sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor changes

Browse Source
This commit is contained in:
Miroslav Stampar 2011-06-30 07:52:13 +00:00
parent f3013e4a29
commit b361f60644
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tamper/versionedkeywords.py
View File

@ -10,32 +10,28 @@ See the file 'doc/COPYING' for copying permission
import re import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.common import singleTimeWarnMessage
from lib.core.data import kb from lib.core.data import kb
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
__priority__ = PRIORITY.NORMAL __priority__ = PRIORITY.HIGHER
def tamper(payload): def tamper(payload):
""" """
Encloses each keyword with versioned MySQL comment (MySQL >= 5.1.13) Encloses each non-function keyword with versioned MySQL comment
Example: 'INSERT' will become '/*!INSERT*/' Example: 'INSERT' will become '/*!INSERT*/'
""" """
def process(match): def process(match):
word = match.group('word') word = match.group('word')
if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: if word.upper() in kb.keywords:
return match.group().replace(word, "/*!%s*/" % word) return match.group().replace(word, "/*!%s*/" % word)
else: else:
return match.group() return match.group()
singleTimeWarnMessage("This tamper script is only meant to be run against MySQL >= 5.1.13")
retVal = payload retVal = payload
if payload: if payload:
retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal) retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal)
retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
return retVal return retVal

14
tamper/versionedkeywords2.py → tamper/versionedmorekeywords.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python #!/usr/bin/env python
""" """
$Id: versionedkeywords.py 3982 2011-05-28 17:34:43Z stamparm $ $Id: versionedkeywords.py 4203 2011-06-30 06:39:32Z stamparm $
Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/) Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
@ -10,28 +10,32 @@ See the file 'doc/COPYING' for copying permission
import re import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.common import singleTimeWarnMessage
from lib.core.data import kb from lib.core.data import kb
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
__priority__ = PRIORITY.NORMAL __priority__ = PRIORITY.HIGHER
def tamper(payload): def tamper(payload):
""" """
Encloses each non-function keyword with versioned MySQL comment Encloses each keyword with versioned MySQL comment (MySQL >= 5.1.13)
Example: 'INSERT' will become '/*!INSERT*/' Example: 'INSERT' will become '/*!INSERT*/'
""" """
def process(match): def process(match):
word = match.group('word') word = match.group('word')
if word.upper() in kb.keywords: if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
return match.group().replace(word, "/*!%s*/" % word) return match.group().replace(word, "/*!%s*/" % word)
else: else:
return match.group() return match.group()
singleTimeWarnMessage("This tamper script is only meant to be run against MySQL >= 5.1.13")
retVal = payload retVal = payload
if payload: if payload:
retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal) retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
return retVal return retVal