MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / tamper

Function tamper

tamper/hex2char.py:22–49  ·  view source on GitHub ↗

Replaces each (MySQL) 0x encoded string with equivalent CONCAT(CHAR(),...) counterpart Requirement: * MySQL Tested against: * MySQL 4, 5.0 and 5.5 Notes: * Useful in cases when web application does the upper casing >>> tamper('SELECT 0xdeadbeef')

(payload, **kwargs)

Source from the content-addressed store, hash-verified

20 singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
21
22def tamper(payload, **kwargs):
23 """
24 Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart
25
26 Requirement:
27 * MySQL
28
29 Tested against:
30 * MySQL 4, 5.0 and 5.5
31
32 Notes:
33 * Useful in cases when web application does the upper casing
34
35 >>> tamper('SELECT 0xdeadbeef')
36 'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'
37 """
38
39 retVal = payload
40
41 if payload:
42 for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):
43 if len(match.group(1)) > 2:
44 result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1))))
45 else:
46 result = "CHAR(%d)" % ord(decodeHex(match.group(1)))
47 retVal = retVal.replace(match.group(0), result)
48
49 return retVal

Callers

nothing calls this directly

Calls 3

getOrdsFunction · 0.90
decodeHexFunction · 0.90
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…