pub struct MysqlVersionedCommentWrapTamper;Expand description
MySQL version-gated comment wrap tamper.
MySQL’s /*!VERSION ... */ syntax executes the contents only
when the server is at least the given version. WAFs that
strip /* ... */ comments before pattern matching see an
empty payload, but MySQL still executes the wrapped statement.
Wraps the entire payload in /*!50000 ... */, gating on MySQL
5.0+. Version 50000 matches every modern deployment.
Frontier research: this bypass dates to wafw00f’s original drop list but it remains effective against many commercial WAFs that haven’t internalised the parser-disagreement.
Trait Implementations§
Source§impl TamperStrategy for MysqlVersionedCommentWrapTamper
impl TamperStrategy for MysqlVersionedCommentWrapTamper
Source§fn description(&self) -> &'static str
fn description(&self) -> &'static str
Returns a description of what this strategy does.
Source§fn tamper(&self, payload: &str, _context: Option<&str>) -> String
fn tamper(&self, payload: &str, _context: Option<&str>) -> String
Transforms the input payload. Read more
Source§fn aggressiveness(&self) -> f64
fn aggressiveness(&self) -> f64
Returns the aggressiveness score (0.0 = mild, 1.0 = extreme).
Auto Trait Implementations§
impl Freeze for MysqlVersionedCommentWrapTamper
impl RefUnwindSafe for MysqlVersionedCommentWrapTamper
impl Send for MysqlVersionedCommentWrapTamper
impl Sync for MysqlVersionedCommentWrapTamper
impl Unpin for MysqlVersionedCommentWrapTamper
impl UnsafeUnpin for MysqlVersionedCommentWrapTamper
impl UnwindSafe for MysqlVersionedCommentWrapTamper
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more