sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

add new tamper script substring2leftright.py (#3527)

Browse Source
This commit is contained in:
tothi 2019-03-11 11:17:29 +01:00 committed by Miroslav Stampar
parent 729247fd95
commit a3fe4be6c5
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
tamper/substring2leftright.py Normal file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Replaces PostgreSQL SUBSTRING with LEFT and RIGHT
Tested against:
* PostgreSQL 9.6.12
Note:
* Useful to bypass weak web application firewalls that filter SUBSTRING (but not LEFT and RIGHT)
>>> tamper('SUBSTRING((X FROM 1 FOR 1))')
'LEFT(X,1)'
>>> tamper('SUBSTRING((X FROM 5 FOR 1))')
'LEFT(RIGHT(X,-4),1)'
"""
retVal = payload
if payload:
match = re.search(r"SUBSTRING\(\((.*)\sFROM\s(\d+)\sFOR\s1\)\)", payload)
if match:
pos = int(match.group(2))
if pos == 1:
_ = "LEFT((%s,1))" % (match.group(1))
else:
_ = "LEFT(RIGHT((%s,%d),1))" % (match.group(1), 1-pos)
retVal = retVal.replace(match.group(0), _)
return retVal