More drei stuff

2025-12-06 04:31:30 +00:00 · 2019-05-02 16:54:54 +02:00
parent 2791ea51ea
commit ff968c2331
13 changed files with 113 additions and 94 deletions
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -34,6 +34,8 @@ def tamper(payload, **kwargs):
    '1 AND A NOT BETWEEN 0 AND B--'
    >>> tamper('1 AND A = B--')
    '1 AND A BETWEEN B AND B--'
+    >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')
+    '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
    """

    retVal = payload
@@ -48,7 +50,7 @@ def tamper(payload, **kwargs):
            retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload)

        if retVal == payload:
-            match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*(\w+)\s*", payload)
+            match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*([\w()]+)\s*", payload)

            if match:
                _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5))
--- a/tamper/hex2char.py
+++ b/tamper/hex2char.py
@@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
 import re

 from lib.core.common import decodeHex
+from lib.core.common import getOrds
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.NORMAL
@@ -37,7 +38,7 @@ def tamper(payload, **kwargs):
    if payload:
        for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):
            if len(match.group(1)) > 2:
-                result = "CONCAT(%s)" % ','.join("CHAR(%d)" % ord(_) for _ in decodeHex(match.group(1)))
+                result = "CONCAT(%s)" % ','.join("CHAR(%d)" % _ for _ in getOrds(decodeHex(match.group(1))))
            else:
                result = "CHAR(%d)" % ord(decodeHex(match.group(1)))
            retVal = retVal.replace(match.group(0), result)
--- a/tamper/symboliclogical.py
+++ b/tamper/symboliclogical.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 import re
-import urllib

 from lib.core.enums import PRIORITY

@@ -26,6 +25,6 @@ def tamper(payload, **kwargs):
    retVal = payload

    if payload:
-        retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload))
+        retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload))

    return retVal