ptnqoxywl
/
sqlmap
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '03335aa4b8'
${ noResults }
sqlmap/src/sqlmap-master/tamper/decentities.py

45 lines
1.3 KiB
Raw Normal View History Unescape

sqlmap代码
4 months ago
#!/usr/bin/env python
"""
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
sck
2 months ago
from lib.core.enums import PRIORITY # 从核心库导入优先级枚举
sqlmap代码
4 months ago
sck
2 months ago
# 设置优先级为低
sqlmap代码
4 months ago
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
"""
sck
2 months ago
这个函数用于篡改tamper输入的payload将所有字符转换为HTML实体使用十进制代码点
sqlmap代码
4 months ago
sck
2 months ago
参数
payload要篡改的原始payload
**kwargs其他可选参数在本函数中未使用
功能
- 遍历payload中的每个字符并将每个字符转换为其对应的HTML实体形式例如' -> ')。
示例
>>> tamper("1' AND SLEEP(5)#")
'1' AND SLEEP(5)#'
sqlmap代码
4 months ago
"""
sck
2 months ago
retVal = payload # 初始化返回值为输入的payload
sqlmap代码
4 months ago
sck
2 months ago
if payload: # 如果payload不为空
retVal = "" # 初始化返回值字符串
i = 0 # 初始化索引
sqlmap代码
4 months ago
sck
2 months ago
# 遍历payload中的每个字符
sqlmap代码
4 months ago
while i < len(payload):
sck
2 months ago
# 将当前字符转换为其对应的HTML实体形式并添加到返回值字符串
sqlmap代码
4 months ago
retVal += "&#%s;" % ord(payload[i])
i += 1
return retVal