Add files via upload (#5189)

takito1812 · web-flow · commit 7f62572f4358 · 2022-10-06T11:32:31.000+02:00
diff --git a/tamper/decentities.py b/tamper/decentities.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    HTML encode in decimal (using code points) all characters (e.g. ' -> &#39;)
+
+    >>> tamper("1' AND SLEEP(5)#")
+    '&#49;&#39;&#32;&#65;&#78;&#68;&#32;&#83;&#76;&#69;&#69;&#80;&#40;&#53;&#41;&#35;'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        i = 0
+
+        while i < len(payload):
+            retVal += "&#%s;" % ord(payload[i])
+            i += 1
+
+    return retVal
diff --git a/tamper/hexentities.py b/tamper/hexentities.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    HTML encode in hexadecimal (using code points) all characters (e.g. ' -> &#x31;)
+
+    >>> tamper("1' AND SLEEP(5)#")
+    '&#x31;&#x27;&#x20;&#x41;&#x4e;&#x44;&#x20;&#x53;&#x4c;&#x45;&#x45;&#x50;&#x28;&#x35;&#x29;&#x23;'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        i = 0
+
+        while i < len(payload):
+            retVal += "&#x%s;" % format(ord(payload[i]), "x")
+            i += 1
+
+    return retVal
