Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.

2025-12-06 12:41:30 +00:00 · 2011-07-06 21:04:45 +00:00
parent 0d28c1e9e7
commit 23b4efdcaf
18 changed files with 399 additions and 45 deletions
--- a/tamper/appendnullbyte.py
+++ b/tamper/appendnullbyte.py
@@ -7,16 +7,29 @@ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

-import string
-
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.LOWEST

+def dependencies():
+    pass
+
 def tamper(payload):
    """
-    Appends encoded null byte character at the end of payload
-    Example: "AND 1=1" becomes "AND 1=1%00"
+    Appends encoded NULL byte character at the end of payload
+
+    Example:
+        * Input: AND 1=1
+        * Output: AND 1=1%00
+
+    Requirement:
+        * Microsoft Access
+
+    Notes:
+        * Useful to bypass weak web application firewalls when the back-end
+          database management system is Microsoft Access - further uses are
+          also possible
+
    Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
    """