1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
import os
9

10
from lib.core.common import singleTimeWarnMessage
11
from lib.core.enums import DBMS
12
from lib.core.enums import PRIORITY
13

14
__priority__ = PRIORITY.HIGHEST
15

16
def dependencies():
17
    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
18

19
def tamper(payload, **kwargs):
20
    """
21
    Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
22

23
    Requirement:
24
        * MySQL
25

26
    Tested against:
27
        * MySQL 5.0
28

29
    Notes:
30
        * Useful to bypass very weak and bespoke web application firewalls
31
          that filter the CONCAT() function
32

33
    >>> tamper('CONCAT(1,2)')
34
    'CONCAT_WS(MID(CHAR(0),0,0),1,2)'
35
    """
36

37
    if payload:
38
        payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),")
39

40
    return payload
41

42