mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Adding new tamper script plus2concat (thank you Luka Pusic)
This commit is contained in:
parent
2a754eef1c
commit
4ac319b074
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.0.11.16"
|
||||
VERSION = "1.0.12.0"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
57
tamper/plus2concat.py
Normal file
57
tamper/plus2concat.py
Normal file
|
@ -0,0 +1,57 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import zeroDepthSearch
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces plus ('+') character with function CONCAT()
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2012
|
||||
|
||||
Requirements:
|
||||
* Microsoft SQL Server 2012+
|
||||
|
||||
Notes:
|
||||
* Useful in case ('+') character is filtered
|
||||
|
||||
>>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')
|
||||
'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'
|
||||
"""
|
||||
|
||||
retVal = payload
|
||||
|
||||
if payload:
|
||||
while True:
|
||||
indexes = zeroDepthSearch(retVal, '+')
|
||||
if indexes:
|
||||
first, last = 0, 0
|
||||
for i in xrange(1, len(indexes)):
|
||||
if ' ' in retVal[indexes[0]:indexes[i]]:
|
||||
break
|
||||
else:
|
||||
last = i
|
||||
|
||||
start = retVal[:indexes[first]].rfind(' ') + 1
|
||||
end = (retVal[indexes[last] + 1:].find(' ') + indexes[last] + 1) if ' ' in retVal[indexes[last] + 1:] else len(retVal) - 1
|
||||
|
||||
chars = [char for char in retVal]
|
||||
for index in indexes[first:last + 1]:
|
||||
chars[index] = ','
|
||||
|
||||
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
|
||||
else:
|
||||
break
|
||||
|
||||
return retVal
|
|
@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
|
|||
b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py
|
||||
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
|
||||
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
|
||||
7f04f7e55179f45470b137dbb15657c6 lib/core/settings.py
|
||||
079c062fb2fa5b45e2dbbf25323bc48a lib/core/settings.py
|
||||
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
|
||||
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
|
||||
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
|
||||
|
@ -252,6 +252,7 @@ c16c3ed0ce302034d99ee0b8f34fbd0b tamper/modsecurityzeroversioned.py
|
|||
e65ff0680df2fc89444ec5953bb2f161 tamper/nonrecursivereplacement.py
|
||||
6780d738236ac200d230c4cb497bd1a2 tamper/overlongutf8.py
|
||||
3f05d5218b22280adcd91fe53830bcb4 tamper/percentage.py
|
||||
9741ad2359382dc8673189224995a5f7 tamper/plus2concat.py
|
||||
7a93f510f231278897650da1c7d13b23 tamper/randomcase.py
|
||||
34c255f3bca6d5fee2dfb18ed86d406f tamper/randomcomments.py
|
||||
f5e9eb84d4c5e9a19fe7154a8aebe13d tamper/securesphere.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user