PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Minor bug fixes, code refactoring and enhanced --tamper functionality

Browse Source
This commit is contained in:
Bernardo Damele
2010-10-16 21:33:15 +00:00
parent 5c3d21065a
commit 2dae934a2b
9 changed files with 68 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tamper/doubleencode.py
View File

@@ -7,19 +7,19 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urlencode
from lib.core.exception import sqlmapUnsupportedFeatureException
"""
Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)
"""
def tamper(place, value):
"""
Replaces value with urlencode(value)
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
"""
if value:
if place != "URI":
value = urlencode(value)
value = urlencode(value, convall=True)
else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
return value