PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Improvement of a between.py tamper script

Browse Source
This commit is contained in:
Miroslav Stampar
2012-11-29 14:41:07 +01:00
parent 605d73cc3d
commit bdd819d7f2
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tamper/between.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
@@ -54,7 +56,7 @@ def tamper(payload, headers=None):
elif payload[i] == ">" and not doublequote and not quote:
retVal += " " if i > 0 and not payload[i-1].isspace() else ""
retVal += "NOT BETWEEN 0 AND"
retVal += "NOT BETWEEN %s AND" % ('0' if re.search(r"\A[^\w]*\d", payload[i+1:]) else "NULL")
retVal += " " if i < len(payload) - 1 and not payload[i+1:i+2].isspace() else ""
continue