2010-11-08 12:20:02 +03:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
|
|
|
$Id$
|
|
|
|
|
|
|
|
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|
|
|
See the file 'doc/COPYING' for copying permission
|
|
|
|
"""
|
|
|
|
|
|
|
|
class PRIORITY:
|
|
|
|
LOWEST = -100
|
|
|
|
LOWER = -50
|
|
|
|
LOW = -10
|
|
|
|
NORMAL = 0
|
|
|
|
HIGH = 10
|
|
|
|
HIGHER = 50
|
|
|
|
HIGHEST = 100
|
|
|
|
|
2011-01-13 14:24:03 +03:00
|
|
|
class SORTORDER:
|
|
|
|
FIRST = 0
|
|
|
|
SECOND = 1
|
|
|
|
THIRD = 2
|
|
|
|
FOURTH = 3
|
|
|
|
FIFTH = 4
|
|
|
|
LAST = 100
|
|
|
|
|
2010-11-08 12:20:02 +03:00
|
|
|
class DBMS:
|
2011-02-04 18:57:53 +03:00
|
|
|
ACCESS = "Microsoft Access"
|
|
|
|
FIREBIRD = "Firebird"
|
|
|
|
MAXDB = "SAP MaxDB"
|
|
|
|
MSSQL = "Microsoft SQL Server"
|
|
|
|
MYSQL = "MySQL"
|
|
|
|
ORACLE = "Oracle"
|
|
|
|
PGSQL = "PostgreSQL"
|
|
|
|
SQLITE = "SQLite"
|
|
|
|
SYBASE = "Sybase"
|
2010-11-08 12:20:02 +03:00
|
|
|
|
|
|
|
class PLACE:
|
|
|
|
GET = "GET"
|
|
|
|
POST = "POST"
|
|
|
|
URI = "URI"
|
|
|
|
COOKIE = "Cookie"
|
|
|
|
UA = "User-Agent"
|
2011-02-12 02:07:03 +03:00
|
|
|
REFERER = "Referer"
|
2010-11-08 12:44:32 +03:00
|
|
|
|
|
|
|
class HTTPMETHOD:
|
|
|
|
GET = "GET"
|
|
|
|
POST = "POST"
|
2010-11-08 12:49:57 +03:00
|
|
|
HEAD = "HEAD"
|
|
|
|
|
|
|
|
class NULLCONNECTION:
|
|
|
|
HEAD = "HEAD"
|
|
|
|
RANGE = "Range"
|
2010-11-23 16:24:02 +03:00
|
|
|
|
|
|
|
class HASH:
|
|
|
|
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
|
|
|
|
MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z'
|
|
|
|
POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z'
|
|
|
|
MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'
|
|
|
|
MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
|
|
|
|
ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'
|
2010-11-23 17:50:47 +03:00
|
|
|
ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
|
2010-11-23 16:24:02 +03:00
|
|
|
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
|
|
|
|
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
|
2010-11-28 21:10:54 +03:00
|
|
|
|
2011-03-11 23:16:34 +03:00
|
|
|
class HTTPHEADER:
|
2011-03-18 17:08:36 +03:00
|
|
|
ACCEPT_ENCODING = "Accept-Encoding"
|
|
|
|
AUTHORIZATION = "Authorization"
|
|
|
|
CONNECTION = "Connection"
|
|
|
|
CONTENT_ENCODING = "Content-Encoding"
|
2011-03-18 03:24:02 +03:00
|
|
|
CONTENT_LENGTH = "Content-Length"
|
|
|
|
CONTENT_RANGE = "Content-Range"
|
|
|
|
CONTENT_TYPE = "Content-Type"
|
|
|
|
COOKIE = "Cookie"
|
2011-03-18 17:08:36 +03:00
|
|
|
PROXY_AUTHORIZATION = "Proxy-authorization"
|
|
|
|
RANGE = "Range"
|
2011-03-18 03:24:02 +03:00
|
|
|
REFERER = "Referer"
|
2011-03-18 16:46:51 +03:00
|
|
|
USER_AGENT = "User-Agent"
|
2011-03-11 23:16:34 +03:00
|
|
|
|
2010-12-10 15:30:36 +03:00
|
|
|
class EXPECTED:
|
|
|
|
BOOL = "bool"
|
|
|
|
INT = "int"
|
|
|
|
|
2010-11-28 21:10:54 +03:00
|
|
|
class PAYLOAD:
|
|
|
|
SQLINJECTION = {
|
|
|
|
1: "boolean-based blind",
|
|
|
|
2: "error-based",
|
|
|
|
3: "UNION query",
|
|
|
|
4: "stacked queries",
|
|
|
|
5: "AND/OR time-based blind"
|
|
|
|
}
|
|
|
|
|
|
|
|
PARAMETER = {
|
|
|
|
1: "Unescaped numeric",
|
|
|
|
2: "Single quoted string",
|
|
|
|
3: "LIKE single quoted string",
|
|
|
|
4: "Double quoted string",
|
|
|
|
5: "LIKE double quoted string"
|
|
|
|
}
|
|
|
|
|
|
|
|
RISK = {
|
|
|
|
0: "No risk",
|
|
|
|
1: "Low risk",
|
|
|
|
2: "Medium risk",
|
|
|
|
3: "High risk"
|
|
|
|
}
|
|
|
|
|
|
|
|
CLAUSE = {
|
|
|
|
0: "Always",
|
|
|
|
1: "WHERE",
|
|
|
|
2: "GROUP BY",
|
|
|
|
3: "ORDER BY",
|
|
|
|
4: "LIMIT",
|
|
|
|
5: "OFFSET",
|
|
|
|
6: "TOP",
|
|
|
|
7: "Table name",
|
|
|
|
8: "Column name"
|
|
|
|
}
|
2010-12-06 18:50:19 +03:00
|
|
|
|
|
|
|
class METHOD:
|
2010-12-09 03:26:06 +03:00
|
|
|
COMPARISON = "comparison"
|
|
|
|
GREP = "grep"
|
|
|
|
TIME = "time"
|
2011-01-07 18:41:09 +03:00
|
|
|
UNION = "union"
|
2010-12-08 16:04:48 +03:00
|
|
|
|
|
|
|
class TECHNIQUE:
|
|
|
|
HEURISTIC = 0
|
|
|
|
BOOLEAN = 1
|
|
|
|
ERROR = 2
|
|
|
|
UNION = 3
|
|
|
|
STACKED = 4
|
|
|
|
TIME = 5
|
2011-02-02 16:34:09 +03:00
|
|
|
|
|
|
|
class WHERE:
|
|
|
|
ORIGINAL = 1
|
|
|
|
NEGATIVE = 2
|
|
|
|
REPLACE = 3
|