minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)

2024-11-22 09:36:35 +03:00 · 2011-04-04 08:04:47 +00:00 · 2011-04-04 08:04:47 +00:00 · e957c4400c
commit e957c4400c
parent 305115a68b
2 changed files with 4 additions and 27 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -449,8 +449,10 @@ class Connect:
        elif place:
            if place in (PLACE.GET, PLACE.POST):
                # payloads in GET and/or POST need to be urlencoded 
-                # throughly without safe chars (especially &, = and %)
-                payload = urlencode(payload, None, True, True)
+                # throughly without safe chars (especially & and =)
+                # addendum: as we support url encoding in tampering
+                # functions therefore we need to use % as a safe char
+                payload = urlencode(payload, "%", False, True)
                value = agent.replacePayload(value, payload)

            value = agent.removePayloadDelimiters(value)
--- a/tamper/urlencode.py
+++ b/tamper/urlencode.py
@ -1,25 +0,0 @@
-#!/usr/bin/env python
-
-"""
-$Id$
-
-Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
-See the file 'doc/COPYING' for copying permission
-"""
-
-from lib.core.convert import urlencode
-from lib.core.enums import PRIORITY
-from lib.core.exception import sqlmapUnsupportedFeatureException
-
-__priority__ = PRIORITY.LOWER
-
-def tamper(value):
-    """
-    Replaces value with urlencode(value)
-    Example: 'SELECT FIELD FROM TABLE' becomes 'SELECT%20FIELD%20FROM%20TABLE'
-    """
-
-    if value:
-        value = urlencode(value, convall=True)
-
-    return value