
|
||||
else:
|
||||
retValue = paramString.replace("%s=%s" % (kb.injParameter, value),
|
||||
"%s=%s%s" % (kb.injParameter, negValue, value + falseValue + newValue))
|
||||
"%s=%s" % (kb.injParameter, self.addPayloadDelimiters(negValue + value + falseValue + newValue)))
|
||||
|
||||
# Before identifing the injectable parameter
|
||||
elif parameter == "User-Agent":
|
||||
retValue = value.replace(value, newValue)
|
||||
retValue = value.replace(value, self.addPayloadDelimiters(newValue))
|
||||
elif place == "URI":
|
||||
retValue = value.replace("*", "%s" % newValue.replace(value, str()))
|
||||
retValue = value.replace("*", self.addPayloadDelimiters("%s" % newValue.replace(value, str())))
|
||||
else:
|
||||
paramString = conf.parameters[place]
|
||||
|
||||
|
@ -99,12 +100,12 @@ class Agent:
|
|||
iterator = root.getiterator(parameter)
|
||||
|
||||
for child in iterator:
|
||||
child.text = newValue
|
||||
child.text = self.addPayloadDelimiters(newValue)
|
||||
|
||||
retValue = ET.tostring(root)
|
||||
else:
|
||||
retValue = paramString.replace("%s=%s" % (parameter, value),
|
||||
"%s=%s" % (parameter, newValue))
|
||||
"%s=%s" % (parameter, self.addPayloadDelimiters(newValue)))
|
||||
|
||||
return retValue
|
||||
|
||||
|
@ -604,5 +605,60 @@ class Agent:
|
|||
|
||||
return queries[kb.dbms].case.query % expression
|
||||
|
||||
def addPayloadDelimiters(self, inpStr):
|
||||
"""
|
||||
Adds payload delimiters around the input string
|
||||
"""
|
||||
retVal = inpStr
|
||||
|
||||
if inpStr:
|
||||
retVal = "%s%s%s" % (PAYLOAD_DELIMITER, inpStr, PAYLOAD_DELIMITER)
|
||||
|
||||
return retVal
|
||||
|
||||
def removePayloadDelimiters(self, inpStr, urlencode_=True):
|
||||
"""
|
||||
Removes payload delimiters from inside the input string
|
||||
"""
|
||||
retVal = inpStr
|
||||
|
||||
if inpStr:
|
||||
if urlencode_:
|
||||
regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
|
||||
|
||||
for match in regObj.finditer(inpStr):
|
||||
retVal = retVal.replace(match.group("result"), urlencode(match.group("result")[1:-1]))
|
||||
else:
|
||||
retVal = retVal.replace(PAYLOAD_DELIMITER, '')
|
||||
|
||||
return retVal
|
||||
|
||||
def extractPayload(self, inpStr):
|
||||
"""
|
||||
Extracts payload from inside of the input string
|
||||
"""
|
||||
retVal = None
|
||||
|
||||
if inpStr:
|
||||
regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
|
||||
match = regObj.search(inpStr)
|
||||
|
||||
if match:
|
||||
retVal = match.group("result")[1:-1]
|
||||
|
||||
return retVal
|
||||
|
||||
def replacePayload(self, inpStr, payload):
|
||||
"""
|
||||
Replaces payload inside the input string with a given payload
|
||||
"""
|
||||
retVal = inpStr
|
||||
|
||||
if inpStr:
|
||||
regObj = getCompiledRegex("(?P<result>%s.*?%s)" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER))
|
||||
retVal = regObj.sub("%s%s%s" % (PAYLOAD_DELIMITER, payload, PAYLOAD_DELIMITER), inpStr)
|
||||
|
||||
return retVal
|
||||
|
||||
# SQL agent
|
||||
agent = Agent()
|
||||
|
|
|
@ -1532,7 +1532,7 @@ def runningAsAdmin():
|
|||
isAdmin = True
|
||||
else:
|
||||
errMsg = "sqlmap is not able to check if you are running it "
|
||||
errMsg += "as an administrator accout on this platform. "
|
||||
errMsg += "as an administrator account on this platform. "
|
||||
errMsg += "sqlmap will assume that you are an administrator "
|
||||
errMsg += "which is mandatory for the requested takeover attack "
|
||||
errMsg += "to work properly"
|
||||
|
|
|
@ -556,14 +556,14 @@ def __setTamperingFunctions():
|
|||
raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
|
||||
|
||||
for name, function in inspect.getmembers(module, inspect.isfunction):
|
||||
if name == "tamper" and function.func_code.co_argcount == 2:
|
||||
if name == "tamper" and function.func_code.co_argcount == 1:
|
||||
kb.tamperFunctions.append(function)
|
||||
found = True
|
||||
|
||||
break
|
||||
|
||||
if not found:
|
||||
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tamper script '%s'" % tfile
|
||||
raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
