mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
This commit is contained in:
parent
305115a68b
commit
e957c4400c
|
@ -449,8 +449,10 @@ class Connect:
|
|||
elif place:
|
||||
if place in (PLACE.GET, PLACE.POST):
|
||||
# payloads in GET and/or POST need to be urlencoded
|
||||
# throughly without safe chars (especially &, = and %)
|
||||
payload = urlencode(payload, None, True, True)
|
||||
# throughly without safe chars (especially & and =)
|
||||
# addendum: as we support url encoding in tampering
|
||||
# functions therefore we need to use % as a safe char
|
||||
payload = urlencode(payload, "%", False, True)
|
||||
value = agent.replacePayload(value, payload)
|
||||
|
||||
value = agent.removePayloadDelimiters(value)
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
$Id$
|
||||
|
||||
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.enums import PRIORITY
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
__priority__ = PRIORITY.LOWER
|
||||
|
||||
def tamper(value):
|
||||
"""
|
||||
Replaces value with urlencode(value)
|
||||
Example: 'SELECT FIELD FROM TABLE' becomes 'SELECT%20FIELD%20FROM%20TABLE'
|
||||
"""
|
||||
|
||||
if value:
|
||||
value = urlencode(value, convall=True)
|
||||
|
||||
return value
|
Loading…
Reference in New Issue
Block a user