sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-27 08:30:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update sleepgetlock.py

Browse Source
This commit is contained in:
Miroslav Stampar 2020-09-17 15:06:12 +02:00 committed by GitHub
parent 8900993205
commit 102ba18109
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tamper/sleepgetlock.py
View File

@ -1,5 +1,10 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
@ -9,7 +14,7 @@ def dependencies():
def tamper(payload, **kwargs):
"""
Replaces instances like 'SLEEP(A)' with "get_lock('do9gy',A)"
Replaces instances like 'SLEEP(x)' with "get_lock('sqlmap',x)"
Requirement:
* MySQL
@ -21,8 +26,10 @@ def tamper(payload, **kwargs):
* Useful to bypass very weak and bespoke web application firewalls
that filter the SLEEP() and BENCHMARK() functions
* Reference: https://zhuanlan.zhihu.com/p/35245598
>>> tamper('SLEEP(2)')
"get_lock('do9gy',2)"
"get_lock('sqlmap',2)"
"""
if payload and payload.find("SLEEP") > -1:
@ -32,8 +39,7 @@ def tamper(payload, **kwargs):
num = payload[index+6]
newVal = "get_lock('do9gy',%s)" % (num)
newVal = "get_lock('sqlmap',%s)" % (num)
payload = payload[:index] + newVal + payload[index+8:]