sqlmap/tamper/multiplespaces.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import random
import re

from lib.core.data import kb
from lib.core.enums import PRIORITY

__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def tamper(payload, **kwargs):
    """
    Adds multiple spaces around SQL keywords

    Notes:
        * Useful to bypass very weak and bespoke web application firewalls
          that has poorly written permissive regular expressions

    Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt

    >>> random.seed(0)
    >>> tamper('1 UNION SELECT foobar')
    '1    UNION     SELECT   foobar'
    """

    retVal = payload

    if payload:
        words = set()

        for match in re.finditer(r"[A-Za-z_]+", payload):
            word = match.group()

            if word.upper() in kb.keywords:
                words.add(word)

        for word in words:
            retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal)
            retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal)

    return retVal
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 15:32:17 +04:00			`#!/usr/bin/env python`
adding new tamper script 2011-06-09 16:14:14 +04:00
			`"""`
New version preparation 2017-01-02 16:19:18 +03:00			`Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)`
adding new tamper script 2011-06-09 16:14:14 +04:00			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`import random`
			`import re`

			`from lib.core.data import kb`
			`from lib.core.enums import PRIORITY`

			`__priority__ = PRIORITY.NORMAL`

Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-07 01:04:45 +04:00			`def dependencies():`
			`pass`

Update for an Issue #12 2012-12-03 17:27:01 +04:00			`def tamper(payload, **kwargs):`
adding new tamper script 2011-06-09 16:14:14 +04:00			`"""`
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-07 01:04:45 +04:00			`Adds multiple spaces around SQL keywords`

			`Notes:`
			`* Useful to bypass very weak and bespoke web application firewalls`
			`that has poorly written permissive regular expressions`

adding new tamper script 2011-06-09 16:14:14 +04:00			`Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt`
Another update for an Issue #352 and couple of fixes 2013-03-14 00:57:09 +04:00
			`>>> random.seed(0)`
			`>>> tamper('1 UNION SELECT foobar')`
			`'1 UNION SELECT foobar'`
adding new tamper script 2011-06-09 16:14:14 +04:00			`"""`

			`retVal = payload`

			`if payload:`
			`words = set()`

			`for match in re.finditer(r"[A-Za-z_]+", payload):`
			`word = match.group()`

			`if word.upper() in kb.keywords:`
			`words.add(word)`

			`for word in words:`
Some PEP8 related style cleaning 2013-01-10 16:18:44 +04:00			`retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]\|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal)`
			`retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal)`
adding new tamper script 2011-06-09 16:14:14 +04:00
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 12:10:23 +04:00			`return retVal`