1
#!/usr/bin/env python
2

3
"""
4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
5
See the file 'LICENSE' for copying permission
6
"""
7

8
from lib.core.compat import xrange
9
from lib.core.enums import PRIORITY
10

11
__priority__ = PRIORITY.HIGHEST
12

13
def dependencies():
14
    pass
15

16
def tamper(payload, **kwargs):
17
    """
18
    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
19

20
    Requirement:
21
        * MySQL
22
        * SQLite (possibly)
23
        * SAP MaxDB (possibly)
24

25
    Tested against:
26
        * MySQL 5.0 and 5.5
27

28
    Notes:
29
        * Useful to bypass very weak and bespoke web application firewalls
30
          that filter the IFNULL() function
31

32
    >>> tamper('IFNULL(1, 2)')
33
    'IF(ISNULL(1),2,1)'
34
    """
35

36
    if payload and payload.find("IFNULL") > -1:
37
        while payload.find("IFNULL(") > -1:
38
            index = payload.find("IFNULL(")
39
            depth = 1
40
            comma, end = None, None
41

42
            for i in xrange(index + len("IFNULL("), len(payload)):
43
                if depth == 1 and payload[i] == ',':
44
                    comma = i
45

46
                elif depth == 1 and payload[i] == ')':
47
                    end = i
48
                    break
49

50
                elif payload[i] == '(':
51
                    depth += 1
52

53
                elif payload[i] == ')':
54
                    depth -= 1
55

56
            if comma and end:
57
                _ = payload[index + len("IFNULL("):comma]
58
                __ = payload[comma + 1:end].lstrip()
59
                newVal = "IF(ISNULL(%s),%s,%s)" % (_, __, _)
60
                payload = payload[:index] + newVal + payload[end + 1:]
61
            else:
62
                break
63

64
    return payload
65

66