mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Implementation for an Issue #3108
This commit is contained in:
parent
f0e4c20004
commit
1f9bf587b5
|
@ -868,11 +868,11 @@ def boldifyMessage(message):
|
||||||
retVal = message
|
retVal = message
|
||||||
|
|
||||||
if any(_ in message for _ in BOLD_PATTERNS):
|
if any(_ in message for _ in BOLD_PATTERNS):
|
||||||
retVal = setColor(message, True)
|
retVal = setColor(message, bold=True)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
def setColor(message, bold=False):
|
def setColor(message, color=None, bold=False):
|
||||||
retVal = message
|
retVal = message
|
||||||
level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel")
|
level = extractRegexResult(r"\[(?P<result>%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel")
|
||||||
|
|
||||||
|
@ -880,8 +880,8 @@ def setColor(message, bold=False):
|
||||||
level = unicodeencode(level)
|
level = unicodeencode(level)
|
||||||
|
|
||||||
if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler
|
if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler
|
||||||
if bold:
|
if bold or color:
|
||||||
retVal = colored(message, color=None, on_color=None, attrs=("bold",))
|
retVal = colored(message, color=color, on_color=None, attrs=("bold",) if bold else None)
|
||||||
elif level:
|
elif level:
|
||||||
level = getattr(logging, level, None) if isinstance(level, basestring) else level
|
level = getattr(logging, level, None) if isinstance(level, basestring) else level
|
||||||
retVal = LOGGER_HANDLER.colorize(message, level)
|
retVal = LOGGER_HANDLER.colorize(message, level)
|
||||||
|
@ -925,7 +925,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
|
||||||
if conf.get("api"):
|
if conf.get("api"):
|
||||||
sys.stdout.write(message, status, content_type)
|
sys.stdout.write(message, status, content_type)
|
||||||
else:
|
else:
|
||||||
sys.stdout.write(setColor(message, bold))
|
sys.stdout.write(setColor(message, bold=bold))
|
||||||
|
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
except IOError:
|
except IOError:
|
||||||
|
|
|
@ -54,6 +54,7 @@ from lib.core.common import resetCookieJar
|
||||||
from lib.core.common import runningAsAdmin
|
from lib.core.common import runningAsAdmin
|
||||||
from lib.core.common import safeExpandUser
|
from lib.core.common import safeExpandUser
|
||||||
from lib.core.common import saveConfig
|
from lib.core.common import saveConfig
|
||||||
|
from lib.core.common import setColor
|
||||||
from lib.core.common import setOptimize
|
from lib.core.common import setOptimize
|
||||||
from lib.core.common import setPaths
|
from lib.core.common import setPaths
|
||||||
from lib.core.common import singleTimeWarnMessage
|
from lib.core.common import singleTimeWarnMessage
|
||||||
|
@ -699,6 +700,22 @@ def _setDBMS():
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
|
def _listTamperingFunctions():
|
||||||
|
"""
|
||||||
|
Lists available tamper functions
|
||||||
|
"""
|
||||||
|
|
||||||
|
if conf.listTampers:
|
||||||
|
infoMsg = "listing available tamper scripts\n"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))):
|
||||||
|
content = openFile(script, "rb").read()
|
||||||
|
match = re.search(r'(?s)__priority__.+"""(.+)"""', content)
|
||||||
|
if match:
|
||||||
|
comment = match.group(1).strip()
|
||||||
|
dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip())))
|
||||||
|
|
||||||
def _setTamperingFunctions():
|
def _setTamperingFunctions():
|
||||||
"""
|
"""
|
||||||
Loads tampering functions from given script(s)
|
Loads tampering functions from given script(s)
|
||||||
|
@ -2459,6 +2476,7 @@ def init():
|
||||||
_setDNSServer()
|
_setDNSServer()
|
||||||
_adjustLoggingFormatter()
|
_adjustLoggingFormatter()
|
||||||
_setMultipleTargets()
|
_setMultipleTargets()
|
||||||
|
_listTamperingFunctions()
|
||||||
_setTamperingFunctions()
|
_setTamperingFunctions()
|
||||||
_setWafFunctions()
