From aa9989ff902a05944c1666b61d3c04ce79f94b0f Mon Sep 17 00:00:00 2001
From: Daniel Almeida <daniel.paula@aker.com.br>
Date: Tue, 31 Jan 2017 10:50:14 -0200
Subject: [PATCH] [add] new space 2 more comment bypass

---
 tamper/space2morecomment.py | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 tamper/space2morecomment.py

diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py
new file mode 100644
index 000000000..6b4829c60
--- /dev/null
+++ b/tamper/space2morecomment.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces space character (' ') with comments '/**_**/'
+
+    Tested against:
+        * MySQL 5.0 and 5.5
+
+    Notes:
+        * Useful to bypass weak and bespoke web application firewalls
+
+    >>> tamper('SELECT id FROM users')
+    'SELECT/**_**/id/**_**/FROM/**_**/users'
+    """
+
+    retVal = payload
+
+    if payload:
+        retVal = ""
+        quote, doublequote, firstspace = False, False, False
+
+        for i in xrange(len(payload)):
+            if not firstspace:
+                if payload[i].isspace():
+                    firstspace = True
+                    retVal += "/**_**/"
+                    continue
+
+            elif payload[i] == '\'':
+                quote = not quote
+
+            elif payload[i] == '"':
+                doublequote = not doublequote
+
+            elif payload[i] == " " and not doublequote and not quote:
+                retVal += "/**_**/"
+                continue
+
+            retVal += payload[i]
+
+    return retVal