update of tampering modules

2025-12-07 05:01:30 +00:00 · 2010-10-13 19:51:10 +00:00
parent f700692c74
commit 1b3b916587
4 changed files with 54 additions and 6 deletions
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@@ -0,0 +1,25 @@
+import re
+import string
+
+from lib.core.convert import urlencode
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+"""
+value -> urlencode of nonencoded chars in value
+"""
+def tamper(place, value):
+    retVal = value
+    if value:
+        if place != "URI":
+            retVal = ""
+            i = 0
+            while i < len(value):
+                if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
+                    retVal += value[i:i+3]
+                    i += 3
+                else:
+                    retVal += '%%%X' % ord(value[i])
+                    i += 1
+        else:
+            raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
+    return retVal