From caf22b58bc20db8d610db14e2df9ab5c80adf498 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Jun 2011 06:34:24 +0000 Subject: [PATCH] new tamper script --- tamper/versionedkeywords2.py | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 tamper/versionedkeywords2.py diff --git a/tamper/versionedkeywords2.py b/tamper/versionedkeywords2.py new file mode 100644 index 000000000..5b6ac76b3 --- /dev/null +++ b/tamper/versionedkeywords2.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python + +""" +$Id: versionedkeywords.py 3982 2011-05-28 17:34:43Z stamparm $ + +Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.common import randomRange +from lib.core.data import kb +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.NORMAL + +def tamper(payload): + """ + Encloses each non-function keyword with versioned MySQL comment + Example: 'INSERT' will become '/*!INSERT*/' + """ + + def process(match): + word = match.group('word') + if word.upper() in kb.keywords: + return match.group().replace(word, "/*!%s*/" % word) + else: + return match.group() + + retVal = payload + + if payload: + retVal = re.sub(r"(?<=\W)(?P[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal) + retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/") + + return retVal