Skip to content

Commit 4ac319b

Browse files
stamparmstamparm
committed
Adding new tamper script plus2concat (thank you Luka Pusic)
1 parent 2a754ee commit 4ac319b

3 files changed

Lines changed: 60 additions & 2 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.11.16"
22+
VERSION = "1.0.12.0"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

tamper/plus2concat.py

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
5+
See the file 'doc/COPYING' for copying permission
6+
"""
7+
8+
from lib.core.common import zeroDepthSearch
9+
from lib.core.enums import PRIORITY
10+
11+
__priority__ = PRIORITY.HIGHEST
12+
13+
def dependencies():
14+
pass
15+
16+
def tamper(payload, **kwargs):
17+
"""
18+
Replaces plus ('+') character with function CONCAT()
19+
20+
Tested against:
21+
* Microsoft SQL Server 2012
22+
23+
Requirements:
24+
* Microsoft SQL Server 2012+
25+
26+
Notes:
27+
* Useful in case ('+') character is filtered
28+
29+
>>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')
30+
'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'
31+
"""
32+
33+
retVal = payload
34+
35+
if payload:
36+
while True:
37+
indexes = zeroDepthSearch(retVal, '+')
38+
if indexes:
39+
first, last = 0, 0
40+
for i in xrange(1, len(indexes)):
41+
if ' ' in retVal[indexes[0]:indexes[i]]:
42+
break
43+
else:
44+
last = i
45+
46+
start = retVal[:indexes[first]].rfind(' ') + 1
47+
end = (retVal[indexes[last] + 1:].find(' ') + indexes[last] + 1) if ' ' in retVal[indexes[last] + 1:] else len(retVal) - 1
48+
49+
chars = [char for char in retVal]
50+
for index in indexes[first:last + 1]:
51+
chars[index] = ','
52+
53+
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
54+
else:
55+
break
56+
57+
return retVal

txt/checksum.md5

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
4545
b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py
4646
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
4747
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
48-
7f04f7e55179f45470b137dbb15657c6 lib/core/settings.py
48+
079c062fb2fa5b45e2dbbf25323bc48a lib/core/settings.py
4949
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
5050
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
5151
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
@@ -252,6 +252,7 @@ c16c3ed0ce302034d99ee0b8f34fbd0b tamper/modsecurityzeroversioned.py
252252
e65ff0680df2fc89444ec5953bb2f161 tamper/nonrecursivereplacement.py
253253
6780d738236ac200d230c4cb497bd1a2 tamper/overlongutf8.py
254254
3f05d5218b22280adcd91fe53830bcb4 tamper/percentage.py
255+
9741ad2359382dc8673189224995a5f7 tamper/plus2concat.py
255256
7a93f510f231278897650da1c7d13b23 tamper/randomcase.py
256257
34c255f3bca6d5fee2dfb18ed86d406f tamper/randomcomments.py
257258
f5e9eb84d4c5e9a19fe7154a8aebe13d tamper/securesphere.py

0 commit comments

Comments
 (0)