Proper overlongutf8.py (Issue #806)

2025-12-25 17:09:02 +00:00 · 2018-02-07 23:59:36 +01:00
parent a16663f9a1
commit 061c8da36b
3 changed files with 6 additions and 5 deletions
--- a/tamper/overlongutf8.py
+++ b/tamper/overlongutf8.py
@@ -20,9 +20,10 @@ def tamper(payload, **kwargs):
    encoded)

    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/

    >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
-    'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'
+    'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'
    """

    retVal = payload
@@ -37,7 +38,7 @@ def tamper(payload, **kwargs):
                i += 3
            else:
                if payload[i] not in (string.ascii_letters + string.digits):
-                    retVal += "%%C0%%%.2X" % (0x8A | ord(payload[i]))
+                    retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))
                else:
                    retVal += payload[i]
                i += 1