Add files via upload (#5189)

2025-11-04 01:47:37 +03:00 · 2022-10-06 11:32:31 +02:00 · 2022-10-06 11:32:31 +02:00 · 7f62572f43
commit 7f62572f43
parent e846209b87
2 changed files with 66 additions and 0 deletions
--- a/tamper/decentities.py
+++ b/tamper/decentities.py
@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    HTML encode in decimal (using code points) all characters (e.g. ' -> &#39;)
+
+    >>> tamper("1' AND SLEEP(5)#")
+    '&#49;&#39;&#32;&#65;&#78;&#68;&#32;&#83;&#76;&#69;&#69;&#80;&#40;&#53;&#41;&#35;'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        i = 0
+
+        while i < len(payload):
+            retVal += "&#%s;" % ord(payload[i])
+            i += 1
+
+    return retVal
--- a/tamper/hexentities.py
+++ b/tamper/hexentities.py
@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    HTML encode in hexadecimal (using code points) all characters (e.g. ' -> &#x31;)
+
+    >>> tamper("1' AND SLEEP(5)#")
+    '&#x31;&#x27;&#x20;&#x41;&#x4e;&#x44;&#x20;&#x53;&#x4c;&#x45;&#x45;&#x50;&#x28;&#x35;&#x29;&#x23;'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        i = 0
+
+        while i < len(payload):
+            retVal += "&#x%s;" % format(ord(payload[i]), "x")
+            i += 1
+
+    return retVal