sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-21 17:16:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
master
sqlmap/tamper/htmlencode.py
Miroslav Stampar c84f141b89 Bumping copyright year
2024-01-03 23:11:52 +01:00

32 lines
849 B
Python
Raw Permalink Blame History

#!/usr/bin/env python
"""
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
"""
HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
>>> tamper("1' AND SLEEP(5)#")
'1' AND SLEEP(5)#'
>>> tamper("1' AND SLEEP(5)#")
'1' AND SLEEP(5)#'
"""
if payload:
payload = re.sub(r"&#(\d+);", lambda match: chr(int(match.group(1))), payload) # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5203
payload = re.sub(r"[^\w]", lambda match: "&#%d;" % ord(match.group(0)), payload)
return payload
Reference in New Issue View Git Blame Copy Permalink