Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fff7fe8

Browse files
stamparmstamparm
committed
new tamper script
1 parent 1d74036 commit fff7fe8

1 file changed

Lines changed: 51 additions & 0 deletions

File tree

tamper/space2plus.py

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id: space2comment.py 2035 2010-10-16 21:33:15Z inquisb $
5+
6+
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
7+
See the file 'doc/COPYING' for copying permission
8+
"""
9+
10+
from lib.core.convert import urldecode
11+
from lib.core.convert import urlencode
12+
13+
def tamper(place, value):
14+
"""
15+
Replaces ' ' with '/**/'
16+
Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM users'
17+
"""
18+
19+
retVal = value
20+
21+
if value:
22+
if place != "URI":
23+
value = urldecode(value)
24+
25+
retVal = ""
26+
quote, doublequote, firstspace = False, False, False
27+
28+
for i in xrange(len(value)):
29+
if not firstspace:
30+
if value[i].isspace():
31+
firstspace = True
32+
retVal += "+"
33+
continue
34+
35+
elif value[i] == '\'':
36+
quote = not quote
37+
38+
elif value[i] == '"':
39+
doublequote = not doublequote
40+
41+
elif value[i]==" " and not doublequote and not quote:
42+
retVal += "+"
43+
continue
44+
45+
retVal += value[i]
46+
47+
if place != "URI":
48+
retVal = urlencode(retVal)
49+
50+
return retVal
51+

0 commit comments

Comments
 (0)