From 39f131162f058339a424ef5431de819c7c53d0e5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 28 May 2011 15:42:47 +0000
Subject: [PATCH] adding very useful tampering script

---
 tamper/randomcase.py        |   2 +-
 tamper/versionedkeywords.py |  37 +++++++
 txt/keywords.txt            | 195 +++++++++++++++++++++++++++++++++++-
 3 files changed, 232 insertions(+), 2 deletions(-)
 create mode 100644 tamper/versionedkeywords.py

diff --git a/tamper/randomcase.py b/tamper/randomcase.py
index bc3ecd15c..d0efc2910 100644
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@@ -17,7 +17,7 @@ __priority__ = PRIORITY.NORMAL
 
 def tamper(payload):
     """
-    Replaces each character with random case value
+    Replaces each keyword character with random case value
     Example: 'INSERT' might become 'InsERt'
     """
 
diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py
new file mode 100644
index 000000000..68652a2df
--- /dev/null
+++ b/tamper/versionedkeywords.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.common import randomRange
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def tamper(payload):
+    """
+    Encloses each keyword with versioned comment
+    Example: 'INSERT' will become '/*!INSERT*/'
+    """
+
+    def process(match):
+        word = match.group('word')
+        if word.upper() in kb.keywords and word.upper() not in ["CAST"]: # CAST can't be commented out
+            return match.group().replace(word, "/*!%s*/" % word)
+        else:
+            return match.group()
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
+        retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
+
+    return retVal
diff --git a/txt/keywords.txt b/txt/keywords.txt
index 4ccfffc3e..2d5c3bfc7 100644
--- a/txt/keywords.txt
+++ b/txt/keywords.txt
@@ -1,7 +1,7 @@
 # Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
 # See the file 'doc/COPYING' for copying permission
 
-#SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
+# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
 
 ABSOLUTE
 ACTION
@@ -258,3 +258,196 @@ WORK
 WRITE
 YEAR
 ZONE
+
+# MySQL 5.0 keywords (reference: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html)
+ADD
+ALL
+ALTER
+ANALYZE
+AND
+ASASC
+ASENSITIVE
+BEFORE
+BETWEEN
+BIGINT
+BINARYBLOB
+BOTH
+BY
+CALL
+CASCADE
+CASECHANGE
+CAST
+CHAR
+CHARACTER
+CHECK
+COLLATE
+COLUMN
+CONCAT
+CONDITIONCONSTRAINT
+CONTINUE
+CONVERT
+CREATE
+CROSS
+CURRENT_DATE
+CURRENT_TIMECURRENT_TIMESTAMP
+CURRENT_USER
+CURSOR
+DATABASE
+DATABASES
+DAY_HOUR
+DAY_MICROSECONDDAY_MINUTE
+DAY_SECOND
+DEC
+DECIMAL
+DECLARE
+DEFAULTDELAYED
+DELETE
+DESC
+DESCRIBE
+DETERMINISTIC
+DISTINCTDISTINCTROW
+DIV
+DOUBLE
+DROP
+DUAL
+EACH
+ELSEELSEIF
+ENCLOSED
+ESCAPED
+EXISTS
+EXIT
+EXPLAIN
+FALSEFETCH
+FLOAT
+FLOAT4
+FLOAT8
+FOR
+FORCE
+FOREIGNFROM
+FULLTEXT
+GRANT
+GROUP
+HAVING
+HIGH_PRIORITYHOUR_MICROSECOND
+HOUR_MINUTE
+HOUR_SECOND
+IF
+IFNULL
+IGNORE
+ININDEX
+INFILE
+INNER
+INOUT
+INSENSITIVE
+INSERT
+INTINT1
+INT2
+INT3
+INT4
+INT8
+INTEGER
+INTERVALINTO
+IS
+ISNULL
+ITERATE
+JOIN
+KEY
+KEYS
+KILLLEADING
+LEAVE
+LEFT
+LIKE
+LIMIT
+LINESLOAD
+LOCALTIME
+LOCALTIMESTAMP
+LOCK
+LONG
+LONGBLOBLONGTEXT
+LOOP
+LOW_PRIORITY
+MATCH
+MEDIUMBLOB
+MEDIUMINT
+MEDIUMTEXTMIDDLEINT
+MINUTE_MICROSECOND
+MINUTE_SECOND
+MOD
+MODIFIES
+NATURAL
+NOTNO_WRITE_TO_BINLOG
+NULL
+NUMERIC
+ON
+OPTIMIZE
+OPTION
+OPTIONALLYOR
+ORDER
+OUT
+OUTER
+OUTFILE
+PRECISIONPRIMARY
+PROCEDURE
+PURGE
+READ
+READS
+REALREFERENCES
+REGEXP
+RELEASE
+RENAME
+REPEAT
+REPLACE
+REQUIRERESTRICT
+RETURN
+REVOKE
+RIGHT
+RLIKE
+SCHEMA
+SCHEMASSECOND_MICROSECOND
+SELECT
+SENSITIVE
+SEPARATOR
+SET
+SHOW
+SMALLINTSONAME
+SPATIAL
+SPECIFIC
+SQL
+SQLEXCEPTION
+SQLSTATESQLWARNING
+SQL_BIG_RESULT
+SQL_CALC_FOUND_ROWS
+SQL_SMALL_RESULT
+SSL
+STARTINGSTRAIGHT_JOIN
+TABLE
+TERMINATED
+THEN
+TINYBLOB
+TINYINT
+TINYTEXTTO
+TRAILING
+TRIGGER
+TRUE
+UNDO
+UNION
+UNIQUEUNLOCK
+UNSIGNED
+UPDATE
+USAGE
+USE
+USING
+UTC_DATEUTC_TIME
+UTC_TIMESTAMP
+VALUES
+VARBINARY
+VARCHAR
+VARCHARACTERVARYING
+VERSION
+WHEN
+WHERE
+WHILE
+WITH
+WRITEXOR
+YEAR_MONTH
+ZEROFILL