mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-11 19:13:12 +00:00
Minor refactoring
This commit is contained in:
parent
5b99180ffe
commit
56a4e507e8
20 changed files with 53 additions and 40 deletions
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import base64
|
|||
from lib.core.enums import PRIORITY
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.LOW
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces space character after SQL statement with a valid random blank character.
|
||||
Afterwards replace character = with LIKE operator
|
||||
Afterwards replace character '=' with operator LIKE
|
||||
|
||||
Requirement:
|
||||
* Blue Coat SGOS with WAF activated as documented in
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import string
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -7,12 +7,14 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGH
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -9,12 +9,13 @@ import os
|
|||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGH
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import re
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOW
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
|||
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import re
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOW
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ def tamper(payload, **kwargs):
|
|||
Notes:
|
||||
* Useful to bypass very weak and bespoke web application firewalls
|
||||
that has poorly written permissive regular expressions
|
||||
* This tamper script should work against all (?) databases
|
||||
|
||||
>>> tamper('INSERT')
|
||||
'insert'
|
||||
|
|
@ -37,7 +36,7 @@ def tamper(payload, **kwargs):
|
|||
retVal = payload
|
||||
|
||||
if payload:
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
|||
|
|
@ -6,12 +6,14 @@ See the file 'LICENSE' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHER
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHER
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ def tamper(payload, **kwargs):
|
|||
if payload:
|
||||
words = set()
|
||||
|
||||
for match in re.finditer(r"[A-Za-z_]+", payload):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
|||
|
|
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import zeroDepthSearch
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
@ -58,7 +60,7 @@ def tamper(payload, **kwargs):
|
|||
|
||||
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
|
||||
else:
|
||||
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
|
||||
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
|
||||
if match:
|
||||
part = match.group(0)
|
||||
indexes = set(zeroDepthSearch(match.group(1), '+'))
|
||||
|
|
|
|||
|
|
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import zeroDepthSearch
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
@ -64,7 +66,7 @@ def tamper(payload, **kwargs):
|
|||
|
||||
retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
|
||||
else:
|
||||
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
|
||||
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
|
||||
if match:
|
||||
part = match.group(0)
|
||||
indexes = set(zeroDepthSearch(match.group(1), '+'))
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ def tamper(payload, **kwargs):
|
|||
retVal = payload
|
||||
|
||||
if payload:
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue