From d5fcc9d8b53c65d40154b6910a5b8b930762e4b2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 4 Nov 2010 08:03:59 +0000
Subject: [PATCH] few updates/fixes here and there

---
 tamper/randomcomments.py | 2 +-
 tamper/space2comment.py  | 2 +-
 tamper/space2plus.py     | 2 +-
 tamper/urlencode.py      | 2 +-
 xml/queries.xml          | 1 +
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
index 3d40874e2..899567e04 100644
--- a/tamper/randomcomments.py
+++ b/tamper/randomcomments.py
@@ -14,7 +14,7 @@ from lib.core.data import kb
 
 def tamper(value):
     """
-    Add random comments to value
+    Add random comments to SQL keywords in value
     Example: 'INSERT' becomes 'IN/**/S/**/ERT'
     """
 
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
index ba247de67..a339dbe46 100644
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@@ -10,7 +10,7 @@ See the file 'doc/COPYING' for copying permission
 def tamper(value):
     """
     Replaces ' ' with '/**/'
-    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
+    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
     """
 
     retVal = value
diff --git a/tamper/space2plus.py b/tamper/space2plus.py
index 86a396b90..b778b0543 100644
--- a/tamper/space2plus.py
+++ b/tamper/space2plus.py
@@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
 
 def tamper(value):
     """
-    Replaces ' ' with '/**/'
+    Replaces ' ' with '+'
     Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users'
     """
 
diff --git a/tamper/urlencode.py b/tamper/urlencode.py
index 626a067fb..d0b621571 100644
--- a/tamper/urlencode.py
+++ b/tamper/urlencode.py
@@ -13,7 +13,7 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
 def tamper(value):
     """
     Replaces value with urlencode(value)
-    Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
+    Example: 'SELECT FIELD FROM TABLE' becomes 'SELECT%20FIELD%20FROM%20TABLE'
     """
 
     if value:
diff --git a/xml/queries.xml b/xml/queries.xml
index 3920772a6..646c8d34f 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -416,6 +416,7 @@
    <!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html -->
    <!-- http://maxdb.sap.com/doc/7_6/default.htm -->
    <!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm -->
+   <!-- http://www.ximido.de/research/PenTestingMaxDB.pdf -->
 
    <!-- SAP MaxDB -->
    <dbms value="SAP MaxDB">