mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-03 06:51:08 +00:00
Proper fix for #1053
This commit is contained in:
parent
6972020faf
commit
cf3b02ee04
2 changed files with 6 additions and 5 deletions
|
|
@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
|
|||
* http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
|
||||
|
||||
>>> tamper("1' AND 1=1")
|
||||
'1%bf%27 AND 1=1-- '
|
||||
'1%bf%27-- '
|
||||
"""
|
||||
|
||||
retVal = payload
|
||||
|
|
@ -44,9 +44,10 @@ def tamper(payload, **kwargs):
|
|||
continue
|
||||
|
||||
if found:
|
||||
_ = re.sub("(?i)\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
|
||||
_ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
|
||||
if _ != retVal:
|
||||
retVal = _
|
||||
retVal += "-- "
|
||||
|
||||
elif not any(_ in retVal for _ in ('#', '--', '/*')):
|
||||
retVal += "-- "
|
||||
return retVal
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue