0xd0m7: Understanding "tamper" option in Sqlmap (II)

In the previous post, we explained the reason for using tamper sqlmap option. However, due to the large number of tampers available, it is necessary to construct a table where you can see where we can use every tamper, because I could not find a table on the internet where you reflect the type of database manager data used in each tamper, between others:

TAMPER	MySQL	MSSQL	Oracle	PostgreSQL
apostrophemask	*	*	*	*
apostrophenullencode	-	-	-	-
appendnullbyte	*	*	*	*
base64encode	4,5,5.5	2005	10g	-
between	5.1	-	-	-
bluecoat	*	*	*	*
apostrophemask	9.0.3	2000,2005	-	9.3
charunicodeencode	4,5.0 and 5.5	2005	10g	8.3,8.4,9.0
charencode	*	-	-	-
commalessmid	*	-	-	-
concat2concatws	*	*	*	*
equaltolike	*	*	*	*
greatest	< 5.1	-	-	-
halfversionedmorekeywords	5.0 and 5.5	-	-	-
ifnull2ifisnull	*	*	*	*
informationschemacomment	4,5.0,5.5	2005	10g	8.3,8.4,9.0
lowercase	5.0	-	-	-
modsecurityversioned	5.0	-	-	-
modsecurityzeroversioned	*	*	*	*
multiplespaces	*	*	*	*
nonrecursivereplacement	*	*	*	*
overlongutf8	5.1.56,5.5.11	2000, 2005	N/A	9.0
percentage	4, 5.0,5.5	2005	10g	8.3,8.4,9.0
randomcase	*	*	*	*
randomcomments	*	*	*	*
securesphere	4,5.0,5.5	2005	10g	8.3,8.4,9.0
space2comment	-	-	-	-
space2dash	4.0,5.0	-	-	-
space2hash	>= 5.1.13	-	-	-
space2morehash	-	2000, 2005	-	-
space2mssqlblank	*	*	-	-
space2mssqlhash	*	*	*	*
space2plus	4,5.0,5.5	2005	10g	8.3,8.4,9.0
space2randomblank	-	*	-	-
sp_password	*	*	*	*
symboliclogical	*	*	*	*
unionalltounion	*	*	*	*
unmagicquotes	4, 5.0,5.5	2005	10g	8.3,8.4,9.0
uppercase	*	*	*	*
varnish	*	-	-	-
versionedkeywords	>=5.1.13	-	-	-
versionedmorekeywords	*	*	*	*
xforwardedfor	*	*	*	*

(*) It might work for all versions.
(-) Does not apply

While the ultimate goal of using the tamper data, to evade firewalls and filters possible application, should know to what kind of database manager apply one or the other tampers.

The reason not add the Microsoft Access data base is evident, this type of database is not relational, so using Sqlmap for such SQL injections might be a waste of time.However Sqlmap has a specific tamper for Microsoft Access databases, called appendnullbyte.

Moreover, there are some tampers that are unique to evade WAF, for example:

securesphere: Useful for bypassing Imperva SecureShere WAF.

varnish: Useful for bypassing WAF Protection of Varnish Firewall.

Some tampers only work for certain specific Web programming languages, such as:

charunicodeencode: Only for ASP or ASP.NET.

In short, there are many ways to bypass filters and firewalls. Although it will be difficult to find such deficiencies in large companies dedicated to it. Although we can always develop a script that can bypass such restrictions.

Other links that may be of interest to bypass filters, in this case XSS:

https://www.exploit-db.com/docs/38117.pdf

In the following post we use appendnullbyte tamper to Microsoft Access databases and try to explain in as much detail as possible the problem of SQL injections against these databases.

Regards,

8 comments:

Ezequiel9 September 2016 at 06:47
Gracias por la info.
Unknown31 August 2017 at 23:46
This comment has been removed by the author.
Unknown31 August 2017 at 23:47
THANKS SO MUCH MAN, LOVE YOUR WORK
ITS VERY HELPFUL!! :) :) :) :) :) :) :) :) :) :)
Unknown31 August 2017 at 23:48
THANKS SO MUCH MAN, LOVE YOUR WORK!!
asdasd29 September 2017 at 12:39
nice write-up thanks a lot :)
TMB Learning14 December 2018 at 02:00
Rarely this type of blogs are found with a great information.I would love to suggest people to read your blog and share the information.
IMPERVA (WAF) | RIVERBED | VYATTA- FIREWALL ADMIN
Anonymous20 April 2022 at 06:25
0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Now

>>>>> Download Full

0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download LINK

>>>>> Download Now

0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Full

>>>>> Download LINK ga

Tuesday, 9 February 2016

Understanding "tamper" option in Sqlmap (II)

8 comments: