Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/apostrophemask.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
from lib.core.enums import PRIORITY

9


10
__priority__ = PRIORITY.LOWEST

11


12
def dependencies():

13
    pass

14


15
def tamper(payload, **kwargs):

16
    """

17
    Replaces single quotes (') with their UTF-8 full-width equivalents (e.g. ' -> %EF%BC%87)

18


19
    References:

20
        * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

21
        * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/

22
        * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850

23
        * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps

24


25
    >>> tamper("1 AND '1'='1")

26
    '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'

27
    """

28


29
    return payload.replace('\'', "%EF%BC%87") if payload else payload

30


31