diff --git a/lib/core/settings.py b/lib/core/settings.py index 778e93b94..85c54fbc2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.26" +VERSION = "1.2.7.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index f41465a30..cc01e3f71 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character with its UTF-8 full width counterpart + Replaces apostrophe character (') with its UTF-8 full width counterpart References: * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 73f4309ab..a984d26d3 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character with its illegal double unicode counterpart + Replaces apostrophe character (') with its illegal double unicode counterpart >>> tamper("1 AND '1'='1") '1 AND %00%271%00%27=%00%271' diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index d1c110697..662b57857 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends encoded NULL byte character at the end of payload + Appends encoded NULL byte character (%00) at the end of payload Requirement: * Microsoft Access diff --git a/tamper/between.py b/tamper/between.py index d805523a2..827e30ee1 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' - Replaces equals operator ('=') with 'BETWEEN # AND #' + Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #' Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index c7b51c646..19a50bf5c 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -16,13 +16,10 @@ def dependencies(): def tamper(payload, **kwargs): """ - Double url-encodes all characters in a given payload (not processing - already encoded) + Double URL-encodes all characters in a given payload (not processing already encoded) Notes: - * Useful to bypass some weak web application firewalls that do not - double url-decode the request before processing it through their - ruleset + * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset >>> tamper('SELECT FIELD FROM%20TABLE') '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545' diff --git a/tamper/charencode.py b/tamper/charencode.py index ea7f4a2a4..37f5ff31c 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Url-encodes all characters in a given payload (not processing already - encoded) + URL-encodes all characters in a given payload (not processing already encoded) Tested against: * Microsoft SQL Server 2005 @@ -26,10 +25,8 @@ def tamper(payload, **kwargs): * PostgreSQL 8.3, 8.4, 9.0 Notes: - * Useful to bypass very weak web application firewalls that do not - url-decode the request before processing it through their ruleset - * The web server will anyway pass the url-decoded version behind, - hence it should work against any DBMS + * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset + * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS >>> tamper('SELECT FIELD FROM%20TABLE') '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45' diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index b0e34aad1..0c07a31fc 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -18,8 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Unicode-url-encodes non-encoded characters in a given payload (not - processing already encoded) + Unicode-URL-encodes all characters in a given payload (not processing already encoded) Requirement: * ASP @@ -32,9 +31,7 @@ def tamper(payload, **kwargs): * PostgreSQL 9.0.3 Notes: - * Useful to bypass weak web application firewalls that do not - unicode url-decode the request before processing it through their - ruleset + * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset >>> tamper('SELECT FIELD%20FROM TABLE') '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045' diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 54c9b86d4..380f0736b 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -13,8 +13,7 @@ __priority__ = PRIORITY.NORMAL def tamper(payload, **kwargs): """ - Unicode-escapes non-encoded characters in a given payload (not - processing already encoded) + Unicode-escapes non-encoded characters in a given payload (not processing already encoded) Notes: * Useful to bypass weak filtering and/or WAFs in JSON contexes diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index 4b62246de..bf5d1325e 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' + Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart Requirement: * MySQL diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index 395bd03d5..42b004b88 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' + Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart Requirement: * MySQL diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index 17525286e..2d998b819 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Prepends (inline) comment before parentheses + Prepends (inline) comment before parentheses (e.g. ( -> /**/() Tested against: * Microsoft SQL Server diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 58ff490e9..4285eaab0 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' + Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart Requirement: * MySQL diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index 0a59962e4..b0a7c8977 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces all occurrences of operator equal ('=') with operator 'LIKE' + Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py index f6f39ecc6..3ebcd466a 100644 --- a/tamper/escapequotes.py +++ b/tamper/escapequotes.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Slash escape quotes (' and ") + Slash escape single and double quotes (e.g. ' -> \') >>> tamper('1" AND SLEEP(5)#') '1\\\\" AND SLEEP(5)#' diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index d42aafee8..6c3f0bfc1 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -21,7 +21,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Adds versioned MySQL comment before each keyword + Adds (MySQL) versioned comment before each keyword Requirement: * MySQL < 5.1 diff --git a/tamper/htmlencode.py b/tamper/htmlencode.py index 78c244cee..eadf3225d 100644 --- a/tamper/htmlencode.py +++ b/tamper/htmlencode.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - HTML encode (using code points) all non-alphanumeric characters + HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ') >>> tamper("1' AND SLEEP(5)#") '1' AND SLEEP(5)#' diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 57c3f5460..63a2d9aa2 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -13,7 +13,7 @@ __priority__ = PRIORITY.NORMAL def tamper(payload, **kwargs): """ - Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier + Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES') 'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES' diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index e287d25a2..0f8435598 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Embraces complete query with versioned comment + Embraces complete query with (MySQL) versioned comment Requirement: * MySQL diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index a3d24a554..cb54fc8ff 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Embraces complete query with zero-versioned comment + Embraces complete query with (MySQL) zero-versioned comment Requirement: * MySQL diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index 40a2b033c..f5b8e904b 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Adds multiple spaces around SQL keywords + Adds multiple spaces (' ') around SQL keywords Notes: * Useful to bypass very weak and bespoke web application firewalls diff --git a/tamper/nonrecursivereplacement.py b/tamper/nonrecursivereplacement.py index dbfe2ca2b..a0a7d04b0 100644 --- a/tamper/nonrecursivereplacement.py +++ b/tamper/nonrecursivereplacement.py @@ -15,8 +15,7 @@ __priority__ = PRIORITY.NORMAL def tamper(payload, **kwargs): """ - Replaces predefined SQL keywords with representations - suitable for replacement (e.g. .replace("SELECT", "")) filters + Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT) Notes: * Useful to bypass very weak custom filters diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 70d5ff76b..c53213174 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -18,8 +18,9 @@ def tamper(payload, **kwargs): """ Converts all (non-alphanum) characters in a given payload (not processing already encoded) - Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ - Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + Reference: + * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') 'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1' diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py index 3d8a8753c..2a9ee4c14 100644 --- a/tamper/overlongutf8more.py +++ b/tamper/overlongutf8more.py @@ -18,8 +18,9 @@ def tamper(payload, **kwargs): """ Converts all characters in a given payload (not processing already encoded) - Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ - Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + Reference: + * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1' diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index 5945797c0..fa238ae91 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus ('+') character with function CONCAT() + Replaces plus operator ('+') with (MsSQL) function CONCAT() Tested against: * Microsoft SQL Server 2012 diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 27cbbea20..273dd6462 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus ('+') character with ODBC function {fn CONCAT()} + Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} Tested against: * Microsoft SQL Server 2008 diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index d568ff106..700413423 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -15,7 +15,7 @@ __priority__ = PRIORITY.LOW def tamper(payload, **kwargs): """ - Add random comments to SQL keywords + Add random inline comments inside SQL keywords >>> import random >>> random.seed(0) diff --git a/tamper/securesphere.py b/tamper/securesphere.py index 3d1a4047e..998a69e2c 100644 --- a/tamper/securesphere.py +++ b/tamper/securesphere.py @@ -14,11 +14,10 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends special crafted string + Appends special crafted string for bypassing Imperva SecureSphere WAF - Notes: - * Useful for bypassing Imperva SecureSphere WAF - * Reference: http://seclists.org/fulldisclosure/2011/May/163 + Reference: + * http://seclists.org/fulldisclosure/2011/May/163 >>> tamper('1 AND 1=1') "1 AND 1=1 and '0having'='0having'" diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 9ea759018..540d3647a 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -11,7 +11,7 @@ __priority__ = PRIORITY.HIGH def tamper(payload, **kwargs): """ - Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs + Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs Requirement: * MSSQL diff --git a/tamper/space2plus.py b/tamper/space2plus.py index 1fa867490..d8ef65efd 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -17,8 +17,7 @@ def tamper(payload, **kwargs): Replaces space character (' ') with plus ('+') Notes: - * Is this any useful? The plus get's url-encoded by sqlmap engine - invalidating the query afterwards + * Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards * This tamper script works against all databases >>> tamper('SELECT id FROM users') diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index f26d0ac04..b6419e74d 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces quote character (') with a multi-byte combo %bf%27 together with - generic comment at the end (to make it work) + Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work) Notes: * Useful for bypassing magic_quotes/addslashes feature diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1ae0fd4cf..27f9d2297 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -08a55a677bb2cd0da088110f81cf529b lib/core/settings.py +ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -228,43 +228,43 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py -4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py -4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py -d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py +4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py +7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py +0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py 0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py -9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py +e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py -e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py -3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py -b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py -2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py -6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py -211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py -6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py -334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py -dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py -06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py +1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py +043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py +0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py +18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py +6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py +50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py +4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py +376dc1203bfcd88380d902d36e7e0c5a tamper/concat2concatws.py +6c882baf74213f401841968c04ce5e42 tamper/equaltolike.py +22ab48f5b8ca449ac651637016be4369 tamper/escapequotes.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py -25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py -9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py +6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py +ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py 3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py +4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py -de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py -39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py -5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py -be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py -b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py +1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py +f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py +91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py +efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py +95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py +db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py -265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py +db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py +bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py -6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py -48228322d40d97016b05e408c5234634 tamper/securesphere.py +e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py +938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py @@ -274,12 +274,12 @@ ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py 74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py -36958b2a5f5915de8b7cc157a64b267a tamper/space2plus.py +72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py 6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py -95c91853034d9e276a6570e4d01b5f74 tamper/sp_password.py +93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py 041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py 6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py -3b8182b8caef857b9af397e47d0c9938 tamper/unmagicquotes.py +51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py 371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py 557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py