Minor bug fixes, code refactoring and enhanced --tamper functionality

2025-12-06 12:41:30 +00:00 · 2010-10-16 21:33:15 +00:00
parent 5c3d21065a
commit 2dae934a2b
9 changed files with 68 additions and 62 deletions
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

-import re
-
 from lib.core.convert import urldecode
 from lib.core.convert import urlencode

-"""
-'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
-"""
 def tamper(place, value):
+    """
+    Replaces '>' with 'NOT BETWEEN 0 AND #'
+    Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
+    """
+
    retVal = value

    if value:
@@ -23,25 +23,26 @@ def tamper(place, value):
            value = urldecode(value)

        retVal = ""
-        qoute, doublequote, firstspace = False, False, False
+        quote, doublequote, firstspace = False, False, False

        for i in xrange(len(value)):
            if not firstspace:
                if value[i].isspace():
                    firstspace = True
-                    retVal += "/**/"
+                    retVal += " "
                    continue

            elif value[i] == '\'':
-                qoute = not qoute
+                quote = not quote

            elif value[i] == '"':
                doublequote = not doublequote

-            elif value[i]==">" and not doublequote and not qoute:
+            elif value[i] == ">" and not doublequote and not quote:
                retVal += " " if i > 0 and not value[i-1].isspace() else ""
                retVal += "NOT BETWEEN 0 AND"
                retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
+
                continue

            retVal += value[i]