From 3ff01f577706a4f941ee438d87d05b75b022a9a5 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 9 Nov 2013 00:23:34 +0100
Subject: [PATCH] Adding new tamper script

---
 tamper/concat2concatws.py | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 tamper/concat2concatws.py

diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py
new file mode 100644
index 000000000..bf92962d8
--- /dev/null
+++ b/tamper/concat2concatws.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.HIGHEST
+
+def dependencies():
+    pass
+
+def tamper(payload, **kwargs):
+    """
+    Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'
+
+    Requirement:
+        * MySQL
+
+    Tested against:
+        * MySQL 5.0
+
+    Notes:
+        * Useful to bypass very weak and bespoke web application firewalls
+          that filter the CONCAT() function
+
+    >>> tamper('CONCAT(1,2)')
+    'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
+    """
+
+    if payload:
+        payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),")
+
+    return payload