sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
983593510c
sqlmap/xml/livetests.xml

2186 lines
100 KiB
XML
Raw Normal View History

added skeleton for live testing
2010-09-15 17:55:28 +04:00
<?xml version="1.0" encoding="UTF-8"?>
<root>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
<vars>
<random value="random"/>
</vars>
added skeleton for live testing
2010-09-15 17:55:28 +04:00
<global>
everything is ready for testing (smoke and live)
2010-09-27 15:20:48 +04:00
<ignoreProxy value="True"/>
basic live tests against 3 major DBMSes
2011-03-24 14:47:01 +03:00
<batch value="True"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<flushSession value="True"/>
<disableColoring value="True"/>
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
<verbose value="1"/>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<cleanup value="1"/>
added skeleton for live testing
2010-09-15 17:55:28 +04:00
</global>
added more test cases
2012-12-18 19:59:48 +04:00
<!-- Common enumeration switches across all techniques -->
improved tests
2012-12-17 17:30:41 +04:00
<case name="MySQL boolean-based multi-threaded enumeration - all entries">
everything is ready for testing (smoke and live)
2010-09-27 15:20:48 +04:00
<switches>
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
2011-03-29 10:25:17 +04:00
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
improved tests
2012-12-17 17:30:41 +04:00
<threads value="4"/>
fix
2011-04-11 01:19:34 +04:00
<tech value="B"/>
improved tests
2012-12-17 17:30:41 +04:00
<extensiveFp value="True"/>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
improved tests
2012-12-17 17:30:41 +04:00
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
<getDbs value="True"/>
<getTables value="True"/>
improved tests
2012-12-17 17:30:41 +04:00
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
<db value="testdb"/>
update for live tests (added dumping of columns and table values)
2011-03-25 18:37:11 +03:00
<tbl value="users"/>
improved tests
2012-12-17 17:30:41 +04:00
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.1.12 and &lt; 5.5.0'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
improved tests
2012-12-17 17:30:41 +04:00
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
regexp fix
2012-12-17 17:52:00 +04:00
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
2012-12-19 16:22:45 +04:00
<item value="r'Database: testdb.+3 tables.+users'"/>
improved tests
2012-12-17 17:30:41 +04:00
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
update for live tests (added dumping of columns and table values)
2011-03-25 18:37:11 +03:00
<getColumns value="True"/>
improved tests
2012-12-17 17:30:41 +04:00
<getCount value="True"/>
update for live tests (added dumping of columns and table values)
2011-03-25 18:37:11 +03:00
<dumpTable value="True"/>
improved tests
2012-12-17 17:30:41 +04:00
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
</switches>
improved test switch --live-test and minor refactoring
2012-12-17 15:29:33 +04:00
<parse>
improved tests
2012-12-17 17:30:41 +04:00
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.1.12 and &lt; 5.5.0'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
improved tests
2012-12-17 17:30:41 +04:00
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
2012-12-19 16:22:45 +04:00
<item value="r'Database: testdb.+3 tables.+users'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
</switches>
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.1.12 and &lt; 5.5.0'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
2012-12-19 16:22:45 +04:00
<item value="r'Database: testdb.+3 tables.+users'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="MySQL partial UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
</switches>
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.1.12 and &lt; 5.5.0'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
2012-12-19 16:22:45 +04:00
<item value="r'Database: testdb.+3 tables.+users'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="MySQL time-based single-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_nooutput.php?id=1"/>
<tech value="T"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<timeSec value="2"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="current user is DBA: True"/>
</parse>
</case>
<case name="MySQL inline queries multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_inline.php?id=1"/>
<threads value="4"/>
<tech value="Q"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
</switches>
<parse>
<item value="Title: MySQL inline queries"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.1.12 and &lt; 5.5.0'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
2012-12-18 16:07:19 +04:00
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
minor enhancements for debug purposes (issue #312)
2013-01-14 03:15:56 +04:00
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
regexp fix
2012-12-17 17:52:00 +04:00
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
2012-12-19 16:22:45 +04:00
<item value="r'Database: testdb.+3 tables.+users'"/>
improved tests
2012-12-17 17:30:41 +04:00
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
improved test switch --live-test and minor refactoring
2012-12-17 15:29:33 +04:00
</parse>
adding live test cases for --technique=1 too
2011-03-24 15:19:40 +03:00
</case>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<case name="PostgreSQL boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current database: 'testdb'"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+postgres'"/>
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4.+clear-text password: testpass'"/>
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
<item value="r'available databases \[.+template0.+template1.+testdb'"/>
<item value="r'Database: public.+1 table.+users'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: PostgreSQL AND error-based - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current database: 'testdb'"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+postgres'"/>
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
<item value="r'available databases \[.+template0.+template1.+testdb'"/>
<item value="r'Database: public.+1 table.+users'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current database: 'testdb'"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+postgres'"/>
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
<item value="r'available databases \[.+template0.+template1.+testdb'"/>
