From 7f4fa7c27dcdc1b176c2a8529861fa89c2b7f366 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 24 Jul 2012 01:21:32 +0200 Subject: [PATCH] Minor refactoring --- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/chardoubleencode.py | 2 +- tamper/charencode.py | 2 +- tamper/charunicodeencode.py | 2 +- tamper/equaltolike.py | 2 +- tamper/ifnull2ifisnull.py | 16 ++++++++-------- tamper/randomcase.py | 6 +++--- tamper/randomcomments.py | 8 ++++---- tamper/space2mssqlblank.py | 2 +- tamper/space2mysqlblank.py | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 53b005b65..2f726d57d 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -27,4 +27,4 @@ def tamper(payload): * http://lukasz.pilorz.net/testy/full_width_utf/index.phps """ - return payload.replace('\'', '%EF%BC%87') if payload else payload + return payload.replace('\'', "%EF%BC%87") if payload else payload diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 296c9ac05..ed9bab543 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -21,4 +21,4 @@ def tamper(payload): * Output: AND %00%271%00%27=%00%271%00%27 """ - return payload.replace('\'', '%00%27') if payload else payload + return payload.replace('\'', "%00%27") if payload else payload diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index f66385c03..f96546357 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -40,7 +40,7 @@ def tamper(payload): retVal += payload[i:i+3] i += 3 else: - retVal += '%%25%X' % ord(payload[i]) + retVal += '%%25%.2X' % ord(payload[i]) i += 1 return retVal diff --git a/tamper/charencode.py b/tamper/charencode.py index 3a5f07806..fbb3c670b 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -47,7 +47,7 @@ def tamper(payload): retVal += payload[i:i+3] i += 3 else: - retVal += '%%%X' % ord(payload[i]) + retVal += '%%%.2X' % ord(payload[i]) i += 1 return retVal diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index eeff3c5fd..21a61d9a6 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -52,7 +52,7 @@ def tamper(payload): retVal += "%%u00%s" % payload[i+1:i+3] i += 3 else: - retVal += '%%u00%X' % ord(payload[i]) + retVal += '%%u%.4X' % ord(payload[i]) i += 1 return retVal diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index b3b1d416b..9a4f7a9da 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -38,7 +38,7 @@ def tamper(payload): def process(match): word = match.group() - word = "%sLIKE%s" % (" " if word[0]!=" " else "", " " if word[-1]!=" " else "") + word = "%sLIKE%s" % (" " if word[0] != " " else "", " " if word[-1] != " " else "") return word diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 47f4ef0ce..0ffb99949 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -36,27 +36,27 @@ def tamper(payload): if payload and payload.find("IFNULL") > -1: while payload.find("IFNULL(") > -1: index = payload.find("IFNULL(") - deepness = 1 + depth = 1 comma, end = None, None for i in xrange(index + len("IFNULL("), len(payload)): - if deepness == 1 and payload[i] == ',': + if depth == 1 and payload[i] == ',': comma = i - elif deepness == 1 and payload[i] == ')': + elif depth == 1 and payload[i] == ')': end = i break elif payload[i] == '(': - deepness += 1 + depth += 1 elif payload[i] == ')': - deepness -= 1 + depth -= 1 if comma and end: - A = payload[index + len("IFNULL("):comma] - B = payload[comma + 1:end] - newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A) + _ = payload[index + len("IFNULL("):comma] + __ = payload[comma + 1:end] + newVal = "IF(ISNULL(%s),%s,%s)" % (_, __, _) payload = payload[:index] + newVal + payload[end+1:] else: break diff --git a/tamper/randomcase.py b/tamper/randomcase.py index cb0721a2c..a0bc3714a 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -43,11 +43,11 @@ def tamper(payload): word = match.group() if word.upper() in kb.keywords: - newWord = str() + _ = str() for i in xrange(len(word)): - newWord += word[i].upper() if randomRange(0, 1) else word[i].lower() + _ += word[i].upper() if randomRange(0, 1) else word[i].lower() - retVal = retVal.replace(word, newWord) + retVal = retVal.replace(word, _) return retVal diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 9012c8928..69bead477 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -29,12 +29,12 @@ def tamper(payload): continue if word.upper() in kb.keywords: - newWord = word[0] + _ = word[0] for i in xrange(1, len(word) - 1): - newWord += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i]) + _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i]) - newWord += word[-1] - retVal = retVal.replace(word, newWord) + _ += word[-1] + retVal = retVal.replace(word, _) return retVal diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index a7972e478..dc130f5ef 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -53,7 +53,7 @@ def tamper(payload): # CR 0D carriage return # SO 0E shift out # SI 0F shift in - blanks = ['%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A'] + blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A') retVal = payload if payload: diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index 0cbe448fc..2a33aee4b 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -43,7 +43,7 @@ def tamper(payload): # CR 0D carriage return # VT 0B vertical TAB (MySQL and Microsoft SQL Server only) # - A0 - (MySQL only) - blanks = ['%09', '%0A', '%0C', '%0D', '%0B', '%A0'] + blanks = ('%09', '%0A', '%0C', '%0D', '%0B', '%A0') retVal = payload if payload: