[b][size=3][color=#ff0000]"""
Copyright (c) 2006-2016 sqlmap developers ([url=http://sqlmap.org/]http://sqlmap.org/[/url])
See the file 'doc/COPYING' for copying permission
"""[/color][/size][/b]
[b][size=3][color=#ff0000]import re[/color][/size][/b]
[b][size=3][color=#ff0000]from lib.core.common import randomRange
from lib.core.data import kb
from lib.core.enums import PRIORITY[/color][/size][/b]
[b][size=3][color=#ff0000]__priority__ = PRIORITY.LOW[/color][/size][/b]
[b][size=3][color=#ff0000]def tamper(payload, **kwargs):
"""
Add random comments to SQL keywords[/color][/size][/b]
[b][size=3][color=#ff0000] >>> import random
>>> random.seed(0)
>>> tamper('INSERT')
'I/**/N/**/SERT'
"""[/color][/size][/b]
[b][size=3][color=#ff0000] retVal = payload[/color][/size][/b]
[b][size=3][color=#ff0000] if payload:
for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
word = match.group()[/color][/size][/b]
[b][size=3][color=#ff0000] if len(word) < 2:
continue[/color][/size][/b]
[b][size=3][color=#ff0000] if word.upper() in kb.keywords:
_ = word[0][/color][/size][/b]
[b][size=3][color=#ff0000] for i in xrange(1, len(word) - 1):
_ += "%s%s" % ("/*/#\*" if randomRange(0, 1) else "", word[i])[/color][/size][/b]
[b][size=3][color=#ff0000] _ += word[-1][/color][/size][/b]
[b][size=3][color=#ff0000] if "/**/" not in _:
index = randomRange(1, len(word) - 1)
_ = word[:index] + "/*/#\*" + word[index:][/color][/size][/b]
[b][size=3][color=#ff0000] retVal = retVal.replace(word, _)[/color][/size][/b]
[b][size=3][color=#ff0000] return retVal[/color][/size][/b]
[b][size=3][color=#ff0000]

链接: http://pan.baidu.com/s/1kVHeVvL 密码: vphh
本文来自: 蜗蜗侠's Blog-关注网络安全 http://blog.icxun.cn/Share/277.html