adding very useful tampering script

2025-12-28 02:19:05 +00:00 · 2011-05-28 15:42:47 +00:00
parent 95dea1fbf9
commit 39f131162f
3 changed files with 232 additions and 2 deletions
--- a/tamper/versionedkeywords.py
+++ b/tamper/versionedkeywords.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.common import randomRange
+from lib.core.data import kb
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.NORMAL
+
+def tamper(payload):
+    """
+    Encloses each keyword with versioned comment
+    Example: 'INSERT' will become '/*!INSERT*/'
+    """
+
+    def process(match):
+        word = match.group('word')
+        if word.upper() in kb.keywords and word.upper() not in ["CAST"]: # CAST can't be commented out
+            return match.group().replace(word, "/*!%s*/" % word)
+        else:
+            return match.group()
+
+    retVal = payload
+
+    if payload:
+        retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
+        retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
+
+    return retVal