|
||||
|
||||
def __setThreads():
|
||||
if not isinstance(conf.threads, int) or conf.threads <= 0:
|
||||
|
|
|
@ -46,6 +46,8 @@ ERROR_EMPTY_CHAR = ":x:"
|
|||
ERROR_START_CHAR = ":s:"
|
||||
ERROR_END_CHAR = ":e:"
|
||||
|
||||
PAYLOAD_DELIMITER = "\x00"
|
||||
|
||||
# System variables
|
||||
IS_WIN = subprocess.mswindows
|
||||
# The name of the operating system dependent module imported. The following
|
||||
|
|
|
@ -35,9 +35,6 @@ def forgeHeaders(cookie, ua):
|
|||
|
||||
for header, value in conf.httpHeaders:
|
||||
if cookie and header == "Cookie":
|
||||
if conf.cookieUrlencode:
|
||||
cookie = urlEncodeCookieValues(cookie)
|
||||
|
||||
headers[header] = cookie
|
||||
elif ua and header == "User-Agent":
|
||||
headers[header] = ua
|
||||
|
|
|
@ -16,6 +16,7 @@ import urlparse
|
|||
import traceback
|
||||
|
||||
from lib.contrib import multipartpost
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.convert import urlencode
|
||||
|
@ -107,7 +108,6 @@ class Connect:
|
|||
get = conf.parameters["GET"]
|
||||
|
||||
if get:
|
||||
get = urlencode(get)
|
||||
url = "%s?%s" % (url, get)
|
||||
requestMsg += "?%s" % get
|
||||
|
||||
|
@ -307,8 +307,22 @@ class Connect:
|
|||
place = kb.injPlace
|
||||
|
||||
if kb.tamperFunctions:
|
||||
payload = agent.extractPayload(value)
|
||||
if payload:
|
||||
for function in kb.tamperFunctions:
|
||||
value = function(place, value)
|
||||
payload = function(payload)
|
||||
value = agent.replacePayload(value, payload)
|
||||
|
||||
if place == "GET":
|
||||
value = agent.removePayloadDelimiters(value, True)
|
||||
elif place == "POST":
|
||||
value = agent.removePayloadDelimiters(value, False)
|
||||
elif place == "Cookie":
|
||||
value = agent.removePayloadDelimiters(value, conf.cookieUrlencode)
|
||||
elif place == "User-Agent":
|
||||
value = agent.removePayloadDelimiters(value, True)
|
||||
elif place == "URI":
|
||||
value = agent.removePayloadDelimiters(value, False)
|
||||
|
||||
if conf.checkPayload:
|
||||
checkPayload(value)
|
||||
|
|
|
@ -22,7 +22,6 @@ from lib.core.common import pushValue
|
|||
from lib.core.common import randomInt
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
|
|
@ -22,7 +22,6 @@ from lib.core.common import pushValue
|
|||
from lib.core.common import readInput
|
||||
from lib.core.common import replaceNewlineTabs
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -122,7 +121,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
|
||||
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue))
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
result = Request.queryPage(forgedPayload)
|
||||
|
||||
if result:
|
||||
return hintValue[idx-1]
|
||||
|
@ -153,7 +152,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
if len(charTbl) == 1:
|
||||
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
result = Request.queryPage(forgedPayload)
|
||||
|
||||
if result:
|
||||
return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0])
|
||||
|
@ -174,7 +173,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
result = Request.queryPage(forgedPayload)
|
||||
|
||||
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
|
||||
posValue = popValue()
|
||||
|
@ -226,7 +225,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
|
||||
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
result = Request.queryPage(forgedPayload)
|
||||
|
||||
if result:
|
||||
return chr(retVal) if retVal < 128 else unichr(retVal)
|
||||
|
@ -444,7 +443,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
|
||||
query = agent.postfixQuery(query)
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(agent.payload(newValue=query)))
|
||||
result = Request.queryPage(agent.payload(newValue=query))
|
||||
|
||||
# Did we have luck?
|
||||
if result:
|
||||
|
@ -468,7 +467,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
|
||||
query = agent.postfixQuery(query)
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(agent.payload(newValue=query)))
|
||||
result = Request.queryPage(agent.payload(newValue=query))
