Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/0eunion.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9


10
from lib.core.enums import PRIORITY

11


12
__priority__ = PRIORITY.HIGHEST

13


14
def dependencies():

15
    pass

16


17
def tamper(payload, **kwargs):

18
    """

19
    Replaces an integer followed by UNION with an integer followed by e0UNION

20


21
    Requirement:

22
        * MySQL

23
        * MsSQL

24


25
    Notes:

26
        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf

27


28
    >>> tamper('1 UNION ALL SELECT')

29
    '1e0UNION ALL SELECT'

30
    """

31


32
    return re.sub(r"(?i)(\d+)\s+(UNION )", r"\g<1>e0\g<2>", payload) if payload else payload

33


34