File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1818from thirdparty .six import unichr as _unichr
1919
2020# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21- VERSION = "1.4.8.8 "
21+ VERSION = "1.4.8.9 "
2222TYPE = "dev" if VERSION .count ('.' ) > 2 and VERSION .split ('.' )[- 1 ] != '0' else "stable"
2323TYPE_COLORS = {"dev" : 33 , "stable" : 90 , "pip" : 34 }
2424VERSION_STRING = "sqlmap/%s#%s" % ('.' .join (VERSION .split ('.' )[:- 1 ]) if VERSION .count ('.' ) > 2 and VERSION .split ('.' )[- 1 ] == '0' else VERSION , TYPE )
Original file line number Diff line number Diff line change 1+ #!/usr/bin/env python
2+
3+ """
4+ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
5+ See the file 'LICENSE' for copying permission
6+ """
7+
8+ import re
9+
10+ from lib .core .enums import PRIORITY
11+
12+ __priority__ = PRIORITY .HIGHEST
13+
14+ def dependencies ():
15+ pass
16+
17+ def tamper (payload , ** kwargs ):
18+ """
19+ Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart
20+
21+ Tested against:
22+ * MySQL 4, 5.0 and 5.5
23+
24+ Notes:
25+ * Useful to bypass weak and bespoke web application firewalls that
26+ filter the equal character ('=')
27+
28+ >>> tamper('SELECT * FROM users WHERE id=1')
29+ 'SELECT * FROM users WHERE id RLIKE 1'
30+ """
31+
32+ retVal = payload
33+
34+ if payload :
35+ retVal = re .sub (r"\s*=\s*" , " RLIKE " , retVal )
36+
37+ return retVal
You can’t perform that action at this time.
0 commit comments