PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-25 17:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2018-02-08 16:49:16 +01:00
parent 5b99180ffe
commit 56a4e507e8
20 changed files with 53 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tamper/appendnullbyte.py
View File

@@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))
def tamper(payload, **kwargs):
"""

2
tamper/base64encode.py
View File

@@ -10,7 +10,7 @@ import base64
from lib.core.enums import PRIORITY
from lib.core.settings import UNICODE_ENCODING
__priority__ = PRIORITY.LOWEST
__priority__ = PRIORITY.LOW
def dependencies():
pass

2
tamper/bluecoat.py
View File

@@ -18,7 +18,7 @@ def dependencies():
def tamper(payload, **kwargs):
"""
Replaces space character after SQL statement with a valid random blank character.
Afterwards replace character = with LIKE operator
Afterwards replace character '=' with operator LIKE
Requirement:
* Blue Coat SGOS with WAF activated as documented in

2
tamper/charunicodeescape.py
View File

@@ -9,7 +9,7 @@ import string
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
__priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs):
"""

4
tamper/commalesslimit.py
View File

@@ -7,12 +7,14 @@ See the file 'LICENSE' for copying permission
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGH
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
"""

3
tamper/commalessmid.py
View File

@@ -9,12 +9,13 @@ import os
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGH
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
"""

2
tamper/commentbeforeparentheses.py
View File

@@ -9,7 +9,7 @@ import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
__priority__ = PRIORITY.NORMAL
def dependencies():
pass

4
tamper/concat2concatws.py
View File

@@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
"""

2
tamper/escapequotes.py
View File

@@ -7,7 +7,7 @@ See the file 'LICENSE' for copying permission
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOWEST
__priority__ = PRIORITY.NORMAL
def dependencies():
pass

2
tamper/informationschemacomment.py
View File

@@ -9,7 +9,7 @@ import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
__priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs):
"""

3
tamper/lowercase.py
View File

@@ -28,7 +28,6 @@ def tamper(payload, **kwargs):
Notes:
* Useful to bypass very weak and bespoke web application firewalls
that has poorly written permissive regular expressions
* This tamper script should work against all (?) databases
>>> tamper('INSERT')
'insert'
@@ -37,7 +36,7 @@ def tamper(payload, **kwargs):
retVal = payload
if payload:
for match in re.finditer(r"[A-Za-z_]+", retVal):
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
word = match.group()
if word.upper() in kb.keywords:

4
tamper/modsecurityversioned.py
View File

@@ -6,12 +6,14 @@ See the file 'LICENSE' for copying permission
"""
from lib.core.common import randomInt
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHER
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
"""

4
tamper/modsecurityzeroversioned.py
View File

@@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHER
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
"""

2
tamper/multiplespaces.py
View File

@@ -36,7 +36,7 @@ def tamper(payload, **kwargs):
if payload:
words = set()
for match in re.finditer(r"[A-Za-z_]+", payload):
for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
word = match.group()
if word.upper() in kb.keywords:

6
tamper/plus2concat.py
View File

@@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.common import zeroDepthSearch
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
def tamper(payload, **kwargs):
"""
@@ -58,7 +60,7 @@ def tamper(payload, **kwargs):
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
else:
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
if match:
part = match.group(0)
indexes = set(zeroDepthSearch(match.group(1), '+'))

6
tamper/plus2fnconcat.py
View File

@@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
import re
from lib.core.common import singleTimeWarnMessage
from lib.core.common import zeroDepthSearch
from lib.core.enums import DBMS
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
def tamper(payload, **kwargs):
"""
@@ -64,7 +66,7 @@ def tamper(payload, **kwargs):
retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
else:
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
if match:
part = match.group(0)
indexes = set(zeroDepthSearch(match.group(1), '+'))

2
tamper/randomcase.py
View File

@@ -40,7 +40,7 @@ def tamper(payload, **kwargs):
retVal = payload
if payload:
for match in re.finditer(r"[A-Za-z_]+", retVal):
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
word = match.group()
if word.upper() in kb.keywords: