diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 4b7b52c51..e5d926ec8 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -10,32 +10,28 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.common import randomRange -from lib.core.common import singleTimeWarnMessage from lib.core.data import kb from lib.core.enums import PRIORITY -from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS -__priority__ = PRIORITY.NORMAL +__priority__ = PRIORITY.HIGHER def tamper(payload): """ - Encloses each keyword with versioned MySQL comment (MySQL >= 5.1.13) + Encloses each non-function keyword with versioned MySQL comment Example: 'INSERT' will become '/*!INSERT*/' """ def process(match): word = match.group('word') - if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: + if word.upper() in kb.keywords: return match.group().replace(word, "/*!%s*/" % word) else: return match.group() - singleTimeWarnMessage("This tamper script is only meant to be run against MySQL >= 5.1.13") - retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal) + retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal diff --git a/tamper/versionedkeywords2.py b/tamper/versionedmorekeywords.py similarity index 53% rename from tamper/versionedkeywords2.py rename to tamper/versionedmorekeywords.py index 5b6ac76b3..e1e7ff1d6 100644 --- a/tamper/versionedkeywords2.py +++ b/tamper/versionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -$Id: versionedkeywords.py 3982 2011-05-28 17:34:43Z stamparm $ +$Id: versionedkeywords.py 4203 2011-06-30 06:39:32Z stamparm $ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission @@ -10,28 +10,32 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.common import randomRange +from lib.core.common import singleTimeWarnMessage from lib.core.data import kb from lib.core.enums import PRIORITY +from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS -__priority__ = PRIORITY.NORMAL +__priority__ = PRIORITY.HIGHER def tamper(payload): """ - Encloses each non-function keyword with versioned MySQL comment + Encloses each keyword with versioned MySQL comment (MySQL >= 5.1.13) Example: 'INSERT' will become '/*!INSERT*/' """ def process(match): word = match.group('word') - if word.upper() in kb.keywords: + if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS: return match.group().replace(word, "/*!%s*/" % word) else: return match.group() + singleTimeWarnMessage("This tamper script is only meant to be run against MySQL >= 5.1.13") + retVal = payload if payload: - retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal) + retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal) retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") return retVal