Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/equaltolike.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9


10
from lib.core.enums import PRIORITY

11


12
__priority__ = PRIORITY.HIGHEST

13


14
def dependencies():

15
    pass

16


17
def tamper(payload, **kwargs):

18
    """

19
    Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart

20


21
    Tested against:

22
        * Microsoft SQL Server 2005

23
        * MySQL 4, 5.0 and 5.5

24


25
    Notes:

26
        * Useful to bypass weak and bespoke web application firewalls that

27
          filter the equal character ('=')

28
        * The LIKE operator is SQL standard. Hence, this tamper script

29
          should work against all (?) databases

30


31
    >>> tamper('SELECT * FROM users WHERE id=1')

32
    'SELECT * FROM users WHERE id LIKE 1'

33
    """

34


35
    retVal = payload

36


37
    if payload:

38
        retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)

39


40
    return retVal

41


42