From e4089e86e8e5671ca1d25fb0c24e1ca7350d2134 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 22 Oct 2010 18:57:04 +0000 Subject: [PATCH] new tamper script (reference: http://hakipedia.com/index.php/SQL_Injection) --- tamper/space2randomblank.py | 54 +++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 tamper/space2randomblank.py diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py new file mode 100644 index 000000000..fe9c2161d --- /dev/null +++ b/tamper/space2randomblank.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python + +""" +$Id$ + +Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) +See the file 'doc/COPYING' for copying permission +""" + +import random + +from lib.core.convert import urldecode +from lib.core.convert import urlencode + +def tamper(place, value): + """ + Replaces ' ' with a random blank char from a set ('\r', '\n', '\t') + Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers' + """ + + blanks = ['\r', '\n', '\t'] + retVal = value + + if value: + if place != "URI": + value = urldecode(value) + + retVal = "" + quote, doublequote, firstspace = False, False, False + + for i in xrange(len(value)): + if not firstspace: + if value[i].isspace(): + firstspace = True + retVal += random.choice(blanks) + continue + + elif value[i] == '\'': + quote = not quote + + elif value[i] == '"': + doublequote = not doublequote + + elif value[i]==" " and not doublequote and not quote: + retVal += random.choice(blanks) + continue + + retVal += value[i] + + if place != "URI": + retVal = urlencode(retVal) + + return retVal +