sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-08-03 03:40:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 11922225d0 into 6972020faf

Browse Source
This commit is contained in:
flsf 2014-12-19 02:17:58 +00:00
commit e981f36b97
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/common.py
View File

@ -1564,8 +1564,12 @@ def safeStringFormat(format_, params):
""" """
Avoids problems with inappropriate string format strings Avoids problems with inappropriate string format strings
>>> safeStringFormat('foobar%d%s', ('1', 2)) >>> safeStringFormat('foobar%s%s', ('1', 2))
u'foobar12' u'foobar12'
>>> safeStringFormat('foobar %d%s', ('1', 2))
u'foobar 12'
>>> safeStringFormat('foobar=%d%s', ('1', 2))
u'foobar=12'
""" """
if format_.count(PAYLOAD_DELIMITER) == 2: if format_.count(PAYLOAD_DELIMITER) == 2:

4
tamper/unmagicquotes.py
View File

@ -26,7 +26,9 @@ def tamper(payload, **kwargs):
* http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
>>> tamper("1' AND 1=1") >>> tamper("1' AND 1=1")
'1%bf%27 AND 1=1-- ' '1%bf%27 AND 1=1'
>>> tamper("1' AND '1'='1")
'1%bf%27-- '
""" """
retVal = payload retVal = payload