diff --git a/tamper/__init__.py b/tamper/__init__.py index e69de29bb..0e637aa3b 100644 --- a/tamper/__init__.py +++ b/tamper/__init__.py @@ -0,0 +1,2 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. diff --git a/tamper/charencode.py b/tamper/charencode.py index 87ccd3f8f..468bbffe4 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re import string @@ -8,10 +11,12 @@ value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20T """ def tamper(place, value): retVal = value + if value: if place != "URI": retVal = "" i = 0 + while i < len(value): if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits: retVal += value[i:i+3] @@ -21,4 +26,5 @@ def tamper(place, value): i += 1 else: raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__ + return retVal diff --git a/tamper/doubleencode.py b/tamper/doubleencode.py index 6ca004b03..6f9c646c5 100644 --- a/tamper/doubleencode.py +++ b/tamper/doubleencode.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re from lib.core.convert import urlencode @@ -12,4 +15,5 @@ def tamper(place, value): value = urlencode(value) else: raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__ + return value diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index df4fa4610..74af5639e 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re from lib.core.convert import urldecode @@ -7,14 +10,16 @@ from lib.core.convert import urlencode IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1)) """ def tamper(place, value): + if value and value.find("IFNULL") > -1: if place != "URI": value = urldecode(value) - #value = re.sub(r"IFNULL\(\({%d}(?P.+?)\){%d},(?P.+?)\)" % (num, num), lambda match: "IF(ISNULL(%s),%s,%s)" % (match.group("A"), match.group("B"), match.group("A")), value) + while value.find("IFNULL(") > -1: index = value.find("IFNULL(") deepness = 1 comma, end = None, None + for i in xrange(index + len("IFNULL("), len(value)): if deepness == 1 and value[i] == ',': comma = i @@ -25,6 +30,7 @@ def tamper(place, value): deepness += 1 elif value[i] == ')': deepness -= 1 + if comma and end: A = value[index + len("IFNULL("):comma] B = value[comma + 1:end] @@ -32,6 +38,8 @@ def tamper(place, value): value = value[:index] + newVal + value[end+1:] else: break + if place != "URI": value = urlencode(value) + return value diff --git a/tamper/randomblanks.py b/tamper/randomblanks.py index e46aa7148..fcd2ce45a 100644 --- a/tamper/randomblanks.py +++ b/tamper/randomblanks.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re import string @@ -11,6 +14,7 @@ value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT) """ def tamper(place, value): retVal = value + if value: if place != "URI": retVal = urldecode(retVal) @@ -23,11 +27,14 @@ def tamper(place, value): if word.upper() in kb.keywords: newWord = word[0] + for i in xrange(1, len(word) - 1): newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i]) + newWord += word[-1] retVal = retVal.replace(word, newWord) if place != "URI": retVal = urlencode(retVal) + return retVal diff --git a/tamper/randomcase.py b/tamper/randomcase.py index bc45d9dbd..74e845283 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re import string @@ -11,16 +14,20 @@ value -> chars from value with random case (e.g., INSERT->InsERt) """ def tamper(place, value): retVal = value + if value: if place != "URI": retVal = urldecode(retVal) for match in re.finditer(r"[A-Za-z_]+", retVal): word = match.group() + if word.upper() in kb.keywords: newWord = str() + for i in xrange(len(word)): newWord += word[i].upper() if randomRange(0,1) else word[i].lower() + retVal = retVal.replace(word, newWord) if place != "URI": diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 5988f7db2..884f5b152 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -1,3 +1,6 @@ +# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/) +# See the file doc/COPYING for copying permission. + import re from lib.core.convert import urldecode @@ -8,6 +11,7 @@ from lib.core.convert import urlencode """ def tamper(place, value): retVal = value + if value: if place != "URI": value = urldecode(value) @@ -21,16 +25,21 @@ def tamper(place, value): firstspace = True retVal += "/**/" continue + elif value[i] == '\'': qoute = not qoute + elif value[i] == '"': doublequote = not doublequote + elif value[i]==" " and not doublequote and not qoute: retVal += "/**/" continue + retVal += value[i] if place != "URI": retVal = urlencode(retVal) + return retVal