sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-08-03 03:40:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 022506580a into 54be398e83

Browse Source
This commit is contained in:
securitygeneration 2014-06-07 10:58:46 +00:00
commit 5e25e9e9e1
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tamper/unmagicquotes.py
View File

@ -20,7 +20,8 @@ def tamper(payload, **kwargs):
generic comment at the end (to make it work)
Notes:
* Useful for bypassing magic_quotes/addslashes feature
* Useful for bypassing mysql_real_escape_string/magic_quotes/addslashes feature
* Particularly for servers using GBK encoding
Reference:
* http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
@ -43,8 +44,4 @@ def tamper(payload, **kwargs):
retVal += payload[i]
continue
if found:
retVal = re.sub("\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
retVal += "-- "
return retVal