introducing new style for copyright header

2024-11-22 01:26:42 +03:00 · 2010-10-14 14:02:43 +00:00 · 2010-10-14 14:02:43 +00:00 · d970e260b9
commit d970e260b9
parent f07608ef4d
7 changed files with 44 additions and 1 deletions
--- a/tamper/init.py
+++ b/tamper/init.py
@ -0,0 +1,2 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re
 import string

@ -8,10 +11,12 @@ value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20T
 """
 def tamper(place, value):
    retVal = value
+
    if value:
        if place != "URI":
            retVal = ""
            i = 0
+
            while i < len(value):
                if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
                    retVal += value[i:i+3]
@ -21,4 +26,5 @@ def tamper(place, value):
                    i += 1
        else:
            raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
+
    return retVal
--- a/tamper/doubleencode.py
+++ b/tamper/doubleencode.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re

 from lib.core.convert import urlencode
@ -12,4 +15,5 @@ def tamper(place, value):
            value = urlencode(value)
        else:
            raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
+
    return value
--- a/tamper/ifnull2ifisnull.py
+++ b/tamper/ifnull2ifisnull.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re

 from lib.core.convert import urldecode
@ -7,14 +10,16 @@ from lib.core.convert import urlencode
 IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
 """
 def tamper(place, value):
+
    if value and value.find("IFNULL") > -1:
        if place != "URI":
            value = urldecode(value)
-        #value = re.sub(r"IFNULL\(\({%d}(?P<A>.+?)\){%d},(?P<B>.+?)\)" % (num, num), lambda match: "IF(ISNULL(%s),%s,%s)" % (match.group("A"), match.group("B"), match.group("A")), value)
+
        while value.find("IFNULL(") > -1:
            index = value.find("IFNULL(")
            deepness = 1
            comma, end = None, None
+
            for i in xrange(index + len("IFNULL("), len(value)):
                if deepness == 1 and value[i] == ',':
                    comma = i
@ -25,6 +30,7 @@ def tamper(place, value):
                    deepness += 1
                elif value[i] == ')':
                    deepness -= 1
+
            if comma and end:
                A = value[index + len("IFNULL("):comma]
                B = value[comma + 1:end]
@ -32,6 +38,8 @@ def tamper(place, value):
                value = value[:index] + newVal + value[end+1:]
            else:
                break
+
        if place != "URI":
            value = urlencode(value)
+
    return value
--- a/tamper/randomblanks.py
+++ b/tamper/randomblanks.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re
 import string

@ -11,6 +14,7 @@ value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
 """
 def tamper(place, value):
    retVal = value
+
    if value:
        if place != "URI":
            retVal = urldecode(retVal)
@ -23,11 +27,14 @@ def tamper(place, value):

            if word.upper() in kb.keywords:
                newWord = word[0]
+
                for i in xrange(1, len(word) - 1):
                    newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
+
                newWord += word[-1]
                retVal = retVal.replace(word, newWord)

        if place != "URI":
            retVal = urlencode(retVal)
+
    return retVal
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re
 import string

@ -11,16 +14,20 @@ value -> chars from value with random case (e.g., INSERT->InsERt)
 """
 def tamper(place, value):
    retVal = value
+
    if value:
        if place != "URI":
            retVal = urldecode(retVal)

        for match in re.finditer(r"[A-Za-z_]+", retVal):
            word = match.group()
+
            if word.upper() in kb.keywords:
                newWord = str()
+
                for i in xrange(len(word)):
                    newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
+
                retVal = retVal.replace(word, newWord)

        if place != "URI":
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@ -1,3 +1,6 @@
+# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
+# See the file doc/COPYING for copying permission.
+
 import re

 from lib.core.convert import urldecode
@ -8,6 +11,7 @@ from lib.core.convert import urlencode
 """
 def tamper(place, value):
    retVal = value
+
    if value:
        if place != "URI":
            value = urldecode(value)
@ -21,16 +25,21 @@ def tamper(place, value):
                    firstspace = True
                    retVal += "/**/"
                    continue
+
            elif value[i] == '\'':
                qoute = not qoute
+
            elif value[i] == '"':
                doublequote = not doublequote
+
            elif value[i]==" " and not doublequote and not qoute:
                retVal += "/**/"
                continue
+
            retVal += value[i]

        if place != "URI":
            retVal = urlencode(retVal)
+
    return retVal