sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

working on issue #12

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-26 23:11:07 +01:00
parent 57f2fccc24
commit d492291744
36 changed files with 72 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -46,7 +46,7 @@ class Agent:
if kb.tamperFunctions:
for function in kb.tamperFunctions:
query = function(query)
query, _ = function(payload=query, headers=None)
return query

6
lib/core/option.py
View File

@ -802,7 +802,7 @@ def __setTamperingFunctions():
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "tamper" and function.func_code.co_argcount == 1:
if name == "tamper" and function.func_code.co_argcount == 2:
found = True
kb.tamperFunctions.append(function)
@ -829,7 +829,9 @@ def __setTamperingFunctions():
function()
if not found:
raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
errMsg = "missing function 'tamper(payload, headers)' "
errMsg += "in tamper script '%s'" % tfile
raise sqlmapGenericException, errMsg
if resolve_priorities and priorities:
priorities.sort(reverse=True)

2
lib/request/connect.py
View File

@ -550,7 +550,7 @@ class Connect:
if payload:
if kb.tamperFunctions:
for function in kb.tamperFunctions:
payload = function(payload)
payload, auxHeaders = function(payload=payload, headers=auxHeaders)
value = agent.replacePayload(value, payload)

4
tamper/apostrophemask.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces apostrophe character with its UTF-8 full width counterpart
@ -27,4 +27,4 @@ def tamper(payload):
* http://lukasz.pilorz.net/testy/full_width_utf/index.phps
"""
return payload.replace('\'', "%EF%BC%87") if payload else payload
return payload.replace('\'', "%EF%BC%87") if payload else payload, headers

4
tamper/apostrophenullencode.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces apostrophe character with its illegal double unicode counterpart
@ -21,4 +21,4 @@ def tamper(payload):
* Output: AND %00%271%00%27=%00%271%00%27
"""
return payload.replace('\'', "%00%27") if payload else payload
return payload.replace('\'', "%00%27") if payload else payload, headers

4
tamper/appendnullbyte.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Appends encoded NULL byte character at the end of payload
@ -31,4 +31,4 @@ def tamper(payload):
Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
"""
return "%s%%00" % payload if payload else payload
return "%s%%00" % payload if payload else payload, headers

4
tamper/base64encode.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Base64 all characters in a given payload
@ -23,4 +23,4 @@ def tamper(payload):
* Output: MScgQU5EIFNMRUVQKDUpIw==
"""
return base64.b64encode(payload) if payload else payload
return base64.b64encode(payload) if payload else payload, headers

5
tamper/between.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
@ -61,5 +61,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/chardoubleencode.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Double url-encodes all characters in a given payload (not processing
already encoded)
@ -43,4 +43,4 @@ def tamper(payload):
retVal += '%%25%.2X' % ord(payload[i])
i += 1
return retVal
return retVal, headers

4
tamper/charencode.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Url-encodes all characters in a given payload (not processing already
encoded)
@ -50,4 +50,4 @@ def tamper(payload):
retVal += '%%%.2X' % ord(payload[i])
i += 1
return retVal
return retVal, headers

4
tamper/charunicodeencode.py
View File

@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOWEST
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
def tamper(payload):
def tamper(payload, headers):
"""
Unicode-url-encodes non-encoded characters in a given payload (not
processing already encoded)
@ -55,4 +55,4 @@ def tamper(payload):
retVal += '%%u%.4X' % ord(payload[i])
i += 1
return retVal
return retVal, headers

4
tamper/equaltolike.py
View File

@ -17,7 +17,7 @@ __priority__ = PRIORITY.HIGHEST
def dependencies():
singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces all occurances of operator equal ('=') with operator 'LIKE'
@ -47,4 +47,4 @@ def tamper(payload):
if payload:
retVal = re.sub(r"\s*=\s*", lambda match: process(match), retVal)
return retVal
return retVal, headers

4
tamper/halfversionedmorekeywords.py
View File

@ -21,7 +21,7 @@ __priority__ = PRIORITY.HIGHER
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Adds versioned MySQL comment before each keyword
@ -55,4 +55,4 @@ def tamper(payload):
retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
retVal = retVal.replace(" /*!0", "/*!0")
return retVal
return retVal, headers

4
tamper/ifnull2ifisnull.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
@ -61,4 +61,4 @@ def tamper(payload):
else:
break
return payload
return payload, headers

4
tamper/modsecurityversioned.py
View File

@ -13,7 +13,7 @@ __priority__ = PRIORITY.HIGHER
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Embraces complete query with versioned comment
@ -43,4 +43,4 @@ def tamper(payload):
if ' ' in payload:
retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)
return retVal
return retVal, headers

