First commit related to the sqlmapproject#3108

lib/core/settings.py

@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.7.26"
+VERSION = "1.2.7.27"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

tamper/apostrophemask.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character with its UTF-8 full width counterpart
+    Replaces apostrophe character (') with its UTF-8 full width counterpart
 
     References:
         * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128

tamper/apostrophenullencode.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces apostrophe character with its illegal double unicode counterpart
+    Replaces apostrophe character (') with its illegal double unicode counterpart
 
     >>> tamper("1 AND '1'='1")
     '1 AND %00%271%00%27=%00%271'

tamper/appendnullbyte.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends encoded NULL byte character at the end of payload
+    Appends encoded NULL byte character (%00) at the end of payload
 
     Requirement:
         * Microsoft Access

tamper/between.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
-    Replaces equals operator ('=') with 'BETWEEN # AND #'
+    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/chardoubleencode.py

@@ -16,13 +16,10 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Double url-encodes all characters in a given payload (not processing
-    already encoded)
+    Double URL-encodes all characters in a given payload (not processing already encoded)
 
     Notes:
-        * Useful to bypass some weak web application firewalls that do not
-          double url-decode the request before processing it through their
-          ruleset
+        * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
 
     >>> tamper('SELECT FIELD FROM%20TABLE')
     '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'

tamper/charencode.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Url-encodes all characters in a given payload (not processing already
-    encoded)
+    URL-encodes all characters in a given payload (not processing already encoded)
 
     Tested against:
         * Microsoft SQL Server 2005
@@ -26,10 +25,8 @@ def tamper(payload, **kwargs):
         * PostgreSQL 8.3, 8.4, 9.0
 
     Notes:
-        * Useful to bypass very weak web application firewalls that do not
-          url-decode the request before processing it through their ruleset
-        * The web server will anyway pass the url-decoded version behind,
-          hence it should work against any DBMS
+        * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset
+        * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS
 
     >>> tamper('SELECT FIELD FROM%20TABLE')
     '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'

tamper/charunicodeencode.py

@@ -18,8 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Unicode-url-encodes non-encoded characters in a given payload (not
-    processing already encoded)
+    Unicode-URL-encodes all characters in a given payload (not processing already encoded)
 
     Requirement:
         * ASP
@@ -32,9 +31,7 @@ def tamper(payload, **kwargs):
         * PostgreSQL 9.0.3
 
     Notes:
-        * Useful to bypass weak web application firewalls that do not
-          unicode url-decode the request before processing it through their
-          ruleset
+        * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset
 
     >>> tamper('SELECT FIELD%20FROM TABLE')
     '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'

tamper/charunicodeescape.py

@@ -13,8 +13,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Unicode-escapes non-encoded characters in a given payload (not
-    processing already encoded)
+    Unicode-escapes non-encoded characters in a given payload (not processing already encoded)
 
     Notes:
         * Useful to bypass weak filtering and/or WAFs in JSON contexes

tamper/commalesslimit.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
+    Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
 
     Requirement:
         * MySQL

tamper/commalessmid.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'
+    Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart
 
     Requirement:
         * MySQL

tamper/commentbeforeparentheses.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Prepends (inline) comment before parentheses
+    Prepends (inline) comment before parentheses (e.g. ( -> /**/()
 
     Tested against:
         * Microsoft SQL Server

tamper/concat2concatws.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'
+    Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
 
     Requirement:
         * MySQL

tamper/equaltolike.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces all occurrences of operator equal ('=') with operator 'LIKE'
+    Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
 
     Tested against:
         * Microsoft SQL Server 2005

tamper/escapequotes.py

@@ -14,7 +14,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Slash escape quotes (' and ")
+    Slash escape single and double quotes (e.g. ' -> \')
 
     >>> tamper('1" AND SLEEP(5)#')
     '1\\\\" AND SLEEP(5)#'

tamper/halfversionedmorekeywords.py

@@ -21,7 +21,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds versioned MySQL comment before each keyword
+    Adds (MySQL) versioned comment before each keyword
 
     Requirement:
         * MySQL < 5.1

tamper/htmlencode.py

@@ -16,7 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    HTML encode (using code points) all non-alphanumeric characters
+    HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ')
 
     >>> tamper("1' AND SLEEP(5)#")
     '1' AND SLEEP(5)#'

tamper/informationschemacomment.py

@@ -13,7 +13,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier
+    Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier
 
     >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')
     'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'

tamper/modsecurityversioned.py

@@ -19,7 +19,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Embraces complete query with versioned comment
+    Embraces complete query with (MySQL) versioned comment
 
     Requirement:
         * MySQL

tamper/modsecurityzeroversioned.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Embraces complete query with zero-versioned comment
+    Embraces complete query with (MySQL) zero-versioned comment
 
     Requirement:
         * MySQL

tamper/multiplespaces.py

@@ -18,7 +18,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Adds multiple spaces around SQL keywords
+    Adds multiple spaces (' ') around SQL keywords
 
     Notes:
         * Useful to bypass very weak and bespoke web application firewalls

tamper/nonrecursivereplacement.py

@@ -15,8 +15,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Replaces predefined SQL keywords with representations
-    suitable for replacement (e.g. .replace("SELECT", "")) filters
+    Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT)
 
     Notes:
         * Useful to bypass very weak custom filters

tamper/overlongutf8.py

@@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
     """
     Converts all (non-alphanum) characters in a given payload (not processing already encoded)
 
-    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
-    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
+    Reference:
+        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
 
     >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
     'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'

tamper/overlongutf8more.py

@@ -18,8 +18,9 @@ def tamper(payload, **kwargs):
     """
     Converts all characters in a given payload (not processing already encoded)
 
-    Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
-    Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
+    Reference:
+        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/
+        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/
 
     >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')
     '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1'

tamper/plus2concat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus ('+') character with function CONCAT()
+    Replaces plus operator ('+') with (MsSQL) function CONCAT()
 
     Tested against:
         * Microsoft SQL Server 2012

tamper/plus2fnconcat.py

@@ -20,7 +20,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces plus ('+') character with ODBC function {fn CONCAT()}
+    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()}
 
     Tested against:
         * Microsoft SQL Server 2008

tamper/randomcomments.py

@@ -15,7 +15,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Add random comments to SQL keywords
+    Add random inline comments inside SQL keywords
 
     >>> import random
     >>> random.seed(0)

tamper/securesphere.py

@@ -14,11 +14,10 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Appends special crafted string
+    Appends special crafted string for bypassing Imperva SecureSphere WAF
 
-    Notes:
-        * Useful for bypassing Imperva SecureSphere WAF
-        * Reference: http://seclists.org/fulldisclosure/2011/May/163
+    Reference:
+        * http://seclists.org/fulldisclosure/2011/May/163
 
     >>> tamper('1 AND 1=1')
     "1 AND 1=1 and '0having'='0having'"

tamper/sp_password.py

@@ -11,7 +11,7 @@
 
 def tamper(payload, **kwargs):
     """
-    Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
+    Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
 
     Requirement:
         * MSSQL

tamper/space2plus.py

@@ -17,8 +17,7 @@ def tamper(payload, **kwargs):
     Replaces space character (' ') with plus ('+')
 
     Notes:
-        * Is this any useful? The plus get's url-encoded by sqlmap engine
-          invalidating the query afterwards
+        * Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards
         * This tamper script works against all databases
 
     >>> tamper('SELECT id FROM users')

tamper/unmagicquotes.py

@@ -16,8 +16,7 @@ def dependencies():
 
 def tamper(payload, **kwargs):
     """
-    Replaces quote character (') with a multi-byte combo %bf%27 together with
-    generic comment at the end (to make it work)
+    Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work)
 
     Notes:
         * Useful for bypassing magic_quotes/addslashes feature