Tuesday 9 February 2016

Understanding "tamper" option in Sqlmap (II)

In the previous post, we explained the reason for using tamper sqlmap option. However, due to the large number of tampers available, it is necessary to construct a table where you can see where we can use every tamper, because I could not find a table on the internet where you reflect the type of database manager data used in each tamper, between others:

TAMPER MySQL MSSQL Oracle PostgreSQL
apostrophemask * * * *
apostrophenullencode - - - -
appendnullbyte * * * *
base64encode 4,5,5.5 2005 10g -
between 5.1 - - -
bluecoat * * * *
apostrophemask 9.0.3 2000,2005 - 9.3
charunicodeencode 4,5.0 and 5.5 2005 10g 8.3,8.4,9.0
charencode * - - -
commalessmid * - - -
concat2concatws * * * *
equaltolike * * * *
greatest < 5.1 - - -
halfversionedmorekeywords 5.0 and 5.5 - - -
ifnull2ifisnull * * * *
informationschemacomment 4,5.0,5.5 2005 10g 8.3,8.4,9.0
lowercase 5.0 - - -
modsecurityversioned 5.0 - - -
modsecurityzeroversioned * * * *
multiplespaces * * * *
nonrecursivereplacement * * * *
overlongutf8 5.1.56,5.5.11 2000, 2005 N/A 9.0
percentage 4, 5.0,5.5 2005 10g 8.3,8.4,9.0
randomcase * * * *
randomcomments * * * *
securesphere 4,5.0,5.5 2005 10g 8.3,8.4,9.0
space2comment - - - -
space2dash 4.0,5.0 - - -
space2hash >= 5.1.13 - - -
space2morehash - 2000, 2005 - -
space2mssqlblank * * - -
space2mssqlhash * * * *
space2plus 4,5.0,5.5 2005 10g 8.3,8.4,9.0
space2randomblank - * - -
sp_password * * * *
symboliclogical * * * *
unionalltounion * * * *
unmagicquotes 4, 5.0,5.5 2005 10g 8.3,8.4,9.0
uppercase * * * *
varnish * - - -
versionedkeywords >=5.1.13 - - -
versionedmorekeywords * * * *
xforwardedfor * * * *

(*) It might work for all versions. 
(-) Does not apply

While the ultimate goal of using the tamper data, to evade firewalls and filters possible application, should know to what kind of database manager apply one or the other tampers.

The reason not add the Microsoft Access data base is evident, this type of database is not relational, so using Sqlmap for such SQL injections might be a waste of time.However Sqlmap has a specific tamper for Microsoft Access databases, called appendnullbyte.

Moreover, there are some tampers that are unique to evade WAF, for example:

securesphere: Useful for bypassing Imperva SecureShere WAF.
varnish: Useful for bypassing WAF Protection of Varnish Firewall.

Some tampers only work for certain specific Web programming languages, such as:

charunicodeencode: Only for ASP or ASP.NET.

In short, there are many ways to bypass filters and firewalls. Although it will be difficult to find such deficiencies in large companies dedicated to it. Although we can always develop a script that can bypass such restrictions.

Other links that may be of interest to bypass filters, in this case XSS:

https://www.exploit-db.com/docs/38117.pdf

In the following post we use appendnullbyte tamper to Microsoft Access databases and try to explain in as much detail as possible the problem of SQL injections against these databases.

Regards,

8 comments:

  1. Replies
    1. 0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Now

      >>>>> Download Full

      0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download LINK

      >>>>> Download Now

      0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Full

      >>>>> Download LINK oz

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. THANKS SO MUCH MAN, LOVE YOUR WORK
    ITS VERY HELPFUL!! :) :) :) :) :) :) :) :) :) :)

    ReplyDelete
  4. THANKS SO MUCH MAN, LOVE YOUR WORK!!

    ReplyDelete
  5. nice write-up thanks a lot :)

    ReplyDelete
  6. Rarely this type of blogs are found with a great information.I would love to suggest people to read your blog and share the information.
    IMPERVA (WAF) | RIVERBED | VYATTA- FIREWALL ADMIN

    ReplyDelete
  7. 0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Now

    >>>>> Download Full

    0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download LINK

    >>>>> Download Now

    0Xd0M7: Understanding "Tamper" Option In Sqlmap (Ii) >>>>> Download Full

    >>>>> Download LINK ga

    ReplyDelete