#!/usr/bin/env python """ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ import re from lib.core.convert import decodeHex from lib.core.convert import getOrds from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL def dependencies(): pass def tamper(payload, **kwargs): """ Replaces each (MySQL) 0x encoded string with equivalent CONCAT(CHAR(),...) counterpart Requirement: * MySQL Tested against: * MySQL 4, 5.0 and 5.5 Notes: * Useful in cases when web application does the upper casing >>> tamper('SELECT 0xdeadbeef') 'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))' """ retVal = payload if payload: for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal): if len(match.group(1)) > 2: result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1)))) else: result = "CHAR(%d)" % ord(decodeHex(match.group(1))) retVal = retVal.replace(match.group(0), result) return retVal