mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
introducing new style for copyright header
This commit is contained in:
parent
f07608ef4d
commit
d970e260b9
|
@ -0,0 +1,2 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
|
@ -8,10 +11,12 @@ value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20T
|
|||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = ""
|
||||
i = 0
|
||||
|
||||
while i < len(value):
|
||||
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
|
||||
retVal += value[i:i+3]
|
||||
|
@ -21,4 +26,5 @@ def tamper(place, value):
|
|||
i += 1
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
|
@ -12,4 +15,5 @@ def tamper(place, value):
|
|||
value = urlencode(value)
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return value
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
|
@ -7,14 +10,16 @@ from lib.core.convert import urlencode
|
|||
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
|
||||
"""
|
||||
def tamper(place, value):
|
||||
|
||||
if value and value.find("IFNULL") > -1:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
#value = re.sub(r"IFNULL\(\({%d}(?P<A>.+?)\){%d},(?P<B>.+?)\)" % (num, num), lambda match: "IF(ISNULL(%s),%s,%s)" % (match.group("A"), match.group("B"), match.group("A")), value)
|
||||
|
||||
while value.find("IFNULL(") > -1:
|
||||
index = value.find("IFNULL(")
|
||||
deepness = 1
|
||||
comma, end = None, None
|
||||
|
||||
for i in xrange(index + len("IFNULL("), len(value)):
|
||||
if deepness == 1 and value[i] == ',':
|
||||
comma = i
|
||||
|
@ -25,6 +30,7 @@ def tamper(place, value):
|
|||
deepness += 1
|
||||
elif value[i] == ')':
|
||||
deepness -= 1
|
||||
|
||||
if comma and end:
|
||||
A = value[index + len("IFNULL("):comma]
|
||||
B = value[comma + 1:end]
|
||||
|
@ -32,6 +38,8 @@ def tamper(place, value):
|
|||
value = value[:index] + newVal + value[end+1:]
|
||||
else:
|
||||
break
|
||||
|
||||
if place != "URI":
|
||||
value = urlencode(value)
|
||||
|
||||
return value
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
|
@ -11,6 +14,7 @@ value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
|
|||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = urldecode(retVal)
|
||||
|
@ -23,11 +27,14 @@ def tamper(place, value):
|
|||
|
||||
if word.upper() in kb.keywords:
|
||||
newWord = word[0]
|
||||
|
||||
for i in xrange(1, len(word) - 1):
|
||||
newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
|
||||
|
||||
newWord += word[-1]
|
||||
retVal = retVal.replace(word, newWord)
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
|
@ -11,16 +14,20 @@ value -> chars from value with random case (e.g., INSERT->InsERt)
|
|||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
retVal = urldecode(retVal)
|
||||
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
newWord = str()
|
||||
|
||||
for i in xrange(len(word)):
|
||||
newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
|
||||
|
||||
retVal = retVal.replace(word, newWord)
|
||||
|
||||
if place != "URI":
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
|
||||
# See the file doc/COPYING for copying permission.
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
|
@ -8,6 +11,7 @@ from lib.core.convert import urlencode
|
|||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
@ -21,16 +25,21 @@ def tamper(place, value):
|
|||
firstspace = True
|
||||
retVal += "/**/"
|
||||
continue
|
||||
|
||||
elif value[i] == '\'':
|
||||
qoute = not qoute
|
||||
|
||||
elif value[i] == '"':
|
||||
doublequote = not doublequote
|
||||
|
||||
elif value[i]==" " and not doublequote and not qoute:
|
||||
retVal += "/**/"
|
||||
continue
|
||||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user