sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

introducing new style for copyright header

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-14 14:02:43 +00:00
parent f07608ef4d
commit d970e260b9
7 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tamper/__init__.py
View File

@ -0,0 +1,2 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.

6
tamper/charencode.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
import string import string
@ -8,10 +11,12 @@ value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20T
""" """
def tamper(place, value): def tamper(place, value):
retVal = value retVal = value
if value: if value:
if place != "URI": if place != "URI":
retVal = "" retVal = ""
i = 0 i = 0
while i < len(value): while i < len(value):
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits: if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
retVal += value[i:i+3] retVal += value[i:i+3]
@ -21,4 +26,5 @@ def tamper(place, value):
i += 1 i += 1
else: else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__ raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
return retVal return retVal

4
tamper/doubleencode.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
from lib.core.convert import urlencode from lib.core.convert import urlencode
@ -12,4 +15,5 @@ def tamper(place, value):
value = urlencode(value) value = urlencode(value)
else: else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__ raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
return value return value

10
tamper/ifnull2ifisnull.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
from lib.core.convert import urldecode from lib.core.convert import urldecode
@ -7,14 +10,16 @@ from lib.core.convert import urlencode
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1)) IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
""" """
def tamper(place, value): def tamper(place, value):
if value and value.find("IFNULL") > -1: if value and value.find("IFNULL") > -1:
if place != "URI": if place != "URI":
value = urldecode(value) value = urldecode(value)
#value = re.sub(r"IFNULL\(\({%d}(?P<A>.+?)\){%d},(?P<B>.+?)\)" % (num, num), lambda match: "IF(ISNULL(%s),%s,%s)" % (match.group("A"), match.group("B"), match.group("A")), value)
while value.find("IFNULL(") > -1: while value.find("IFNULL(") > -1:
index = value.find("IFNULL(") index = value.find("IFNULL(")
deepness = 1 deepness = 1
comma, end = None, None comma, end = None, None
for i in xrange(index + len("IFNULL("), len(value)): for i in xrange(index + len("IFNULL("), len(value)):
if deepness == 1 and value[i] == ',': if deepness == 1 and value[i] == ',':
comma = i comma = i
@ -25,6 +30,7 @@ def tamper(place, value):
deepness += 1 deepness += 1
elif value[i] == ')': elif value[i] == ')':
deepness -= 1 deepness -= 1
if comma and end: if comma and end:
A = value[index + len("IFNULL("):comma] A = value[index + len("IFNULL("):comma]
B = value[comma + 1:end] B = value[comma + 1:end]
@ -32,6 +38,8 @@ def tamper(place, value):
value = value[:index] + newVal + value[end+1:] value = value[:index] + newVal + value[end+1:]
else: else:
break break
if place != "URI": if place != "URI":
value = urlencode(value) value = urlencode(value)
return value return value

7
tamper/randomblanks.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
import string import string
@ -11,6 +14,7 @@ value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
""" """
def tamper(place, value): def tamper(place, value):
retVal = value retVal = value
if value: if value:
if place != "URI": if place != "URI":
retVal = urldecode(retVal) retVal = urldecode(retVal)
@ -23,11 +27,14 @@ def tamper(place, value):
if word.upper() in kb.keywords: if word.upper() in kb.keywords:
newWord = word[0] newWord = word[0]
for i in xrange(1, len(word) - 1): for i in xrange(1, len(word) - 1):
newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i]) newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
newWord += word[-1] newWord += word[-1]
retVal = retVal.replace(word, newWord) retVal = retVal.replace(word, newWord)
if place != "URI": if place != "URI":
retVal = urlencode(retVal) retVal = urlencode(retVal)
return retVal return retVal

7
tamper/randomcase.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
import string import string
@ -11,16 +14,20 @@ value -> chars from value with random case (e.g., INSERT->InsERt)
""" """
def tamper(place, value): def tamper(place, value):
retVal = value retVal = value
if value: if value:
if place != "URI": if place != "URI":
retVal = urldecode(retVal) retVal = urldecode(retVal)
for match in re.finditer(r"[A-Za-z_]+", retVal): for match in re.finditer(r"[A-Za-z_]+", retVal):
word = match.group() word = match.group()
if word.upper() in kb.keywords: if word.upper() in kb.keywords:
newWord = str() newWord = str()
for i in xrange(len(word)): for i in xrange(len(word)):
newWord += word[i].upper() if randomRange(0,1) else word[i].lower() newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
retVal = retVal.replace(word, newWord) retVal = retVal.replace(word, newWord)
if place != "URI": if place != "URI":

9
tamper/space2comment.py
View File

@ -1,3 +1,6 @@
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re import re
from lib.core.convert import urldecode from lib.core.convert import urldecode
@ -8,6 +11,7 @@ from lib.core.convert import urlencode
""" """
def tamper(place, value): def tamper(place, value):
retVal = value retVal = value
if value: if value:
if place != "URI": if place != "URI":
value = urldecode(value) value = urldecode(value)
@ -21,16 +25,21 @@ def tamper(place, value):
firstspace = True firstspace = True
retVal += "/**/" retVal += "/**/"
continue continue
elif value[i] == '\'': elif value[i] == '\'':
qoute = not qoute qoute = not qoute
elif value[i] == '"': elif value[i] == '"':
doublequote = not doublequote doublequote = not doublequote
elif value[i]==" " and not doublequote and not qoute: elif value[i]==" " and not doublequote and not qoute:
retVal += "/**/" retVal += "/**/"
continue continue
retVal += value[i] retVal += value[i]
if place != "URI": if place != "URI":
retVal = urlencode(retVal) retVal = urlencode(retVal)
return retVal return retVal