4
tamper/modsecurityzeroversioned.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHER
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Embraces complete query with zero-versioned comment
@ -42,4 +42,4 @@ def tamper(payload):
if ' ' in payload:
retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
return retVal
return retVal, headers

4
tamper/multiplespaces.py
View File

@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Adds multiple spaces around SQL keywords
@ -46,4 +46,4 @@ def tamper(payload):
retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' '*random.randrange(1,4), word, ' '*random.randrange(1,4)), retVal)
retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' '*random.randrange(1,4), word), retVal)
return retVal
return retVal, headers

4
tamper/percentage.py
View File

@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
def tamper(payload):
def tamper(payload, headers):
"""
Adds a percentage sign ('%') infront of each character
@ -51,4 +51,4 @@ def tamper(payload):
retVal += payload[i]
i += 1
return retVal
return retVal, headers

4
tamper/randomcase.py
View File

@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces each keyword character with random case value
@ -50,4 +50,4 @@ def tamper(payload):
retVal = retVal.replace(word, _)
return retVal
return retVal, headers

4
tamper/randomcomments.py
View File

@ -13,7 +13,7 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(payload):
def tamper(payload, headers):
"""
Add random comments to SQL keywords
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
@ -37,4 +37,4 @@ def tamper(payload):
_ += word[-1]
retVal = retVal.replace(word, _)
return retVal
return retVal, headers

4
tamper/securesphere.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Appends special crafted string
@ -27,4 +27,4 @@ def tamper(payload):
* Reference: http://seclists.org/fulldisclosure/2011/May/163
"""
return payload + " and '0having'='0having'" if payload else payload
return payload + " and '0having'='0having'" if payload else payload, headers

4
tamper/sp_password.py
View File

@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGH
def tamper(payload):
def tamper(payload, headers):
"""
Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
@ -30,4 +30,4 @@ def tamper(payload):
if payload:
retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
return retVal
return retVal, headers

5
tamper/space2comment.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with comments '/**/'
@ -55,5 +55,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2dash.py
View File

@ -12,7 +12,7 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a dash comment ('--') followed by
a random string and a new line ('\n')
@ -46,4 +46,4 @@ def tamper(payload):
else:
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2hash.py
View File

@ -18,7 +18,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a pound character ('#') followed by
a random string and a new line ('\n')
@ -52,4 +52,4 @@ def tamper(payload):
else:
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2morehash.py
View File

@ -21,7 +21,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a pound character ('#') followed by
a random string and a new line ('\n')
@ -66,4 +66,4 @@ def tamper(payload):
else:
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2mssqlblank.py
View File

@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a random blank character from a
valid set of alternate characters
@ -86,4 +86,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2mssqlhash.py
View File

@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a pound character ('#') followed by
a new line ('\n')
@ -38,4 +38,4 @@ def tamper(payload):
else:
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2mysqlblank.py
View File

@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a random blank character from a
valid set of alternate characters
@ -69,4 +69,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2mysqldash.py
View File

@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a dash comment ('--') followed by
a new line ('\n')
@ -47,4 +47,4 @@ def tamper(payload):
else:
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2plus.py
View File

@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with plus ('+')
@ -51,4 +51,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/space2randomblank.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces space character (' ') with a random blank character from a
valid set of alternate characters
@ -64,4 +64,4 @@ def tamper(payload):
retVal += payload[i]
return retVal
return retVal, headers

4
tamper/unionalltounion.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces UNION ALL SELECT with UNION SELECT
@ -23,4 +23,4 @@ def tamper(payload):
* Output: -1 UNION SELECT
"""
return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload
return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload, headers

4
tamper/unmagicquotes.py
View File

@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload):
def tamper(payload, headers):
"""
Replaces quote character (') with a multi-byte combo %bf%27 together with
generic comment at the end (to make it work)
@ -48,4 +48,4 @@ def tamper(payload):
retVal = re.sub("\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
retVal += "-- "
return retVal
return retVal, headers

4
tamper/versionedkeywords.py
View File

@ -18,7 +18,7 @@ __priority__ = PRIORITY.HIGHER
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Encloses each non-function keyword with versioned MySQL comment
@ -50,4 +50,4 @@ def tamper(payload):
retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal)
retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
return retVal
return retVal, headers

4
tamper/versionedmorekeywords.py
View File

@ -19,7 +19,7 @@ __priority__ = PRIORITY.HIGHER
def dependencies():
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload):
def tamper(payload, headers):
"""
Encloses each keyword with versioned MySQL comment
@ -51,4 +51,4 @@ def tamper(payload):
retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
return retVal
return retVal, headers