sqlmap/tamper/hex2char.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

import os
import re

from lib.core.common import singleTimeWarnMessage
from lib.core.convert import decodeHex
from lib.core.convert import getOrds
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY

__priority__ = PRIORITY.NORMAL

def dependencies():
    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

def tamper(payload, **kwargs):
    """
    Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart

    Requirement:
        * MySQL

    Tested against:
        * MySQL 4, 5.0 and 5.5

    Notes:
        * Useful in cases when web application does the upper casing

    >>> tamper('SELECT 0xdeadbeef')
    'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'
    """

    retVal = payload

    if payload:
        for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):
            if len(match.group(1)) > 2:
                result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1))))
            else:
                result = "CHAR(%d)" % ord(decodeHex(match.group(1)))
            retVal = retVal.replace(match.group(0), result)

    return retVal
Last preparations for DREI 2019-05-08 13:47:52 +03:00			`#!/usr/bin/env python`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00
			`"""`
Bumping copyright year 2024-01-04 01:11:52 +03:00			`Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`See the file 'LICENSE' for copying permission`
			`"""`

Trivial update 2020-09-09 15:07:13 +03:00			`import os`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`import re`

Trivial update 2020-08-04 11:34:18 +03:00			`from lib.core.common import singleTimeWarnMessage`
Stabilizing DREI 2019-05-03 14:20:15 +03:00			`from lib.core.convert import decodeHex`
			`from lib.core.convert import getOrds`
Trivial update 2020-08-04 11:34:18 +03:00			`from lib.core.enums import DBMS`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.NORMAL`

			`def dependencies():`
Trivial update 2020-08-04 11:34:18 +03:00			`singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00
			`def tamper(payload, **kwargs):`
			`"""`
			`Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart`

Minor update 2018-07-31 01:20:52 +03:00			`Requirement:`
			`* MySQL`

New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`Tested against:`
			`* MySQL 4, 5.0 and 5.5`

			`Notes:`
			`* Useful in cases when web application does the upper casing`

			`>>> tamper('SELECT 0xdeadbeef')`
			`'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'`
			`"""`

			`retVal = payload`

			`if payload:`
			`for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):`
			`if len(match.group(1)) > 2:`
More drei stuff 2019-05-02 17:54:54 +03:00			`result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1))))`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`else:`
More drei updates 2019-05-02 01:45:44 +03:00			`result = "CHAR(%d)" % ord(decodeHex(match.group(1)))`
New tamper script (per user request) 2018-05-30 16:48:16 +03:00			`retVal = retVal.replace(match.group(0), result)`

			`return retVal`