adding very useful tampering script

2024-11-22 09:36:35 +03:00 · 2011-05-28 15:42:47 +00:00 · 2011-05-28 15:42:47 +00:00 · 39f131162f
commit 39f131162f
parent 95dea1fbf9
3 changed files with 232 additions and 2 deletions
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -17,7 +17,7 @@ __priority__ = PRIORITY.NORMAL

 def tamper(payload):
    """
-    Replaces each character with random case value
+    Replaces each keyword character with random case value
    Example: 'INSERT' might become 'InsERt'
    """

--- a/tamper/versionedkeywords.py
+++ b/tamper/versionedkeywords.py
@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.common import randomRange
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def tamper(payload):
+    """
+    Encloses each keyword with versioned comment
+    Example: 'INSERT' will become '/*!INSERT*/'
+    """
+
+    def process(match):
+        word = match.group('word')
+        if word.upper() in kb.keywords and word.upper() not in ["CAST"]: # CAST can't be commented out
+            return match.group().replace(word, "/*!%s*/" % word)
+        else:
+            return match.group()
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
+        retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
+
+    return retVal
--- a/txt/keywords.txt
+++ b/txt/keywords.txt
@ -1,7 +1,7 @@
 # Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
 # See the file 'doc/COPYING' for copying permission

-#SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
+# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)

 ABSOLUTE
 ACTION
@ -258,3 +258,196 @@ WORK
 WRITE
 YEAR
 ZONE
+
+# MySQL 5.0 keywords (reference: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html)
+ADD
+ALL
+ALTER
+ANALYZE
+AND
+ASASC
+ASENSITIVE
+BEFORE
+BETWEEN
+BIGINT
+BINARYBLOB
+BOTH
+BY
+CALL
+CASCADE
+CASECHANGE
+CAST
+CHAR
+CHARACTER
+CHECK
+COLLATE
+COLUMN
+CONCAT
+CONDITIONCONSTRAINT
+CONTINUE
+CONVERT
+CREATE
+CROSS
+CURRENT_DATE
+CURRENT_TIMECURRENT_TIMESTAMP
+CURRENT_USER
+CURSOR
+DATABASE
+DATABASES
+DAY_HOUR
+DAY_MICROSECONDDAY_MINUTE
+DAY_SECOND
+DEC
+DECIMAL
+DECLARE
+DEFAULTDELAYED
+DELETE
+DESC
+DESCRIBE
+DETERMINISTIC
+DISTINCTDISTINCTROW
+DIV
+DOUBLE
+DROP
+DUAL
+EACH
+ELSEELSEIF
+ENCLOSED
+ESCAPED
+EXISTS
+EXIT
+EXPLAIN
+FALSEFETCH
+FLOAT
+FLOAT4
+FLOAT8
+FOR
+FORCE
+FOREIGNFROM
+FULLTEXT
+GRANT
+GROUP
+HAVING
+HIGH_PRIORITYHOUR_MICROSECOND
+HOUR_MINUTE
+HOUR_SECOND
+IF
+IFNULL
+IGNORE
+ININDEX
+INFILE
+INNER
+INOUT
+INSENSITIVE
+INSERT
+INTINT1
+INT2
+INT3
+INT4
+INT8
+INTEGER
+INTERVALINTO
+IS
+ISNULL
+ITERATE
+JOIN
+KEY
+KEYS
+KILLLEADING
+LEAVE
+LEFT
+LIKE
+LIMIT
+LINESLOAD
+LOCALTIME
+LOCALTIMESTAMP
+LOCK
+LONG
+LONGBLOBLONGTEXT
+LOOP
+LOW_PRIORITY
+MATCH
+MEDIUMBLOB
+MEDIUMINT
+MEDIUMTEXTMIDDLEINT
+MINUTE_MICROSECOND
+MINUTE_SECOND
+MOD
+MODIFIES
+NATURAL
+NOTNO_WRITE_TO_BINLOG
+NULL
+NUMERIC
+ON
+OPTIMIZE
+OPTION
+OPTIONALLYOR
+ORDER
+OUT
+OUTER
+OUTFILE
+PRECISIONPRIMARY
+PROCEDURE
+PURGE
+READ
+READS
+REALREFERENCES
+REGEXP
+RELEASE
+RENAME
+REPEAT
+REPLACE
+REQUIRERESTRICT
+RETURN
+REVOKE
+RIGHT
+RLIKE
+SCHEMA
+SCHEMASSECOND_MICROSECOND
+SELECT
+SENSITIVE
+SEPARATOR
+SET
+SHOW
+SMALLINTSONAME
+SPATIAL
+SPECIFIC
+SQL
+SQLEXCEPTION
+SQLSTATESQLWARNING
+SQL_BIG_RESULT
+SQL_CALC_FOUND_ROWS
+SQL_SMALL_RESULT
+SSL
+STARTINGSTRAIGHT_JOIN
+TABLE
+TERMINATED
+THEN
+TINYBLOB
+TINYINT
+TINYTEXTTO
+TRAILING
+TRIGGER
+TRUE
+UNDO
+UNION
+UNIQUEUNLOCK
+UNSIGNED
+UPDATE
+USAGE
+USE
+USING
+UTC_DATEUTC_TIME
+UTC_TIMESTAMP
+VALUES
+VARBINARY
+VARCHAR
+VARCHARACTERVARYING
+VERSION
+WHEN
+WHERE
+WHILE
+WITH
+WRITEXOR
+YEAR_MONTH
+ZEROFILL