Another update for an Issue #352 and couple of fixes

2025-12-09 22:21:30 +00:00 · 2013-03-13 21:57:09 +01:00
parent b35122a42c
commit 4cb378ce3e
38 changed files with 127 additions and 146 deletions
--- a/tamper/unmagicquotes.py
+++ b/tamper/unmagicquotes.py
@@ -19,15 +19,14 @@ def tamper(payload, **kwargs):
    Replaces quote character (') with a multi-byte combo %bf%27 together with
    generic comment at the end (to make it work)

-    Example:
-        * Input: 1' AND 1=1
-        * Output: 1%bf%27 AND 1=1--%20
-
    Notes:
        * Useful for bypassing magic_quotes/addslashes feature

    Reference:
        * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
+
+    >>> tamper("1' AND 1=1")
+    '1%bf%27 AND 1=1-- '
    """

    retVal = payload