PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-07 15:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Minor revisit of payload boundaries (Issue #1800)

Browse Source
This commit is contained in:
Miroslav Stampar
2016-04-08 11:28:17 +02:00
parent bcfae99701
commit ce3749622a
5 changed files with 43 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
xml/boundaries.xml
View File

@@ -89,7 +89,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>')</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -98,7 +98,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>'</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -107,7 +107,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>"</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of generic boundaries -->
@@ -406,7 +406,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix></prefix>
<suffix>-- [RANDSTR]</suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -426,7 +426,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -435,7 +435,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -444,7 +444,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -453,7 +453,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -462,7 +462,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -471,7 +471,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of pre-WHERE generic boundaries -->
@@ -482,7 +482,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -491,7 +491,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -500,7 +500,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -509,7 +509,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -518,7 +518,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -527,7 +527,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -536,7 +536,7 @@ Formats:
<where>1</where>
<ptype>1</ptype>
<prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@@ -545,7 +545,7 @@ Formats:
<where>1</where>
<ptype>1</ptype>
<prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of pre-WHERE derived table boundaries -->

6
xml/payloads/01_boolean_blind.xml
View File

@@ -212,7 +212,7 @@ Tag: <test>
<vector>AND [INFERENCE]</vector>
<request>
<payload>AND [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
@@ -229,7 +229,7 @@ Tag: <test>
<vector>OR [INFERENCE]</vector>
<request>
<payload>OR [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
@@ -246,7 +246,7 @@ Tag: <test>
<vector>OR NOT [INFERENCE]</vector>
<request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>

36
xml/payloads/06_union_query.xml
View File

@@ -12,7 +12,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@@ -31,7 +31,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@@ -50,7 +50,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@@ -69,7 +69,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
@@ -88,7 +88,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
@@ -107,7 +107,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>1-10</columns>
</request>
@@ -126,7 +126,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
@@ -145,7 +145,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>11-20</columns>
</request>
@@ -164,7 +164,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>11-20</columns>
</request>
@@ -183,7 +183,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
@@ -202,7 +202,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>21-30</columns>
</request>
@@ -221,7 +221,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>21-30</columns>
</request>
@@ -240,7 +240,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
@@ -259,7 +259,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>31-40</columns>
</request>
@@ -278,7 +278,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>31-40</columns>
</request>
@@ -297,7 +297,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
@@ -315,7 +315,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>41-50</columns>
</request>
@@ -334,7 +334,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>41-50</columns>
</request>