|
_setWafFunctions()
|
||||||
_setTrafficOutputFP()
|
_setTrafficOutputFP()
|
||||||
|
|
|
@ -227,6 +227,7 @@ optDict = {
|
||||||
"disableColoring": "boolean",
|
"disableColoring": "boolean",
|
||||||
"googlePage": "integer",
|
"googlePage": "integer",
|
||||||
"identifyWaf": "boolean",
|
"identifyWaf": "boolean",
|
||||||
|
"listTampers": "boolean",
|
||||||
"mobile": "boolean",
|
"mobile": "boolean",
|
||||||
"offline": "boolean",
|
"offline": "boolean",
|
||||||
"purge": "boolean",
|
"purge": "boolean",
|
||||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.2.7.27"
|
VERSION = "1.2.7.28"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -637,6 +637,9 @@ def cmdLineParser(argv=None):
|
||||||
miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
|
miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true",
|
||||||
help="Make a thorough testing for a WAF/IPS/IDS protection")
|
help="Make a thorough testing for a WAF/IPS/IDS protection")
|
||||||
|
|
||||||
|
miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true",
|
||||||
|
help="Display list of available tamper scripts")
|
||||||
|
|
||||||
miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
|
miscellaneous.add_option("--mobile", dest="mobile", action="store_true",
|
||||||
help="Imitate smartphone through HTTP User-Agent header")
|
help="Imitate smartphone through HTTP User-Agent header")
|
||||||
|
|
||||||
|
@ -874,9 +877,9 @@ def cmdLineParser(argv=None):
|
||||||
if args.dummy:
|
if args.dummy:
|
||||||
args.url = args.url or DUMMY_URL
|
args.url = args.url or DUMMY_URL
|
||||||
|
|
||||||
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)):
|
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
|
||||||
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), "
|
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
|
||||||
errMsg += "use -h for basic or -hh for advanced help\n"
|
errMsg += "Use -h for basic and -hh for advanced help\n"
|
||||||
parser.error(errMsg)
|
parser.error(errMsg)
|
||||||
|
|
||||||
return args
|
return args
|
||||||
|
|
|
@ -778,6 +778,10 @@ googlePage = 1
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
identifyWaf = False
|
identifyWaf = False
|
||||||
|
|
||||||
|
# Display list of available tamper scripts
|
||||||
|
# Valid: True or False
|
||||||
|
listTampers = False
|
||||||
|
|
||||||
# Imitate smartphone through HTTP User-Agent header.
|
# Imitate smartphone through HTTP User-Agent header.
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
mobile = False
|
mobile = False
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces apostrophe character (') with its UTF-8 full width counterpart
|
Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
|
||||||
|
|
||||||
References:
|
References:
|
||||||
* http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
|
* http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces apostrophe character (') with its illegal double unicode counterpart
|
Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
|
||||||
|
|
||||||
>>> tamper("1 AND '1'='1")
|
>>> tamper("1 AND '1'='1")
|
||||||
'1 AND %00%271%00%27=%00%271'
|
'1 AND %00%271%00%27=%00%271'
|
||||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Appends encoded NULL byte character (%00) at the end of payload
|
Appends (Access) NULL byte character (%00) at the end of payload
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* Microsoft Access
|
* Microsoft Access
|
||||||
|
|
|
@ -17,7 +17,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Base64 all characters in a given payload
|
Base64-encodes all characters in a given payload
|
||||||
|
|
||||||
>>> tamper("1' AND SLEEP(5)#")
|
>>> tamper("1' AND SLEEP(5)#")
|
||||||
'MScgQU5EIFNMRUVQKDUpIw=='
|
'MScgQU5EIFNMRUVQKDUpIw=='
|
||||||
|
|
|
@ -17,8 +17,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character after SQL statement with a valid random blank character.
