minor cosmetics on tamper scripts

This commit is contained in:
Miroslav Stampar 2011-04-04 08:18:26 +00:00
parent 33d987805d
commit 3253882071
9 changed files with 75 additions and 76 deletions

View File

@ -11,39 +11,39 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def tamper(value):
def tamper(payload):
"""
Replaces '>' with 'NOT BETWEEN 0 AND #'
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
"""
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
for i in xrange(len(payload)):
if not firstspace:
if value[i].isspace():
if payload[i].isspace():
firstspace = True
retVal += " "
continue
elif value[i] == '\'':
elif payload[i] == '\'':
quote = not quote
elif value[i] == '"':
elif payload[i] == '"':
doublequote = not doublequote
elif value[i] == ">" and not doublequote and not quote:
retVal += " " if i > 0 and not value[i-1].isspace() else ""
elif payload[i] == ">" and not doublequote and not quote:
retVal += " " if i > 0 and not payload[i-1].isspace() else ""
retVal += "NOT BETWEEN 0 AND"
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else ""
continue
retVal += value[i]
retVal += payload[i]
return retVal

View File

@ -14,24 +14,24 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
__priority__ = PRIORITY.LOWEST
def tamper(value):
def tamper(payload):
"""
Urlencodes all characters in a given value (not processing already encoded)
Urlencodes all characters in a given payload (not processing already encoded)
Example: 'SELECT FIELD FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
"""
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
i = 0
while i < len(value):
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
retVal += value[i:i+3]
while i < len(payload):
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
retVal += payload[i:i+3]
i += 3
else:
retVal += '%%%X' % ord(value[i])
retVal += '%%%X' % ord(payload[i])
i += 1
return retVal

View File

@ -14,24 +14,24 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
__priority__ = PRIORITY.LOWEST
def tamper(value):
def tamper(payload):
"""
Replaces value with unicode-urlencode of non-encoded chars in value (not processing already encoded)
Replaces payload with unicode-urlencode of non-encoded chars in payload (not processing already encoded)
Example: 'SELECT FIELD%20FROM TABLE' becomes '%u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045'
"""
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
i = 0
while i < len(value):
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
retVal += "%%u00%s" % value[i+1:i+3]
while i < len(payload):
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
retVal += "%%u00%s" % payload[i+1:i+3]
i += 3
else:
retVal += '%%u00%X' % ord(value[i])
retVal += '%%u00%X' % ord(payload[i])
i += 1
return retVal

View File

@ -11,39 +11,39 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def tamper(value):
def tamper(payload):
"""
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
"""
if value and value.find("IFNULL") > -1:
if payload and payload.find("IFNULL") > -1:
while value.find("IFNULL(") > -1:
index = value.find("IFNULL(")
while payload.find("IFNULL(") > -1:
index = payload.find("IFNULL(")
deepness = 1
comma, end = None, None
for i in xrange(index + len("IFNULL("), len(value)):
if deepness == 1 and value[i] == ',':
for i in xrange(index + len("IFNULL("), len(payload)):
if deepness == 1 and payload[i] == ',':
comma = i
elif deepness == 1 and value[i] == ')':
elif deepness == 1 and payload[i] == ')':
end = i
break
elif value[i] == '(':
elif payload[i] == '(':
deepness += 1
elif value[i] == ')':
elif payload[i] == ')':
deepness -= 1
if comma and end:
A = value[index + len("IFNULL("):comma]
B = value[comma + 1:end]
A = payload[index + len("IFNULL("):comma]
B = payload[comma + 1:end]
newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
value = value[:index] + newVal + value[end+1:]
payload = payload[:index] + newVal + payload[end+1:]
else:
break
return value
return payload

View File

@ -15,15 +15,15 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def tamper(value):
def tamper(payload):
"""
Replaces each character with random case value
Example: 'INSERT' might become 'InsERt'
"""
retVal = value
retVal = payload
if value:
if payload:
for match in re.finditer(r"[A-Za-z_]+", retVal):
word = match.group()

View File

@ -15,16 +15,16 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value):
def tamper(payload):
"""
Add random comments to SQL keywords in value
Add random comments to SQL keywords
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
"""
retVal = value
retVal = payload
if value:
for match in re.finditer(r"[A-Za-z_]+", retVal):
if payload:
for match in re.finditer(r"[A-Za-z_]+", payload):
word = match.group()
if len(word) < 2:

View File

@ -11,36 +11,36 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value):
def tamper(payload):
"""
Replaces ' ' with '/**/'
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
"""
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
for i in xrange(len(payload)):
if not firstspace:
if value[i].isspace():
if payload[i].isspace():
firstspace = True
retVal += "/**/"
continue
elif value[i] == '\'':
elif payload[i] == '\'':
quote = not quote
elif value[i] == '"':
elif payload[i] == '"':
doublequote = not doublequote
elif value[i]==" " and not doublequote and not quote:
elif payload[i]==" " and not doublequote and not quote:
retVal += "/**/"
continue
retVal += value[i]
retVal += payload[i]
return retVal

View File

@ -11,36 +11,35 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value):
def tamper(payload):
"""
Replaces ' ' with '+'
Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users'
"""
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
for i in xrange(len(payload)):
if not firstspace:
if value[i].isspace():
if payload[i].isspace():
firstspace = True
retVal += "+"
continue
elif value[i] == '\'':
elif payload[i] == '\'':
quote = not quote
elif value[i] == '"':
elif payload[i] == '"':
doublequote = not doublequote
elif value[i]==" " and not doublequote and not quote:
elif payload[i]==" " and not doublequote and not quote:
retVal += "+"
continue
retVal += value[i]
retVal += payload[i]
return retVal

View File

@ -13,37 +13,37 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value):
def tamper(payload):
"""
Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')
Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers'
"""
blanks = ['\r', '\n', '\t']
retVal = value
retVal = payload
if value:
if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
for i in xrange(len(payload)):
if not firstspace:
if value[i].isspace():
if payload[i].isspace():
firstspace = True
retVal += random.choice(blanks)
continue
elif value[i] == '\'':
elif payload[i] == '\'':
quote = not quote
elif value[i] == '"':
elif payload[i] == '"':
doublequote = not doublequote
elif value[i]==" " and not doublequote and not quote:
elif payload[i]==" " and not doublequote and not quote:
retVal += random.choice(blanks)
continue
retVal += value[i]
retVal += payload[i]
return retVal