File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -1564,8 +1564,8 @@ def safeStringFormat(format_, params):
15641564 """
15651565 Avoids problems with inappropriate string format strings
15661566
1567- >>> safeStringFormat('foobar%d%s ', ('1 ', 2 ))
1568- u'foobar12 '
1567+ >>> safeStringFormat('SELECT foo FROM %s LIMIT %d ', ('bar ', '1' ))
1568+ u'SELECT foo FROM bar LIMIT 1 '
15691569 """
15701570
15711571 if format_ .count (PAYLOAD_DELIMITER ) == 2 :
Original file line number Diff line number Diff line change @@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
2626 * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
2727
2828 >>> tamper("1' AND 1=1")
29- '1%bf%27 AND 1=1 -- '
29+ '1%bf%27-- '
3030 """
3131
3232 retVal = payload
@@ -44,9 +44,10 @@ def tamper(payload, **kwargs):
4444 continue
4545
4646 if found :
47- _ = re .sub ("(?i)\s*(AND|OR)[\s(]+'[^']+' \s*(=|LIKE)\s*'.* " , "" , retVal )
47+ _ = re .sub (r "(?i)\s*(AND|OR)[\s(]+([^\s]+) \s*(=|LIKE)\s*\2 """ , retVal )
4848 if _ != retVal :
4949 retVal = _
5050 retVal += "-- "
51-
51+ elif not any (_ in retVal for _ in ('#' , '--' , '/*' )):
52+ retVal += "-- "
5253 return retVal
You can’t perform that action at this time.
0 commit comments