|
Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
|
||||||
Afterwards replace character '=' with operator LIKE
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* Blue Coat SGOS with WAF activated as documented in
|
* Blue Coat SGOS with WAF activated as documented in
|
||||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Double URL-encodes all characters in a given payload (not processing already encoded)
|
Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
|
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
|
||||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
URL-encodes all characters in a given payload (not processing already encoded)
|
URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2005
|
* Microsoft SQL Server 2005
|
||||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Unicode-URL-encodes all characters in a given payload (not processing already encoded)
|
Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* ASP
|
* ASP
|
||||||
|
|
|
@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
|
Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054)
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
* Useful to bypass weak filtering and/or WAFs in JSON contexes
|
* Useful to bypass weak filtering and/or WAFs in JSON contexes
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END'
|
Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
|
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
|
|
|
@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
|
Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier
|
||||||
|
|
||||||
>>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
|
>>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
|
||||||
'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
|
'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
|
||||||
|
|
|
@ -17,7 +17,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces each keyword character with lower case value
|
Replaces each keyword character with lower case value (e.g. SELECT -> select)
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2005
|
* Microsoft SQL Server 2005
|
||||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Converts all (non-alphanum) characters in a given payload (not processing already encoded)
|
Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7)
|
||||||
|
|
||||||
Reference:
|
Reference:
|
||||||
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Converts all characters in a given payload (not processing already encoded)
|
Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94)
|
||||||
|
|
||||||
Reference:
|
Reference:
|
||||||
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Adds a percentage sign ('%') infront of each character
|
Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T)
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* ASP
|
* ASP
|
||||||
|
|
|
@ -20,7 +20,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces plus operator ('+') with (MsSQL) function CONCAT()
|
Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2012
|
* Microsoft SQL Server 2012
|
||||||
|
|
|
@ -20,7 +20,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
|
Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2008
|
* Microsoft SQL Server 2008
|
||||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces each keyword character with random case value
|
Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2005
|
* Microsoft SQL Server 2005
|
||||||
|
|
|
@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Add random inline comments inside SQL keywords
|
Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
|
||||||
|
|
||||||
>>> import random
|
>>> import random
|
||||||
>>> random.seed(0)
|
>>> random.seed(0)
|
||||||
|
|
|
@ -14,8 +14,7 @@ __priority__ = PRIORITY.LOW
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a dash comment ('--') followed by
|
Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')
|
||||||
a random string and a new line ('\n')
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MSSQL
|
* MSSQL
|
||||||
|
|
|
@ -20,8 +20,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a pound character ('#') followed by
|
Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
|
||||||
a random string and a new line ('\n')
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with comments '/**_**/'
|
Replaces (MySQL) instances of space character (' ') with comments '/**_**/'
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* MySQL 5.0 and 5.5
|
* MySQL 5.0 and 5.5
|
||||||
|
|
|
@ -23,8 +23,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a pound character ('#') followed by
|
Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
|
||||||
a random string and a new line ('\n')
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL >= 5.1.13
|
* MySQL >= 5.1.13
|
||||||
|
|
|
@ -19,8 +19,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a random blank character from a
|
Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
|
||||||
valid set of alternate characters
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* Microsoft SQL Server
|
* Microsoft SQL Server
|
||||||
|
|
|
@ -11,8 +11,7 @@ __priority__ = PRIORITY.LOW
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a pound character ('#') followed by
|
Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
|
||||||
a new line ('\n')
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MSSQL
|
* MSSQL
|
||||||
|
|
|
@ -19,8 +19,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a random blank character from a
|
Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters
|
||||||
valid set of alternate characters
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
|
|
|
@ -18,15 +18,12 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a dash comment ('--') followed by
|
Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')
|
||||||
a new line ('\n')
|
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
* MSSQL
|
* MSSQL
|
||||||
|
|
||||||
Tested against:
|
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
* Useful to bypass several web application firewalls.
|
* Useful to bypass several web application firewalls.