|
||||
|
||||
# Did we have luck?
|
||||
if result:
|
||||
|
|
|
@ -15,7 +15,6 @@ from lib.core.common import getUnicode
|
|||
from lib.core.common import randomInt
|
||||
from lib.core.common import replaceNewlineTabs
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -68,7 +67,7 @@ def errorUse(expression):
|
|||
logger.debug(debugMsg)
|
||||
|
||||
payload = agent.payload(newValue=forgedQuery)
|
||||
result = Request.queryPage(urlencode(payload), content=True)
|
||||
result = Request.queryPage(payload, content=True)
|
||||
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
|
||||
|
||||
if match:
|
||||
|
|
|
@ -7,10 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces '>' with 'NOT BETWEEN 0 AND #'
|
||||
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
|
||||
|
@ -19,14 +16,12 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
for i in xrange(len(value)):
|
||||
if not firstspace:
|
||||
|
||||
if value[i].isspace():
|
||||
firstspace = True
|
||||
retVal += " "
|
||||
|
@ -47,8 +42,5 @@ def tamper(place, value):
|
|||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ import string
|
|||
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces value with urlencode of non-encoded chars in value
|
||||
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
|
||||
|
@ -20,7 +20,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = ""
|
||||
i = 0
|
||||
|
||||
|
@ -31,7 +30,5 @@ def tamper(place, value):
|
|||
else:
|
||||
retVal += '%%%X' % ord(value[i])
|
||||
i += 1
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -11,7 +11,7 @@ import string
|
|||
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces value with unicode-urlencode of non-encoded chars in value
|
||||
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045'
|
||||
|
@ -20,7 +20,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = ""
|
||||
i = 0
|
||||
|
||||
|
@ -31,7 +30,5 @@ def tamper(place, value):
|
|||
else:
|
||||
retVal += '%%u00%X' % ord(value[i])
|
||||
i += 1
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -10,16 +10,13 @@ See the file 'doc/COPYING' for copying permission
|
|||
from lib.core.convert import urlencode
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces value with urlencode(value)
|
||||
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
|
||||
"""
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urlencode(value, convall=True)
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return value
|
||||
|
|
|
@ -7,18 +7,13 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
|
||||
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
|
||||
"""
|
||||
|
||||
if value and value.find("IFNULL") > -1:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
while value.find("IFNULL(") > -1:
|
||||
index = value.find("IFNULL(")
|
||||
|
@ -28,11 +23,14 @@ def tamper(place, value):
|
|||
for i in xrange(index + len("IFNULL("), len(value)):
|
||||
if deepness == 1 and value[i] == ',':
|
||||
comma = i
|
||||
|
||||
elif deepness == 1 and value[i] == ')':
|
||||
end = i
|
||||
break
|
||||
|
||||
elif value[i] == '(':
|
||||
deepness += 1
|
||||
|
||||
elif value[i] == ')':
|
||||
deepness -= 1
|
||||
|
||||
|
@ -44,7 +42,4 @@ def tamper(place, value):
|
|||
else:
|
||||
break
|
||||
|
||||
if place != "URI":
|
||||
value = urlencode(value)
|
||||
|
||||
return value
|
||||
|
|
|
@ -10,8 +10,6 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import kb
|
||||
|
||||
def tamper(place, value):
|
||||
|
@ -23,9 +21,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = urldecode(retVal)
|
||||
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
word = match.group()
|
||||
|
||||
|
@ -37,7 +32,4 @@ def tamper(place, value):
|
|||
|
||||
retVal = retVal.replace(word, newWord)
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -10,11 +10,9 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import kb
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Add random comments to value
|
||||
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
|
||||
|
@ -23,9 +21,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = urldecode(retVal)
|
||||
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
word = match.group()
|
||||
|
||||
|
@ -41,7 +36,4 @@ def tamper(place, value):
|
|||
newWord += word[-1]
|
||||
retVal = retVal.replace(word, newWord)
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -7,10 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces ' ' with '/**/'
|
||||
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
|
||||
|
@ -19,9 +16,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
|
@ -44,8 +38,5 @@ def tamper(place, value):
|
|||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -7,10 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces ' ' with '/**/'
|
||||
Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users'
|
||||
|
@ -19,9 +16,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
|
@ -44,8 +38,5 @@ def tamper(place, value):
|
|||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -9,10 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import random
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
def tamper(place, value):
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')
|
||||
Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers'
|
||||
|
@ -22,9 +19,6 @@ def tamper(place, value):
|
|||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
|
@ -47,8 +41,5 @@ def tamper(place, value):
|
|||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user