Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e4089e8

Browse files
stamparmstamparm
committed
new tamper script (reference: http://hakipedia.com/index.php/SQL_Injection)
1 parent e6e48c5 commit e4089e8

1 file changed

Lines changed: 54 additions & 0 deletions

File tree

tamper/space2randomblank.py

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id$
5+
6+
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
7+
See the file 'doc/COPYING' for copying permission
8+
"""
9+
10+
import random
11+
12+
from lib.core.convert import urldecode
13+
from lib.core.convert import urlencode
14+
15+
def tamper(place, value):
16+
"""
17+
Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')
18+
Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers'
19+
"""
20+
21+
blanks = ['\r', '\n', '\t']
22+
retVal = value
23+
24+
if value:
25+
if place != "URI":
26+
value = urldecode(value)
27+
28+
retVal = ""
29+
quote, doublequote, firstspace = False, False, False
30+
31+
for i in xrange(len(value)):
32+
if not firstspace:
33+
if value[i].isspace():
34+
firstspace = True
35+
retVal += random.choice(blanks)
36+
continue
37+
38+
elif value[i] == '\'':
39+
quote = not quote
40+
41+
elif value[i] == '"':
42+
doublequote = not doublequote
43+
44+
elif value[i]==" " and not doublequote and not quote:
45+
retVal += random.choice(blanks)
46+
continue
47+
48+
retVal += value[i]
49+
50+
if place != "URI":
51+
retVal = urlencode(retVal)
52+
53+
return retVal
54+

0 commit comments

Comments
 (0)