sqlmap/xml/injections.xml

<?xml version="1.0" encoding="UTF-8"?>

<root>
    <case name="custom" desc="custom">
        <test>
            <positive format="%s%s%s %s %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt, postfix"/>
            <negative format="%s%s%s %s %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt + 1, postfix"/>
        </test>
        <usage>
            <prefix format="%s " params="')' * parenthesis"/>
            <postfix format=" %s %s" params="logic, '(' * parenthesis"/>
        </usage>
    </case>
    <case name="numeric" desc="unescaped numeric">
        <test>
            <positive format="%s%s %s %s%d=%d" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt"/>
            <negative format="%s%s %s %s%d=%d" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt + 1"/>
        </test>
        <usage>
            <prefix format="%s " params="')' * parenthesis"/>
            <postfix format=" %s %s%d=%d" params="logic, '(' * parenthesis, randInt, randInt"/>
        </usage>
    </case>
    <case name="stringsingle" desc="single quoted string">
        <test>
            <positive format="%s'%s %s %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
            <negative format="%s'%s %s %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
        </test>
        <usage>
            <prefix format="'%s " params="')' * parenthesis"/>
            <postfix format=" %s %s'%s'='%s" params="logic, '(' * parenthesis, randStr, randStr"/>
        </usage>
    </case>
    <case name="likesingle" desc="LIKE single quoted string">
        <test>
            <positive format="%s'%s %s %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
            <negative format="%s'%s %s %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
        </test>
        <usage>
            <prefix format="'%s " params="')' * parenthesis"/>
            <postfix format=" %s %s'%s' LIKE '%s" params="logic, '(' * parenthesis, randStr, randStr"/>
        </usage>
    </case>
    <case name="stringdouble" desc="double quoted string">
        <test>
            <positive format="%s&quot;%s %s %s&quot;%s&quot;=&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
            <negative format="%s&quot;%s %s %s&quot;%s&quot;=&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
        </test>
        <usage>
            <prefix format="&quot;%s " params="')' * parenthesis"/>
            <postfix format=" %s %s&quot;%s&quot;=&quot;%s" params="logic, '(' * parenthesis, randStr, randStr"/>
        </usage>
    </case>
    <case name="likedouble" desc="LIKE double quoted string">
        <test>
            <positive format="%s&quot;%s %s %s&quot;%s&quot; LIKE &quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
            <negative format="%s&quot;%s %s %s&quot;%s&quot; LIKE &quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
        </test>
        <usage>
            <prefix format="&quot;%s " params="')' * parenthesis"/>
            <postfix format=" %s %s&quot;%s&quot; LIKE &quot;%s" params="logic, '(' * parenthesis, randStr, randStr"/>
        </usage>
    </case>
</root>
new file 2010-10-06 18:37:14 +04:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<root>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="custom" desc="custom">`
			`<test>`
more changes 2010-10-07 19:34:17 +04:00			`<positive format="%s%s%s %s %s%d=%d %s" params="value, prefix, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt, postfix"/>`
			`<negative format="%s%s%s %s %s%d=%d %s" params="value, prefix, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt + 1, postfix"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format="%s " params="')' * parenthesis"/>`
more changes 2010-10-07 19:34:17 +04:00			`<postfix format=" %s %s" params="logic, '(' * parenthesis"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="numeric" desc="unescaped numeric">`
			`<test>`
more changes 2010-10-07 19:34:17 +04:00			`<positive format="%s%s %s %s%d=%d" params="value, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt"/>`
			`<negative format="%s%s %s %s%d=%d" params="value, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt + 1"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format="%s " params="')' * parenthesis"/>`
more changes 2010-10-07 19:34:17 +04:00			`<postfix format=" %s %s%d=%d" params="logic, '(' * parenthesis, randInt, randInt"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="stringsingle" desc="single quoted string">`
			`<test>`
more changes 2010-10-07 19:34:17 +04:00			`<positive format="%s'%s %s %s'%s'='%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>`
			`<negative format="%s'%s %s %s'%s'='%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format="'%s " params="')' * parenthesis"/>`
more changes 2010-10-07 19:34:17 +04:00			`<postfix format=" %s %s'%s'='%s" params="logic, '(' * parenthesis, randStr, randStr"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="likesingle" desc="LIKE single quoted string">`
			`<test>`
more changes 2010-10-07 19:34:17 +04:00			`<positive format="%s'%s %s %s'%s' LIKE '%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>`
			`<negative format="%s'%s %s %s'%s' LIKE '%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format="'%s " params="')' * parenthesis"/>`
more changes 2010-10-07 19:34:17 +04:00			`<postfix format=" %s %s'%s' LIKE '%s" params="logic, '(' * parenthesis, randStr, randStr"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="stringdouble" desc="double quoted string">`
			`<test>`
bug fix 2010-10-10 21:46:09 +04:00			`<positive format="%s"%s %s %s"%s"="%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>`
			`<negative format="%s"%s %s %s"%s"="%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format=""%s " params="')' * parenthesis"/>`
bug fix 2010-10-10 21:46:09 +04:00			`<postfix format=" %s %s"%s"="%s" params="logic, '(' * parenthesis, randStr, randStr"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
major refactoring 2010-10-07 16:12:26 +04:00			`<case name="likedouble" desc="LIKE double quoted string">`
			`<test>`
bug fix 2010-10-10 21:46:09 +04:00			`<positive format="%s"%s %s %s"%s" LIKE "%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>`
			`<negative format="%s"%s %s %s"%s" LIKE "%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</test>`
			`<usage>`
more refactoring 2010-10-07 18:05:34 +04:00			`<prefix format=""%s " params="')' * parenthesis"/>`
bug fix 2010-10-10 21:46:09 +04:00			`<postfix format=" %s %s"%s" LIKE "%s" params="logic, '(' * parenthesis, randStr, randStr"/>`
major refactoring 2010-10-07 16:12:26 +04:00			`</usage>`
new file 2010-10-06 18:37:14 +04:00			`</case>`
			`</root>`