File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ #!/usr/bin/env python
2+
3+ """
4+ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
5+ See the file 'doc/COPYING' for copying permission
6+ """
7+
8+ import re
9+
10+ from lib .core .data import kb
11+ from lib .core .enums import PRIORITY
12+
13+ __priority__ = PRIORITY .NORMAL
14+
15+ def dependencies ():
16+ pass
17+
18+ def tamper (payload , ** kwargs ):
19+ """
20+ Replaces each keyword character with upper case value
21+
22+ Tested against:
23+ * Microsoft SQL Server 2005
24+ * MySQL 4, 5.0 and 5.5
25+ * Oracle 10g
26+ * PostgreSQL 8.3, 8.4, 9.0
27+
28+ Notes:
29+ * Useful to bypass very weak and bespoke web application firewalls
30+ that has poorly written permissive regular expressions
31+ * This tamper script should work against all (?) databases
32+
33+ >>> tamper('insert')
34+ 'INSERT'
35+ """
36+
37+ retVal = payload
38+
39+ if payload :
40+ for match in re .finditer (r"[A-Za-z_]+" , retVal ):
41+ word = match .group ()
42+
43+ if word .upper () in kb .keywords :
44+ retVal = retVal .replace (word , word .upper ())
45+
46+ return retVal
You can’t perform that action at this time.
0 commit comments