important update regarding (Bug #209) - probably more will be needed

2025-12-06 12:41:30 +00:00 · 2010-10-29 16:11:50 +00:00
parent a921fe0d5d
commit 5a38ac7ea9
21 changed files with 130 additions and 130 deletions
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@@ -11,7 +11,7 @@ import string

 from lib.core.exception import sqlmapUnsupportedFeatureException

-def tamper(place, value):
+def tamper(value):
    """
    Replaces value with urlencode of non-encoded chars in value
    Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
@@ -20,18 +20,15 @@ def tamper(place, value):
    retVal = value

    if value:
-        if place != "URI":
-            retVal = ""
-            i = 0
+        retVal = ""
+        i = 0

-            while i < len(value):
-                if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
-                    retVal += value[i:i+3]
-                    i += 3
-                else:
-                    retVal += '%%%X' % ord(value[i])
-                    i += 1
-        else:
-            raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
+        while i < len(value):
+            if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
+                retVal += value[i:i+3]
+                i += 3
+            else:
+                retVal += '%%%X' % ord(value[i])
+                i += 1

    return retVal