PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.

Browse Source 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
This commit is contained in:
Bernardo Damele
2010-11-28 18:10:54 +00:00
parent a8b38ba76b
commit 7e3b24afe6
24 changed files with 1968 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
lib/core/enums.py
View File

@@ -17,14 +17,14 @@ class PRIORITY:
HIGHEST = 100
class DBMS:
MYSQL = "MySQL"
ORACLE = "Oracle"
POSTGRESQL = "PostgreSQL"
MSSQL = "Microsoft SQL Server"
SQLITE = "SQLite"
ACCESS = "Microsoft Access"
FIREBIRD = "Firebird"
MAXDB = "SAP MaxDB"
MSSQL = "Microsoft SQL Server"
MYSQL = "MySQL"
ORACLE = "Oracle"
POSTGRESQL = "PostgreSQL"
SQLITE = "SQLite"
SYBASE = "Sybase"
class PLACE:
@@ -53,3 +53,39 @@ class HASH:
ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
class PAYLOAD:
SQLINJECTION = {
1: "boolean-based blind",
2: "error-based",
3: "UNION query",
4: "stacked queries",
5: "AND/OR time-based blind"
}
PARAMETER = {
1: "Unescaped numeric",
2: "Single quoted string",
3: "LIKE single quoted string",
4: "Double quoted string",
5: "LIKE double quoted string"
}
RISK = {
0: "No risk",
1: "Low risk",
2: "Medium risk",
3: "High risk"
}
CLAUSE = {
0: "Always",
1: "WHERE",
2: "GROUP BY",
3: "ORDER BY",
4: "LIMIT",
5: "OFFSET",
6: "TOP",
7: "Table name",
8: "Column name"
}