Adding escapequotes.py (utility tamper script)

2024-11-22 01:26:42 +03:00 · 2016-02-05 12:00:57 +01:00 · 2016-02-05 12:00:57 +01:00 · cedfdc78f4
commit cedfdc78f4
parent 08aae2b7c5
2 changed files with 28 additions and 1 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -80,6 +80,7 @@ from lib.core.exception import SqlmapSyntaxException
 from lib.core.exception import SqlmapTokenException
 from lib.core.exception import SqlmapValueException
 from lib.core.settings import ASTERISK_MARKER
+from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import DEFAULT_CONTENT_TYPE
 from lib.core.settings import DEFAULT_COOKIE_DELIMITER
@ -765,7 +766,7 @@ class Connect(object):

                value = agent.replacePayload(value, payload)

-            logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload))
+            logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\'))

            if place == PLACE.CUSTOM_POST and kb.postHint:
                if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
--- a/tamper/escapequotes.py
+++ b/tamper/escapequotes.py
@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import base64
+
+from lib.core.enums import PRIORITY
+from lib.core.settings import UNICODE_ENCODING
+
+__priority__ = PRIORITY.LOWEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Slash escape quotes (' and ")
+
+    >>> tamper("1' AND SLEEP(5)#")
+    '1\' AND SLEEP(5)#'
+    """
+
+    return payload.replace("'", "\\'").replace('"', '\\"')