few updates/fixes here and there

stamparm · stamparm · commit d5fcc9d8b53c · 2010-11-04T08:03:59.000Z
diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
@@ -14,7 +14,7 @@
 
 def tamper(value):
     """
-    Add random comments to value
+    Add random comments to SQL keywords in value
     Example: 'INSERT' becomes 'IN/**/S/**/ERT'
     """
 
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
@@ -10,7 +10,7 @@
 def tamper(value):
     """
     Replaces ' ' with '/**/'
-    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
+    Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
     """
 
     retVal = value
diff --git a/tamper/space2plus.py b/tamper/space2plus.py
@@ -9,7 +9,7 @@
 
 def tamper(value):
     """
-    Replaces ' ' with '/**/'
+    Replaces ' ' with '+'
     Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users'
     """
 
diff --git a/tamper/urlencode.py b/tamper/urlencode.py
@@ -13,7 +13,7 @@
 def tamper(value):
     """
     Replaces value with urlencode(value)
-    Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
+    Example: 'SELECT FIELD FROM TABLE' becomes 'SELECT%20FIELD%20FROM%20TABLE'
     """
 
     if value:
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -416,6 +416,7 @@
    <!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html -->
    <!-- http://maxdb.sap.com/doc/7_6/default.htm -->
    <!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm -->
+   <!-- http://www.ximido.de/research/PenTestingMaxDB.pdf -->
 
    <!-- SAP MaxDB -->
    <dbms value="SAP MaxDB">
