PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-03 05:09:15 +00:00
Code Issues Projects Releases Wiki Activity

basic live tests against 3 major DBMSes

Browse Source
This commit is contained in:
Miroslav Stampar
2011-03-24 11:47:01 +00:00
parent ecbbfeba6e
commit 2b15ad57c2
3 changed files with 122 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
xml/livetests.xml
View File

@@ -3,44 +3,133 @@
<root>
<global>
<ignoreProxy value="True"/>
<batch value="True"/>
<verbose value="0"/>
</global>
<vars>
<host value="172.16.104.130"/>
</vars>
<case name="Postgres (--is-dba)">
<case name="Postgres (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches>
<url value="http://${host}/sqlmap/pgsql/get_int.php?id=1"/>
<url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="2"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
<item value="current user: 'testuser'"/>
<item value="current database: 'testdb'"/>
<item value="r'postgres.+template0.+template1.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="MySQL (--banner --threads=5)">
<case name="Postgres (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches>
<url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/>
<url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/>
<threads value="5"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches>
<log>
<item value="5.1.41-3~bpo50+1"/>
<item value="current user is DBA: 'True'"/>
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
<item value="current user: 'testuser'"/>
<item value="current database: 'testdb'"/>
<item value="r'postgres.+template0.+template1.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="Oracle (-o -f --users)">
<case name="MySQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches>
<url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/>
<extensiveFp value="True"/>
<optimize value="True"/>
<getUsers value="True"/>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="2"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches>
<log>
<item value="database management system users"/>
<item value="r'SYS.*N'"/> <!--sample for regex-->
<item value="current user is DBA: 'True'"/>
<item value="banner: '5.1.41-3~bpo50+1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="MySQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: '5.1.41-3~bpo50+1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="Oracle (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT)">
<switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="2"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="SCOTT"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
<item value="current user: 'SYS'"/>
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
</log>
</case>
<case name="Oracle (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT)">
<switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="SCOTT"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
<item value="current user: 'SYS'"/>
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
</log>
<session>
<item value="SELECT DISTINCT(USERNAME)"/>
<item value="[DBMS][Oracle]"/>
</session>
</case>
</root>