Created
July 22, 2025 17:42
-
-
Save mcipekci/1c5f7c03886eef680fe5e6726b9bd582 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/) | |
| See the file 'LICENSE' for copying permission | |
| """ | |
| from lib.core.enums import PRIORITY | |
| __priority__ = PRIORITY.LOW | |
| def dependencies(): | |
| """ | |
| This tamper script has no dependencies. | |
| """ | |
| pass | |
| def tamper(payload, **kwargs): | |
| """ | |
| Replaces all instances of the equals operator ('=') with the | |
| PostgreSQL-specific case-sensitive LIKE operator ('~~'). | |
| This can be useful for bypassing web application firewalls (WAFs) | |
| that block the equals operator but allow the '~~' operator. | |
| Requirement: | |
| * PostgreSQL | |
| Notes: | |
| * This is a direct replacement and might not be suitable for all scenarios. | |
| * '~~' is the operator for `LIKE` in PostgreSQL. | |
| * '~~*' is the operator for case-insensitive `ILIKE` in PostgreSQL. | |
| >>> tamper('SELECT * FROM users WHERE id = 1') | |
| 'SELECT * FROM users WHERE id ~~ 1' | |
| >>> tamper('SELECT * FROM users WHERE id = "1"') | |
| 'SELECT * FROM users WHERE id ~~ "1"' | |
| """ | |
| # Check if a payload is provided | |
| if payload: | |
| # Replace all occurrences of '=' with '~~' | |
| payload = payload.replace('=', '~~') | |
| return payload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment