PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-16 11:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Minor bug fixes, code refactoring and enhanced --tamper functionality

Browse Source
This commit is contained in:
Bernardo Damele
2010-10-16 21:33:15 +00:00
parent 5c3d21065a
commit 2dae934a2b
9 changed files with 68 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tamper/between.py
View File

@@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
"""
def tamper(place, value):
"""
Replaces '>' with 'NOT BETWEEN 0 AND #'
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
"""
retVal = value
if value:
@@ -23,25 +23,26 @@ def tamper(place, value):
value = urldecode(value)
retVal = ""
qoute, doublequote, firstspace = False, False, False
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
if not firstspace:
if value[i].isspace():
firstspace = True
retVal += "/**/"
retVal += " "
continue
elif value[i] == '\'':
qoute = not qoute
quote = not quote
elif value[i] == '"':
doublequote = not doublequote
elif value[i]==">" and not doublequote and not qoute:
elif value[i] == ">" and not doublequote and not quote:
retVal += " " if i > 0 and not value[i-1].isspace() else ""
retVal += "NOT BETWEEN 0 AND"
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
continue
retVal += value[i]

11
tamper/charencode.py
View File

@@ -7,15 +7,16 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.exception import sqlmapUnsupportedFeatureException
"""
value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20TABLE -> %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45)
"""
def tamper(place, value):
"""
Replaces value with urlencode of non-encoded chars in value
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
"""
retVal = value
if value:
@@ -31,6 +32,6 @@ def tamper(place, value):
retVal += '%%%X' % ord(value[i])
i += 1
else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
return retVal

14
tamper/doubleencode.py
View File

@@ -7,19 +7,19 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urlencode
from lib.core.exception import sqlmapUnsupportedFeatureException
"""
Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)
"""
def tamper(place, value):
"""
Replaces value with urlencode(value)
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
"""
if value:
if place != "URI":
value = urlencode(value)
value = urlencode(value, convall=True)
else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
return value

9
tamper/ifnull2ifisnull.py
View File

@@ -7,15 +7,14 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
"""
def tamper(place, value):
"""
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
"""
if value and value.find("IFNULL") > -1:
if place != "URI":

9
tamper/randomcase.py
View File

@@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
"""
value -> chars from value with random case (e.g., INSERT->InsERt)
"""
def tamper(place, value):
"""
Replaces each character with random case value
Example: 'INSERT' might become 'InsERt'
"""
retVal = value
if value:

9
tamper/randomblanks.py → tamper/randomcomments.py
View File

@@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
"""
value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
"""
def tamper(place, value):
"""
Add random comments to value
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
"""
retVal = value
if value:

16
tamper/space2comment.py
View File

@@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
"""
def tamper(place, value):
"""
Replaces ' ' with '/**/'
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
"""
retVal = value
if value:
@@ -23,7 +23,7 @@ def tamper(place, value):
value = urldecode(value)
retVal = ""
qoute, doublequote, firstspace = False, False, False
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
if not firstspace:
@@ -33,12 +33,12 @@ def tamper(place, value):
continue
elif value[i] == '\'':
qoute = not qoute
quote = not quote
elif value[i] == '"':
doublequote = not doublequote
elif value[i]==" " and not doublequote and not qoute:
elif value[i]==" " and not doublequote and not quote:
retVal += "/**/"
continue