Merge pull request #2374 from anarcoder/space2morecomment

New space 2 more comment bypass
2024-11-22 17:46:37 +03:00 · 2017-01-31 14:16:53 +01:00 · 2017-01-31 14:16:53 +01:00 · 529089ba5b
commit 529089ba5b
parent 9851a5703a aa9989ff90
1 changed files with 54 additions and 0 deletions
--- a/tamper/space2morecomment.py
+++ b/tamper/space2morecomment.py
@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces space character (' ') with comments '/**_**/'
+
+    Tested against:
+        * MySQL 5.0 and 5.5
+
+    Notes:
+        * Useful to bypass weak and bespoke web application firewalls
+
+    >>> tamper('SELECT id FROM users')
+    'SELECT/**_**/id/**_**/FROM/**_**/users'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        quote, doublequote, firstspace = False, False, False
+
+        for i in xrange(len(payload)):
+            if not firstspace:
+                if payload[i].isspace():
+                    firstspace = True
+                    retVal += "/**_**/"
+                    continue
+
+            elif payload[i] == '\'':
+                quote = not quote
+
+            elif payload[i] == '"':
+                doublequote = not doublequote
+
+            elif payload[i] == " " and not doublequote and not quote:
+                retVal += "/**_**/"
+                continue
+
+            retVal += payload[i]
+
+    return retVal