sqlmap/tamper/randomcase.py
2010-10-14 14:05:05 +00:00

39 lines
1003 B
Python

#!/usr/bin/env python
# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
"""
value -> chars from value with random case (e.g., INSERT->InsERt)
"""
def tamper(place, value):
retVal = value
if value:
if place != "URI":
retVal = urldecode(retVal)
for match in re.finditer(r"[A-Za-z_]+", retVal):
word = match.group()
if word.upper() in kb.keywords:
newWord = str()
for i in xrange(len(word)):
newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
retVal = retVal.replace(word, newWord)
if place != "URI":
retVal = urlencode(retVal)
return retVal