PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-31 11:59:04 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches

Browse Source
This commit is contained in:
Bernardo Damele
2011-05-10 15:34:54 +00:00
parent 707edc7b1a
commit 3a8309c4b0
5 changed files with 301 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

273
xml/payloads.xml
View File

@@ -2320,7 +2320,29 @@ Formats:
<!-- UNION query tests -->
<test>
<title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
<title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
@@ -2342,7 +2364,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
<title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2371,6 +2393,28 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 1 to 10 columns</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
@@ -2386,7 +2430,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
<title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2415,6 +2459,28 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 11 to 20 columns</title>
<stype>3</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
@@ -2430,7 +2496,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
<title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2459,6 +2525,28 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 21 to 30 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
@@ -2474,7 +2562,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
<title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>
<stype>3</stype>
<level>4</level>
<risk>1</risk>
@@ -2503,6 +2591,28 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 31 to 40 columns</title>
<stype>3</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
@@ -2518,7 +2628,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
<title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>
@@ -2547,6 +2657,28 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 41 to 50 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
@@ -2562,7 +2694,7 @@ Formats:
</test>
<test>
<title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
<title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>
@@ -2584,7 +2716,26 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
@@ -2603,7 +2754,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
<title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2629,6 +2780,25 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 1 to 10 columns</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
@@ -2641,7 +2811,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
<title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2667,6 +2837,25 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 11 to 20 columns</title>
<stype>3</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
@@ -2679,7 +2868,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
<title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
@@ -2705,6 +2894,25 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 21 to 30 columns</title>
<stype>3</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
@@ -2717,7 +2925,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
<title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
<stype>3</stype>
<level>4</level>
<risk>1</risk>
@@ -2743,6 +2951,25 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 31 to 40 columns</title>
<stype>3</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
@@ -2755,7 +2982,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
<title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>
@@ -2781,6 +3008,24 @@ Formats:
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 41 to 50 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
@@ -2793,7 +3038,7 @@ Formats:
</test>
<test>
<title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
<title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
<stype>3</stype>
<level>5</level>
<risk>1</risk>