Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.

2025-12-07 05:01:30 +00:00 · 2011-07-06 21:04:45 +00:00
parent 0d28c1e9e7
commit 23b4efdcaf
18 changed files with 399 additions and 45 deletions
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -11,10 +11,28 @@ from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.HIGHEST

+def dependencies():
+    pass
+
 def tamper(payload):
    """
-    Replaces '>' with 'NOT BETWEEN 0 AND #'
-    Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
+    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
+
+    Example:
+        * Input: 'A > B'
+        * Output: 'A NOT BETWEEN 0 AND B'
+
+    Tested against:
+        * Microsoft SQL Server 2005
+        * MySQL 4, 5.0 and 5.5
+        * Oracle 10g
+        * PostgreSQL 8.3, 8.4, 9.0
+
+    Notes:
+        * Useful to bypass weak and bespoke web application firewalls that
+          filter the greater than character
+        * The BETWEEN clause is SQL standard. Hence, this tamper script
+          should work against all (?) databases
    """

    retVal = payload