From 9832fc42d4eb73b964cf46b786e1ecd2beb6129a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 May 2011 21:47:40 +0000 Subject: [PATCH] minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) --- lib/core/common.py | 1 + lib/core/option.py | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index 182daf33c..71b4459d4 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -902,6 +902,7 @@ def setPaths(): # sqlmap paths paths.SQLMAP_EXTRAS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "extra") paths.SQLMAP_SHELL_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "shell") + paths.SQLMAP_TAMPER_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "tamper") paths.SQLMAP_TXT_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "txt") paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf") paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml") diff --git a/lib/core/option.py b/lib/core/option.py index 6b15dc681..e5646be7c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -721,7 +721,7 @@ def __setTamperingFunctions(): resolve_priorities = False priorities = [] - for tfile in conf.tamper.split(','): + for tfile in re.split(r'[,|;]', conf.tamper): found = False tfile = tfile.strip() @@ -729,6 +729,9 @@ def __setTamperingFunctions(): if not tfile: continue + elif os.path.exists(os.path.join(paths.SQLMAP_TAMPER_PATH, tfile if tfile.endswith('.py') else "%s.py" % tfile)): + tfile = os.path.join(paths.SQLMAP_TAMPER_PATH, tfile if tfile.endswith('.py') else "%s.py" % tfile) + elif not os.path.exists(tfile): errMsg = "tamper script '%s' does not exist" % tfile raise sqlmapFilePathException, errMsg