Adding new tamper script plus2concat (thank you Luka Pusic)

This commit is contained in:
Miroslav Stampar 2016-12-01 22:28:07 +01:00
parent 2a754eef1c
commit 4ac319b074
3 changed files with 60 additions and 2 deletions

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.11.16"
VERSION = "1.0.12.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

57
tamper/plus2concat.py Normal file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import zeroDepthSearch
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Replaces plus ('+') character with function CONCAT()
Tested against:
* Microsoft SQL Server 2012
Requirements:
* Microsoft SQL Server 2012+
Notes:
* Useful in case ('+') character is filtered
>>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')
'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'
"""
retVal = payload
if payload:
while True:
indexes = zeroDepthSearch(retVal, '+')
if indexes:
first, last = 0, 0
for i in xrange(1, len(indexes)):
if ' ' in retVal[indexes[0]:indexes[i]]:
break
else:
last = i
start = retVal[:indexes[first]].rfind(' ') + 1
end = (retVal[indexes[last] + 1:].find(' ') + indexes[last] + 1) if ' ' in retVal[indexes[last] + 1:] else len(retVal) - 1
chars = [char for char in retVal]
for index in indexes[first:last + 1]:
chars[index] = ','
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
else:
break
return retVal

View File

@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
7f04f7e55179f45470b137dbb15657c6 lib/core/settings.py
079c062fb2fa5b45e2dbbf25323bc48a lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
@ -252,6 +252,7 @@ c16c3ed0ce302034d99ee0b8f34fbd0b tamper/modsecurityzeroversioned.py
e65ff0680df2fc89444ec5953bb2f161 tamper/nonrecursivereplacement.py
6780d738236ac200d230c4cb497bd1a2 tamper/overlongutf8.py
3f05d5218b22280adcd91fe53830bcb4 tamper/percentage.py
9741ad2359382dc8673189224995a5f7 tamper/plus2concat.py
7a93f510f231278897650da1c7d13b23 tamper/randomcase.py
34c255f3bca6d5fee2dfb18ed86d406f tamper/randomcomments.py
f5e9eb84d4c5e9a19fe7154a8aebe13d tamper/securesphere.py