|
||||||
|
|
||||||
|
|
|
@ -16,8 +16,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces space character (' ') with a random blank character from a
|
Replaces space character (' ') with a random blank character from a valid set of alternate characters
|
||||||
valid set of alternate characters
|
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2005
|
* Microsoft SQL Server 2005
|
||||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces UNION ALL SELECT with UNION SELECT
|
Replaces instances of UNION ALL SELECT with UNION SELECT counterpart
|
||||||
|
|
||||||
>>> tamper('-1 UNION ALL SELECT')
|
>>> tamper('-1 UNION ALL SELECT')
|
||||||
'-1 UNION SELECT'
|
'-1 UNION SELECT'
|
||||||
|
|
|
@ -17,7 +17,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Replaces each keyword character with upper case value
|
Replaces each keyword character with upper case value (e.g. select -> SELECT)
|
||||||
|
|
||||||
Tested against:
|
Tested against:
|
||||||
* Microsoft SQL Server 2005
|
* Microsoft SQL Server 2005
|
||||||
|
|
|
@ -14,12 +14,12 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Append a HTTP header 'X-originating-IP' to bypass
|
Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall
|
||||||
WAF Protection of Varnish Firewall
|
|
||||||
|
Reference:
|
||||||
|
* http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
|
|
||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
|
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
|
||||||
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
|
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
|
||||||
|
|
|
@ -20,7 +20,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Encloses each non-function keyword with versioned MySQL comment
|
Encloses each non-function keyword with (MySQL) versioned comment
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL
|
* MySQL
|
||||||
|
|
|
@ -21,7 +21,7 @@ def dependencies():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Encloses each keyword with versioned MySQL comment
|
Encloses each keyword with (MySQL) versioned comment
|
||||||
|
|
||||||
Requirement:
|
Requirement:
|
||||||
* MySQL >= 5.1.13
|
* MySQL >= 5.1.13
|
||||||
|
|
|
@ -20,8 +20,7 @@ def randomIP():
|
||||||
|
|
||||||
def tamper(payload, **kwargs):
|
def tamper(payload, **kwargs):
|
||||||
"""
|
"""
|
||||||
Append a fake HTTP header 'X-Forwarded-For' to bypass
|
Append a fake HTTP header 'X-Forwarded-For'
|
||||||
WAF (usually application based) protection
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
headers = kwargs.get("headers", {})
|
headers = kwargs.get("headers", {})
|
||||||
|
|
|
@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
|
||||||
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
|
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
|
||||||
0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py
|
0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py
|
||||||
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
|
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
|
||||||
af0c5caaa6328319a682073afa93ec84 lib/core/common.py
|
ee1b800e860263b877a2b292a3e4becd lib/core/common.py
|
||||||
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
|
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
|
||||||
9f87391b6a3395f7f50830b391264f27 lib/core/data.py
|
9f87391b6a3395f7f50830b391264f27 lib/core/data.py
|
||||||
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
|
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
|
||||||
|
@ -40,15 +40,15 @@ ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py
|
||||||
cada93357a7321655927fc9625b3bfec lib/core/exception.py
|
cada93357a7321655927fc9625b3bfec lib/core/exception.py
|
||||||
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
|
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
|
||||||
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
|
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
|
||||||
13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py
|
05f72baa2db4073bb0273d7fc1df13eb lib/core/optiondict.py
|
||||||
c82dee0f62e729213b92f5ec85f74b70 lib/core/option.py
|
8e759d4c8711a5980d4bdc2d044a4fd4 lib/core/option.py
|
||||||
c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
||||||
6783160150b4711d02c56ee2beadffdb lib/core/profiling.py
|
6783160150b4711d02c56ee2beadffdb lib/core/profiling.py
|
||||||
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
|
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
|
||||||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||||
ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py
|
b0c61c78049b4e342aeafd2fc85430fe lib/core/settings.py
|
||||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||||
12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py
|
12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py
|
||||||
|
@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py
|
||||||
e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py
|
e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py
|
||||||
1e5532ede194ac9c083891c2f02bca93 lib/__init__.py
|
1e5532ede194ac9c083891c2f02bca93 lib/__init__.py
|
||||||
7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py
|
7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py
|
||||||
bc34167c7accc61df07b2982cddd0338 lib/parse/cmdline.py
|
babf5c48bc6a3797fc459706af4465cd lib/parse/cmdline.py
|
||||||
fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py
|
fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py
|
||||||
3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py
|
3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py
|
||||||
6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py
|
6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py
|
||||||
|
@ -228,16 +228,16 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
|
||||||
4eaeef94314956e4517e5310a28d579a sqlmapapi.py
|
4eaeef94314956e4517e5310a28d579a sqlmapapi.py
|
||||||
a35b5b83c12841fdf3925190c9d24299 sqlmap.py
|
a35b5b83c12841fdf3925190c9d24299 sqlmap.py
|
||||||
523dab9e1093eb59264c6beb366b255a tamper/0x2char.py
|
523dab9e1093eb59264c6beb366b255a tamper/0x2char.py
|
||||||
4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py
|
3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py
|
||||||
7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py
|
d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py
|
||||||
0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py
|
a14420ef43cdeb8fbc091116d31d31f1 tamper/appendnullbyte.py
|
||||||
0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py
|
cfe19908ec32e3f2e113e759705f986b tamper/base64encode.py
|
||||||
e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py
