Morph MORPH
SIGN IN SIGN UP
sqlmapproject / sqlmap UNCLAIMED

Automatic SQL injection and database takeover tool

36983 0 0 Python
Normal View History Raw
Last preparations for DREI
2019-05-08 12:47:52 +02:00
#!/usr/bin/env python
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
"""
Year bump
2026-01-01 19:12:07 +01:00
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
See the file 'LICENSE' for copying permission
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
"""
Some more DREI stuff
2019-03-28 16:04:38 +01:00
from lib.core.compat import xrange
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
def dependencies():
pass
Update for an Issue #12
2012-12-03 14:27:01 +01:00
def tamper(payload, **kwargs):
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
"""
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
Replaces space character (' ') with plus ('+')
Notes:
First commit related to the #3108
2018-07-31 01:17:11 +02:00
* Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
* This tamper script works against all databases
Another update for an Issue #352 and couple of fixes
2013-03-13 21:57:09 +01:00
>>> tamper('SELECT id FROM users')
'SELECT+id+FROM+users'
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
"""
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
retVal = payload
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
if payload:
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
retVal = ""
quote, doublequote, firstspace = False, False, False
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
for i in xrange(len(payload)):
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
if not firstspace:
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
if payload[i].isspace():
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
firstspace = True
retVal += "+"
continue
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
elif payload[i] == '\'':
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
quote = not quote
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
elif payload[i] == '"':
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
doublequote = not doublequote
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
elif payload[i] == " " and not doublequote and not quote:
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
retVal += "+"
continue
minor cosmetics on tamper scripts
2011-04-04 08:18:26 +00:00
retVal += payload[i]
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
2012-10-25 10:10:23 +02:00
return retVal
Reference in New Issue Copy Permalink