PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

First commit related to the #3108

Browse Source
This commit is contained in:
Miroslav Stampar
2018-07-31 01:17:11 +02:00
parent cef416559a
commit f0e4c20004
32 changed files with 72 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tamper/chardoubleencode.py
View File

@@ -16,13 +16,10 @@ def dependencies():
def tamper(payload, **kwargs):
"""
Double url-encodes all characters in a given payload (not processing
already encoded)
Double URL-encodes all characters in a given payload (not processing already encoded)
Notes:
* Useful to bypass some weak web application firewalls that do not
double url-decode the request before processing it through their
ruleset
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
>>> tamper('SELECT FIELD FROM%20TABLE')
'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'