|
e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py
|
||||||
e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
|
9df0a1810a27b92eec1375d19a95b7ef tamper/bluecoat.py
|
||||||
1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py
|
8c174b8925f4f075010b04d85c02a169 tamper/chardoubleencode.py
|
||||||
043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py
|
45174c61533f464806f4454be6a3f2d6 tamper/charencode.py
|
||||||
0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py
|
0aadf3e93dd72a9b94cb6532b3343dd1 tamper/charunicodeencode.py
|
||||||
18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py
|
014f352771f0c1fb9e0f5397c5a03dc3 tamper/charunicodeescape.py
|
||||||
6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py
|
6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py
|
||||||
50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py
|
50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py
|
||||||
4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py
|
4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py
|
||||||
|
@ -247,44 +247,44 @@ e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
|
||||||
4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py
|
4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py
|
||||||
6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py
|
6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py
|
||||||
ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
|
ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
|
||||||
3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py
|
42f232d776065e325e862867c522c523 tamper/ifnull2casewhenisnull.py
|
||||||
e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py
|
6e3ab1cf4ccf5524dcb60e390f920b60 tamper/ifnull2ifisnull.py
|
||||||
4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py
|
3ed2c6299c7c94776306535ff6090ab3 tamper/informationschemacomment.py
|
||||||
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
|
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
|
||||||
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
|
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
|
||||||
1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py
|
40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py
|
||||||
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
|
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
|
||||||
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
|
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
|
||||||
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
|
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
|
||||||
efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py
|
efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py
|
||||||
95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py
|
dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py
|
||||||
db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py
|
a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py
|
||||||
bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py
|
89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py
|
||||||
db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py
|
a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py
|
||||||
bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py
|
759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py
|
||||||
e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py
|
078494e1217400b485ef653108d32699 tamper/randomcase.py
|
||||||
e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py
|
28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py
|
||||||
938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py
|
938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py
|
||||||
cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py
|
cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py
|
||||||
62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py
|
4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py
|
||||||
ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py
|
7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py
|
||||||
18f827afce8322adfa0c6dfbb4a59379 tamper/space2morecomment.py
|
f3fed47a4fccb2b482f1f01559b8f55a tamper/space2morecomment.py
|
||||||
59e61a9dd1f1e6b79fde026ed771cac4 tamper/space2morehash.py
|
fc3d9896cac8f4a97efd39673fadca7b tamper/space2morehash.py
|
||||||
ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py
|
b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py
|
||||||
74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py
|
64e3d97e22f7e0870e88a87fd2f64243 tamper/space2mssqlhash.py
|
||||||
fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py
|
3ef95855a38bbc0f031ae3a992dcbf52 tamper/space2mysqlblank.py
|
||||||
48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py
|
8a4737f853354ac9c3788278589a772a tamper/space2mysqldash.py
|
||||||
72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py
|
72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py
|
||||||
6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py
|
a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py
|
||||||
93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py
|
93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py
|
||||||
041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py
|
041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py
|
||||||
6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py
|
6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py
|
||||||
51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py
|
51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py
|
||||||
371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py
|
cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py
|
||||||
557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py
|
f2b9eac52d346315f5705f71beeda791 tamper/varnish.py
|
||||||
929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py
|
0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py
|
||||||
3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py
|
0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py
|
||||||
ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py
|
de532c4e3160039335010c499129d54f tamper/xforwardedfor.py
|
||||||
b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py
|
b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py
|
||||||
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
|
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
|
||||||
8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py
|
8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py
|
||||||
|
|
Loading…
Reference in New Issue
Block a user