MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / tamper

Function tamper

tamper/randomcase.py:20–66  ·  view source on GitHub ↗

Replaces each keyword character with random case value (e.g. SELECT -> SEleCt) Tested against: * Microsoft SQL Server 2005 * MySQL 4, 5.0 and 5.5 * Oracle 10g * PostgreSQL 8.3, 8.4, 9.0 * SQLite 3 Notes: * Useful to bypass very weak and

(payload, **kwargs)

Source from the content-addressed store, hash-verified

18 pass
19
20def tamper(payload, **kwargs):
21 """
22 Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
23
24 Tested against:
25 * Microsoft SQL Server 2005
26 * MySQL 4, 5.0 and 5.5
27 * Oracle 10g
28 * PostgreSQL 8.3, 8.4, 9.0
29 * SQLite 3
30
31 Notes:
32 * Useful to bypass very weak and bespoke web application firewalls
33 that has poorly written permissive regular expressions
34 * This tamper script should work against all (?) databases
35
36 >>> import random
37 >>> random.seed(0)
38 >>> tamper('INSERT')
39 'InSeRt'
40 >>> tamper('f()')
41 'f()'
42 >>> tamper('function()')
43 'FuNcTiOn()'
44 >>> tamper('SELECT id FROM `user`')
45 'SeLeCt id FrOm `user`'
46 """
47
48 retVal = payload
49
50 if payload:
51 for match in re.finditer(r"\b[A-Za-z_]{2,}\b", retVal):
52 word = match.group()
53
54 if (word.upper() in kb.keywords and re.search(r"(?i)[`\"'\[]%s[`\"'\]]" % word, retVal) is None) or ("%s(" % word) in payload:
55 while True:
56 _ = ""
57
58 for i in xrange(len(word)):
59 _ += word[i].upper() if randomRange(0, 1) else word[i].lower()
60
61 if len(_) > 1 and _ not in (_.lower(), _.upper()):
62 break
63
64 retVal = retVal.replace(word, _)
65
66 return retVal

Callers

nothing calls this directly

Calls 4

randomRangeFunction · 0.90
xrangeClass · 0.85
searchMethod · 0.45
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…