|
1 | 1 | #!/usr/bin/env python |
2 | 2 |
|
3 | 3 | """ |
4 | | -$Id: versionedkeywords.py 3982 2011-05-28 17:34:43Z stamparm $ |
| 4 | +$Id: versionedkeywords.py 4203 2011-06-30 06:39:32Z stamparm $ |
5 | 5 |
|
6 | 6 | Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/) |
7 | 7 | See the file 'doc/COPYING' for copying permission |
|
10 | 10 | import re |
11 | 11 |
|
12 | 12 | from lib.core.common import randomRange |
| 13 | +from lib.core.common import singleTimeWarnMessage |
13 | 14 | from lib.core.data import kb |
14 | 15 | from lib.core.enums import PRIORITY |
| 16 | +from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS |
15 | 17 |
|
16 | | -__priority__ = PRIORITY.NORMAL |
| 18 | +__priority__ = PRIORITY.HIGHER |
17 | 19 |
|
18 | 20 | def tamper(payload): |
19 | 21 | """ |
20 | | - Encloses each non-function keyword with versioned MySQL comment |
| 22 | + Encloses each keyword with versioned MySQL comment (MySQL >= 5.1.13) |
21 | 23 | Example: 'INSERT' will become '/*!INSERT*/' |
22 | 24 | """ |
23 | 25 |
|
24 | 26 | def process(match): |
25 | 27 | word = match.group('word') |
26 | | - if word.upper() in kb.keywords: |
| 28 | + if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: |
27 | 29 | return match.group().replace(word, "/*!%s*/" % word) |
28 | 30 | else: |
29 | 31 | return match.group() |
30 | 32 |
|
| 33 | + singleTimeWarnMessage("This tamper script is only meant to be run against MySQL >= 5.1.13") |
| 34 | + |
31 | 35 | retVal = payload |
32 | 36 |
|
33 | 37 | if payload: |
34 | | - retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal) |
| 38 | + retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal) |
35 | 39 | retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") |
36 | 40 |
|
37 | 41 | return retVal |
0 commit comments