From 7f62572f4358b48b8b8330cd919f53bd14d1dfab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Garc=C3=ADa?= <56491288+takito1812@users.noreply.github.com> Date: Thu, 6 Oct 2022 11:32:31 +0200 Subject: [PATCH] Add files via upload (#5189) --- tamper/decentities.py | 33 +++++++++++++++++++++++++++++++++ tamper/hexentities.py | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 tamper/decentities.py create mode 100644 tamper/hexentities.py diff --git a/tamper/decentities.py b/tamper/decentities.py new file mode 100644 index 000000000..4dfb058da --- /dev/null +++ b/tamper/decentities.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.LOW + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + HTML encode in decimal (using code points) all characters (e.g. ' -> ') + + >>> tamper("1' AND SLEEP(5)#") + '1' AND SLEEP(5)#' + """ + + retVal = payload + + if payload: + retVal = "" + i = 0 + + while i < len(payload): + retVal += "&#%s;" % ord(payload[i]) + i += 1 + + return retVal diff --git a/tamper/hexentities.py b/tamper/hexentities.py new file mode 100644 index 000000000..0bce83bc0 --- /dev/null +++ b/tamper/hexentities.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.LOW + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + HTML encode in hexadecimal (using code points) all characters (e.g. ' -> 1) + + >>> tamper("1' AND SLEEP(5)#") + '1' AND SLEEP(5)#' + """ + + retVal = payload + + if payload: + retVal = "" + i = 0 + + while i < len(payload): + retVal += "&#x%s;" % format(ord(payload[i]), "x") + i += 1 + + return retVal