← Back to branch summary

~ubuntu-branches/ubuntu/vivid/sqlmap/vivid

« back to all changes in this revision

Viewing changes to tamper/unmagicquotes.py

  • Committer: Package Import Robot
  • Author(s): Gianfranco Costamagna
  • Date: 2015-01-31 18:25:34 UTC
  • mfrom: (1.1.2)
  • Revision ID: package-import@ubuntu.com-20150131182534-bllas32vzk36bm8r
Tags: 0.9.150214-1
* New upstream release.
* Remove all lintian-overrides, upstream renamed .so in .so_ and
  .dll to .dll_, so lintian doesn't catch them anymore.
* Update copyright year.

Show diffs side-by-side

added added

removed removed

Lines of Context:
tamper/unmagicquotes.py
1
1
#!/usr/bin/env python
2
2
 
3
3
"""
4
 
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
 
4
Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
5
5
See the file 'doc/COPYING' for copying permission
6
6
"""
7
7
 
26
26
        * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
27
27
 
28
28
    >>> tamper("1' AND 1=1")
29
 
    '1%bf%27 AND 1=1-- '
 
29
    '1%bf%27-- '
30
30
    """
31
31
 
32
32
    retVal = payload
44
44
                continue
45
45
 
46
46
        if found:
47
 
            _ = re.sub("(?i)\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
 
47
            _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
48
48
            if _ != retVal:
49
49
                retVal = _
50
50
                retVal += "-- "
51
 
 
 
51
            elif not any(_ in retVal for _ in ('#', '--', '/*')):
 
52
                retVal += "-- "
52
53
    return retVal