mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
introducing new style for copyright header
This commit is contained in:
parent
f07608ef4d
commit
d970e260b9
|
@ -0,0 +1,2 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
import string
|
import string
|
||||||
|
|
||||||
|
@ -8,10 +11,12 @@ value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20T
|
||||||
"""
|
"""
|
||||||
def tamper(place, value):
|
def tamper(place, value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
retVal = ""
|
retVal = ""
|
||||||
i = 0
|
i = 0
|
||||||
|
|
||||||
while i < len(value):
|
while i < len(value):
|
||||||
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
|
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
|
||||||
retVal += value[i:i+3]
|
retVal += value[i:i+3]
|
||||||
|
@ -21,4 +26,5 @@ def tamper(place, value):
|
||||||
i += 1
|
i += 1
|
||||||
else:
|
else:
|
||||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
|
||||||
from lib.core.convert import urlencode
|
from lib.core.convert import urlencode
|
||||||
|
@ -12,4 +15,5 @@ def tamper(place, value):
|
||||||
value = urlencode(value)
|
value = urlencode(value)
|
||||||
else:
|
else:
|
||||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
|
||||||
from lib.core.convert import urldecode
|
from lib.core.convert import urldecode
|
||||||
|
@ -7,14 +10,16 @@ from lib.core.convert import urlencode
|
||||||
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
|
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
|
||||||
"""
|
"""
|
||||||
def tamper(place, value):
|
def tamper(place, value):
|
||||||
|
|
||||||
if value and value.find("IFNULL") > -1:
|
if value and value.find("IFNULL") > -1:
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
value = urldecode(value)
|
value = urldecode(value)
|
||||||
#value = re.sub(r"IFNULL\(\({%d}(?P<A>.+?)\){%d},(?P<B>.+?)\)" % (num, num), lambda match: "IF(ISNULL(%s),%s,%s)" % (match.group("A"), match.group("B"), match.group("A")), value)
|
|
||||||
while value.find("IFNULL(") > -1:
|
while value.find("IFNULL(") > -1:
|
||||||
index = value.find("IFNULL(")
|
index = value.find("IFNULL(")
|
||||||
deepness = 1
|
deepness = 1
|
||||||
comma, end = None, None
|
comma, end = None, None
|
||||||
|
|
||||||
for i in xrange(index + len("IFNULL("), len(value)):
|
for i in xrange(index + len("IFNULL("), len(value)):
|
||||||
if deepness == 1 and value[i] == ',':
|
if deepness == 1 and value[i] == ',':
|
||||||
comma = i
|
comma = i
|
||||||
|
@ -25,6 +30,7 @@ def tamper(place, value):
|
||||||
deepness += 1
|
deepness += 1
|
||||||
elif value[i] == ')':
|
elif value[i] == ')':
|
||||||
deepness -= 1
|
deepness -= 1
|
||||||
|
|
||||||
if comma and end:
|
if comma and end:
|
||||||
A = value[index + len("IFNULL("):comma]
|
A = value[index + len("IFNULL("):comma]
|
||||||
B = value[comma + 1:end]
|
B = value[comma + 1:end]
|
||||||
|
@ -32,6 +38,8 @@ def tamper(place, value):
|
||||||
value = value[:index] + newVal + value[end+1:]
|
value = value[:index] + newVal + value[end+1:]
|
||||||
else:
|
else:
|
||||||
break
|
break
|
||||||
|
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
value = urlencode(value)
|
value = urlencode(value)
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
import string
|
import string
|
||||||
|
|
||||||
|
@ -11,6 +14,7 @@ value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
|
||||||
"""
|
"""
|
||||||
def tamper(place, value):
|
def tamper(place, value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
retVal = urldecode(retVal)
|
retVal = urldecode(retVal)
|
||||||
|
@ -23,11 +27,14 @@ def tamper(place, value):
|
||||||
|
|
||||||
if word.upper() in kb.keywords:
|
if word.upper() in kb.keywords:
|
||||||
newWord = word[0]
|
newWord = word[0]
|
||||||
|
|
||||||
for i in xrange(1, len(word) - 1):
|
for i in xrange(1, len(word) - 1):
|
||||||
newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
|
newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
|
||||||
|
|
||||||
newWord += word[-1]
|
newWord += word[-1]
|
||||||
retVal = retVal.replace(word, newWord)
|
retVal = retVal.replace(word, newWord)
|
||||||
|
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
retVal = urlencode(retVal)
|
retVal = urlencode(retVal)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
import string
|
import string
|
||||||
|
|
||||||
|
@ -11,16 +14,20 @@ value -> chars from value with random case (e.g., INSERT->InsERt)
|
||||||
"""
|
"""
|
||||||
def tamper(place, value):
|
def tamper(place, value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
retVal = urldecode(retVal)
|
retVal = urldecode(retVal)
|
||||||
|
|
||||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||||
word = match.group()
|
word = match.group()
|
||||||
|
|
||||||
if word.upper() in kb.keywords:
|
if word.upper() in kb.keywords:
|
||||||
newWord = str()
|
newWord = str()
|
||||||
|
|
||||||
for i in xrange(len(word)):
|
for i in xrange(len(word)):
|
||||||
newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
|
newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
|
||||||
|
|
||||||
retVal = retVal.replace(word, newWord)
|
retVal = retVal.replace(word, newWord)
|
||||||
|
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||||
|
# See the file doc/COPYING for copying permission.
|
||||||
|
|
||||||
import re
|
import re
|
||||||
|
|
||||||
from lib.core.convert import urldecode
|
from lib.core.convert import urldecode
|
||||||
|
@ -8,6 +11,7 @@ from lib.core.convert import urlencode
|
||||||
"""
|
"""
|
||||||
def tamper(place, value):
|
def tamper(place, value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
value = urldecode(value)
|
value = urldecode(value)
|
||||||
|
@ -21,16 +25,21 @@ def tamper(place, value):
|
||||||
firstspace = True
|
firstspace = True
|
||||||
retVal += "/**/"
|
retVal += "/**/"
|
||||||
continue
|
continue
|
||||||
|
|
||||||
elif value[i] == '\'':
|
elif value[i] == '\'':
|
||||||
qoute = not qoute
|
qoute = not qoute
|
||||||
|
|
||||||
elif value[i] == '"':
|
elif value[i] == '"':
|
||||||
doublequote = not doublequote
|
doublequote = not doublequote
|
||||||
|
|
||||||
elif value[i]==" " and not doublequote and not qoute:
|
elif value[i]==" " and not doublequote and not qoute:
|
||||||
retVal += "/**/"
|
retVal += "/**/"
|
||||||
continue
|
continue
|
||||||
|
|
||||||
retVal += value[i]
|
retVal += value[i]
|
||||||
|
|
||||||
if place != "URI":
|
if place != "URI":
|
||||||
retVal = urlencode(retVal)
|
retVal = urlencode(retVal)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user