commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)

2025-12-06 20:51:31 +00:00 · 2010-10-14 11:06:28 +00:00
parent cf73d9c799
commit 162d01abed
8 changed files with 328 additions and 23 deletions
--- a/tamper/space2comment.py
+++ b/tamper/space2comment.py
@@ -6,12 +6,28 @@ from lib.core.convert import urlencode
 """
 ' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
 """
-#TODO: only do it for deepness = 0 regarding '"
 def tamper(place, value):
+    retVal = value
    if value:
        if place != "URI":
            value = urldecode(value)
-        value = value.replace(" ", "/**/")
+
+        retVal = ""
+        qoute, doublequote, firstspace = False, False, False
+
+        for i in xrange(len(value)):
+            if not firstspace:
+                firstspace = value[i].isspace()
+            elif value[i] == '\'':
+                qoute = not qoute
+            elif value[i] == '"':
+                doublequote = not doublequote
+            elif value[i]==" " and not doublequote and not qoute:
+                retVal += "/**/"
+                continue
+            retVal += value[i]
+
        if place != "URI":
-            value = urlencode(value)
-    return value
+            retVal = urlencode(retVal)
+    return retVal
+