Skip to content

Commit 4b784b0

Browse files
stamparmstamparm
committed
adding new tamper script
1 parent 71093b1 commit 4b784b0

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

tamper/multiplespaces.py

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id$
5+
6+
Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
7+
See the file 'doc/COPYING' for copying permission
8+
"""
9+
10+
import random
11+
import re
12+
13+
from lib.core.common import randomRange
14+
from lib.core.data import kb
15+
from lib.core.enums import PRIORITY
16+
17+
__priority__ = PRIORITY.NORMAL
18+
19+
def tamper(payload):
20+
"""
21+
Adding multiple spaces around SQL keywords
22+
Example: 'UNION SELECT' migth become ' UNION SELECT '
23+
Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt
24+
"""
25+
26+
retVal = payload
27+
28+
if payload:
29+
words = set()
30+
31+
for match in re.finditer(r"[A-Za-z_]+", payload):
32+
word = match.group()
33+
34+
if word.upper() in kb.keywords:
35+
words.add(word)
36+
37+
for word in words:
38+
retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' '*random.randrange(1,4), word, ' '*random.randrange(1,4)), retVal)
39+
retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' '*random.randrange(1,4), word), retVal)
40+
41+
return retVal

0 commit comments

Comments
 (0)