update of tampering modules

stamparm · stamparm · commit 1b3b916587a2 · 2010-10-13T19:51:10.000Z
diff --git a/tamper/charencode.py b/tamper/charencode.py
@@ -0,0 +1,25 @@
+import re
+import string
+
+from lib.core.convert import urlencode
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+"""
+value -> urlencode of nonencoded chars in value
+"""
+def tamper(place, value):
+    retVal = value
+    if value:
+        if place != "URI":
+            retVal = ""
+            i = 0
+            while i < len(value):
+                if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
+                    retVal += value[i:i+3]
+                    i += 3
+                else:
+                    retVal += '%%%X' % ord(value[i])
+                    i += 1
+        else:
+            raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
+    return retVal
diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py
@@ -4,7 +4,7 @@
 from lib.core.convert import urlencode
 
 """
-Tampering IFNULL(A,B) -> IF(ISNULL(A),B,A)
+IFNULL(A,B) -> IF(ISNULL(A),B,A)
 """
 def tamper(place, value):
     if value and value.find("IFNULL") > -1:
@@ -25,10 +25,13 @@ def tamper(place, value):
                     deepness += 1
                 elif value[i] == ')':
                     deepness -= 1
-            A = value[index + len("IFNULL("):comma]
-            B = value[comma + 1:end]
-            newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
-            value = value[:index] + newVal + value[end+1:]
+            if comma and end:
+                A = value[index + len("IFNULL("):comma]
+                B = value[comma + 1:end]
+                newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
+                value = value[:index] + newVal + value[end+1:]
+            else:
+                break
         if place != "URI":
             value = urlencode(value)
     return value
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
@@ -0,0 +1,20 @@
+import re
+import string
+
+from lib.core.convert import urlencode
+from lib.core.common import randomRange
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+"""
+value -> random case of chars in value
+"""
+def tamper(place, value):
+    retVal = value
+    if value:
+        retVal = ""
+        for i in xrange(len(value)):
+            if value[i].isalpha():
+                retVal += value[i].upper() if randomRange(0,1) else value[i].lower()
+            else:
+                retVal += value[i]
+    return retVal
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
@@ -4,7 +4,7 @@
 from lib.core.convert import urlencode
 
 """
-Tampering ' ' -> /**/
+' ' -> /**/
 """
 def tamper(place, value):
     if value:
