mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
First commit related to the #3108
This commit is contained in:
parent
cef416559a
commit
f0e4c20004
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.7.26"
|
||||
VERSION = "1.2.7.27"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces apostrophe character with its UTF-8 full width counterpart
|
||||
Replaces apostrophe character (') with its UTF-8 full width counterpart
|
||||
|
||||
References:
|
||||
* http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
|
||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces apostrophe character with its illegal double unicode counterpart
|
||||
Replaces apostrophe character (') with its illegal double unicode counterpart
|
||||
|
||||
>>> tamper("1 AND '1'='1")
|
||||
'1 AND %00%271%00%27=%00%271'
|
||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Appends encoded NULL byte character at the end of payload
|
||||
Appends encoded NULL byte character (%00) at the end of payload
|
||||
|
||||
Requirement:
|
||||
* Microsoft Access
|
||||
|
|
|
@ -16,8 +16,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
|
||||
Replaces equals operator ('=') with 'BETWEEN # AND #'
|
||||
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2005
|
||||
|
|
|
@ -16,13 +16,10 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Double url-encodes all characters in a given payload (not processing
|
||||
already encoded)
|
||||
Double URL-encodes all characters in a given payload (not processing already encoded)
|
||||
|
||||
Notes:
|
||||
* Useful to bypass some weak web application firewalls that do not
|
||||
double url-decode the request before processing it through their
|
||||
ruleset
|
||||
* Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
|
||||
|
||||
>>> tamper('SELECT FIELD FROM%20TABLE')
|
||||
'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'
|
||||
|
|
|
@ -16,8 +16,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Url-encodes all characters in a given payload (not processing already
|
||||
encoded)
|
||||
URL-encodes all characters in a given payload (not processing already encoded)
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2005
|
||||
|
@ -26,10 +25,8 @@ def tamper(payload, **kwargs):
|
|||
* PostgreSQL 8.3, 8.4, 9.0
|
||||
|
||||
Notes:
|
||||
* Useful to bypass very weak web application firewalls that do not
|
||||
url-decode the request before processing it through their ruleset
|
||||
* The web server will anyway pass the url-decoded version behind,
|
||||
hence it should work against any DBMS
|
||||
* Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset
|
||||
* The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS
|
||||
|
||||
>>> tamper('SELECT FIELD FROM%20TABLE')
|
||||
'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'
|
||||
|
|
|
@ -18,8 +18,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Unicode-url-encodes non-encoded characters in a given payload (not
|
||||
processing already encoded)
|
||||
Unicode-URL-encodes all characters in a given payload (not processing already encoded)
|
||||
|
||||
Requirement:
|
||||
* ASP
|
||||
|
@ -32,9 +31,7 @@ def tamper(payload, **kwargs):
|
|||
* PostgreSQL 9.0.3
|
||||
|
||||
Notes:
|
||||
* Useful to bypass weak web application firewalls that do not
|
||||
unicode url-decode the request before processing it through their
|
||||
ruleset
|
||||
* Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset
|
||||
|
||||
>>> tamper('SELECT FIELD%20FROM TABLE')
|
||||
'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'
|
||||
|
|
|
@ -13,8 +13,7 @@ __priority__ = PRIORITY.NORMAL
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Unicode-escapes non-encoded characters in a given payload (not
|
||||
processing already encoded)
|
||||
Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
|
||||
|
||||
Notes:
|
||||
* Useful to bypass weak filtering and/or WAFs in JSON contexes
|
||||
|
|
|
@ -19,7 +19,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
|
||||
Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
|
|
@ -19,7 +19,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'
|
||||
Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Prepends (inline) comment before parentheses
|
||||
Prepends (inline) comment before parentheses (e.g. ( -> /**/()
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server
|
||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'
|
||||
Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
|
|
@ -19,7 +19,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces all occurrences of operator equal ('=') with operator 'LIKE'
|
||||
Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2005
|
||||
|
|
|
@ -14,7 +14,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Slash escape quotes (' and ")
|
||||
Slash escape single and double quotes (e.g. ' -> \')
|
||||
|
||||
>>> tamper('1" AND SLEEP(5)#')
|
||||
'1\\\\" AND SLEEP(5)#'
|
||||
|
|
|
@ -21,7 +21,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Adds versioned MySQL comment before each keyword
|
||||
Adds (MySQL) versioned comment before each keyword
|
||||
|
||||
Requirement:
|
||||
* MySQL < 5.1
|
||||
|
|
|
@ -16,7 +16,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
HTML encode (using code points) all non-alphanumeric characters
|
||||
HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
|
||||
|
||||
>>> tamper("1' AND SLEEP(5)#")
|
||||
'1' AND SLEEP(5)#'
|
||||
|
|
|
@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier
|
||||
Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
|
||||
|
||||
>>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
|
||||
'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'
|
||||
|
|
|
@ -19,7 +19,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Embraces complete query with versioned comment
|
||||
Embraces complete query with (MySQL) versioned comment
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Embraces complete query with zero-versioned comment
|
||||
Embraces complete query with (MySQL) zero-versioned comment
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Adds multiple spaces around SQL keywords
|
||||
Adds multiple spaces (' ') around SQL keywords
|
||||
|
||||
Notes:
|
||||
* Useful to bypass very weak and bespoke web application firewalls
|
||||
|
|
|
@ -15,8 +15,7 @@ __priority__ = PRIORITY.NORMAL
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces predefined SQL keywords with representations
|
||||
suitable for replacement (e.g. .replace("SELECT", "")) filters
|
||||
Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT)
|
||||
|
||||
Notes:
|
||||
* Useful to bypass very weak custom filters
|
||||
|
|
|
@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
|
|||
"""
|
||||
Converts all (non-alphanum) characters in a given payload (not processing already encoded)
|
||||
|
||||
Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||
Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
|
||||
Reference:
|
||||
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||
* https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
|
||||
|
||||
>>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
|
||||
'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'
|
||||
|
|
|
@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
|
|||
"""
|
||||
Converts all characters in a given payload (not processing already encoded)
|
||||
|
||||
Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||
Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
|
||||
Reference:
|
||||
* https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
|
||||
* https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
|
||||
|
||||
>>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
|
||||
'%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1'
|
||||
|
|
|
@ -20,7 +20,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces plus ('+') character with function CONCAT()
|
||||
Replaces plus operator ('+') with (MsSQL) function CONCAT()
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2012
|
||||
|
|
|
@ -20,7 +20,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces plus ('+') character with ODBC function {fn CONCAT()}
|
||||
Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
|
||||
|
||||
Tested against:
|
||||
* Microsoft SQL Server 2008
|
||||
|
|
|
@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Add random comments to SQL keywords
|
||||
Add random inline comments inside SQL keywords
|
||||
|
||||
>>> import random
|
||||
>>> random.seed(0)
|
||||
|
|
|
@ -14,11 +14,10 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Appends special crafted string
|
||||
Appends special crafted string for bypassing Imperva SecureSphere WAF
|
||||
|
||||
Notes:
|
||||
* Useful for bypassing Imperva SecureSphere WAF
|
||||
* Reference: http://seclists.org/fulldisclosure/2011/May/163
|
||||
Reference:
|
||||
* http://seclists.org/fulldisclosure/2011/May/163
|
||||
|
||||
>>> tamper('1 AND 1=1')
|
||||
"1 AND 1=1 and '0having'='0having'"
|
||||
|
|
|
@ -11,7 +11,7 @@ __priority__ = PRIORITY.HIGH
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
|
||||
Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
|
||||
|
||||
Requirement:
|
||||
* MSSQL
|
||||
|
|
|
@ -17,8 +17,7 @@ def tamper(payload, **kwargs):
|
|||
Replaces space character (' ') with plus ('+')
|
||||
|
||||
Notes:
|
||||
* Is this any useful? The plus get's url-encoded by sqlmap engine
|
||||
invalidating the query afterwards
|
||||
* Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards
|
||||
* This tamper script works against all databases
|
||||
|
||||
>>> tamper('SELECT id FROM users')
|
||||
|
|
|
@ -16,8 +16,7 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces quote character (') with a multi-byte combo %bf%27 together with
|
||||
generic comment at the end (to make it work)
|
||||
Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work)
|
||||
|
||||
Notes:
|
||||
* Useful for bypassing magic_quotes/addslashes feature
|
||||
|
|
|
@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
08a55a677bb2cd0da088110f81cf529b lib/core/settings.py
|
||||
ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py
|
||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py
|
||||
|
@ -228,43 +228,43 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
|
|||
4eaeef94314956e4517e5310a28d579a sqlmapapi.py
|
||||
a35b5b83c12841fdf3925190c9d24299 sqlmap.py
|
||||
523dab9e1093eb59264c6beb366b255a tamper/0x2char.py
|
||||
4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py
|
||||
4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py
|
||||
d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py
|
||||
4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py
|
||||
7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py
|
||||
0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py
|
||||
0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py
|
||||
9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py
|
||||
e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py
|
||||
e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
|
||||
e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py
|
||||
3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py
|
||||
b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py
|
||||
2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py
|
||||
6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py
|
||||
211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py
|
||||
6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py
|
||||
334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py
|
||||
dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py
|
||||
06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py
|
||||
1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py
|
||||
043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py
|
||||
0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py
|
||||
18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py
|
||||
6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py
|
||||
50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py
|
||||
4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py
|
||||
376dc1203bfcd88380d902d36e7e0c5a tamper/concat2concatws.py
|
||||
6c882baf74213f401841968c04ce5e42 tamper/equaltolike.py
|
||||
22ab48f5b8ca449ac651637016be4369 tamper/escapequotes.py
|
||||
4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py
|
||||
25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py
|
||||
9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py
|
||||
6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py
|
||||
ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
|
||||
3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py
|
||||
e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py
|
||||
21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py
|
||||
4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py
|
||||
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
|
||||
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
|
||||
1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py
|
||||
de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py
|
||||
39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py
|
||||
5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py
|
||||
be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py
|
||||
e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py
|
||||
b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py
|
||||
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
|
||||
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
|
||||
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
|
||||
efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py
|
||||
95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py
|
||||
db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py
|
||||
bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py
|
||||
91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py
|
||||
265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py
|
||||
db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py
|
||||
bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py
|
||||
e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py
|
||||
6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py
|
||||
48228322d40d97016b05e408c5234634 tamper/securesphere.py
|
||||
e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py
|
||||
938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py
|
||||
cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py
|
||||
62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py
|
||||
ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py
|
||||
|
@ -274,12 +274,12 @@ ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py
|
|||
74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py
|
||||
fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py
|
||||
48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py
|
||||
36958b2a5f5915de8b7cc157a64b267a tamper/space2plus.py
|
||||
72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py
|
||||
6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py
|
||||
95c91853034d9e276a6570e4d01b5f74 tamper/sp_password.py
|
||||
93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py
|
||||
041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py
|
||||
6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py
|
||||
3b8182b8caef857b9af397e47d0c9938 tamper/unmagicquotes.py
|
||||
51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py
|
||||
371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py
|
||||
557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py
|
||||
929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user