PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2018-02-08 16:49:16 +01:00
parent 5b99180ffe
commit 56a4e507e8
20 changed files with 53 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tamper/plus2fnconcat.py
View File

@@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.common import zeroDepthSearch
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
def tamper(payload, **kwargs):
"""
@@ -64,7 +66,7 @@ def tamper(payload, **kwargs):
retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
else:
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
if match:
part = match.group(0)
indexes = set(zeroDepthSearch(match.group(1), '+'))