<item value="r'Database: public.+1 table.+users'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="PostgreSQL partial UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int_partialunion.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current database: 'testdb'"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+postgres'"/>
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
<item value="r'available databases \[.+template0.+template1.+testdb'"/>
<item value="r'Database: public.+1 table.+users'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="PostgreSQL time-based single-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int_nooutput.php?id=1"/>
<tech value="T"/>
<timeSec value="2"/>
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: PostgreSQL &gt; 8.1 AND time-based blind"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
<case name="PostgreSQL inline queries multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int_inline.php?id=1"/>
<threads value="4"/>
<tech value="Q"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: PostgreSQL inline queries"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="banner: 'PostgreSQL 8.4.15 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current database: 'testdb'"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+postgres'"/>
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
<item value="r'available databases \[.+template0.+template1.+testdb'"/>
<item value="r'Database: public.+1 table.+users'"/>
fixed regexps for --live-test (issue #312)
2013-01-14 14:24:11 +04:00
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<case name="Oracle boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user: 'SYS'"/>
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: 71E687F036AD56E5.+clear-text password: CHANGE_ON_INSTALL.+SYS \[.+password hash: 2D5A0C491B634F1B.+clear-text password: TESTPASS'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)"/>
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user: 'SYS'"/>
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: 71E687F036AD56E5.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user: 'SYS'"/>
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: 71E687F036AD56E5.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="Oracle partial UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int_partialunion.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user: 'SYS'"/>
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: 71E687F036AD56E5.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="Oracle time-based single-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int_nooutput.php?id=1"/>
<tech value="T"/>
<timeSec value="2"/>
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: Oracle AND time-based blind"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user is DBA: True"/>
</parse>
</case>
<case name="Oracle inline queries multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int_inline.php?id=1"/>
<threads value="4"/>
<tech value="Q"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Oracle inline queries"/>
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
ported Oracle checks to express edition
2013-01-16 03:59:29 +04:00
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
added first Oracle test cases
2013-01-14 21:30:42 +04:00
<item value="current user: 'SYS'"/>
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
<item value="hostname: 'debian"/>
<item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: 71E687F036AD56E5.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<case name="SQLite boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
<item value="banner: '2.8.17'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<case name="SQLite UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
<item value="banner: '2.8.17'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+4 entries.+luther.+user agent.+'"/>
</parse>
</case>
<case name="SQLite partial UNION query multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int_partialunion.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
<item value="banner: '2.8.17'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+4 entries.+luther.+user agent.+'"/>
</parse>
</case>
<case name="SQLite 3 time-based single-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int_3_nooutput.php?id=1"/>
<tech value="T"/>
<level value="3"/>
<risk value="2"/>
<timeSec value="2"/>
<getBanner value="True"/>
</switches>
<parse>
<item value="Title: SQLite &gt; 2.0 AND time-based blind (heavy query)"/>
<item value="banner: '3.7.3'"/>
</parse>
</case>
<case name="SQLite inline queries multi-threaded enumeration - all entries">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int_inline.php?id=1"/>
<threads value="4"/>
<tech value="Q"/>
<extensiveFp value="True"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getHostname value="True"/>
<isDba value="True"/>
<getUsers value="True"/>
<getPasswordHashes value="True"/>
<getPrivileges value="True"/>
<getRoles value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
</switches>
<parse>
<item value="Title: SQLite inline queries"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
<item value="banner: '2.8.17'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
added more test cases
2012-12-18 19:59:48 +04:00
<!-- End of common enumeration switches across all techniques -->
<!-- Custom enumeration switches -->
<case name="MySQL error-based multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="MySQL boolean-based multi-threaded custom enumeration - substring">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<case name="PostgreSQL error-based multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+3 columns.+surname.+bpchar'"/>
<item value="r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+3 columns.+surname.+bpchar'"/>
<item value="r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded custom enumeration - substring">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
added more Oracle test cases
2013-01-15 18:59:15 +04:00
<case name="Oracle error-based multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded custom enumeration - substring">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="scott"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
</switches>
<parse>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<case name="SQLite UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse>
</case>
<case name="SQLite boolean-based multi-threaded custom enumeration - substring">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
</switches>
<parse>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
added more test cases
2012-12-18 19:59:48 +04:00
<!-- End of custom enumeration switches -->
<!-- Search enumeration switches -->
<case name="MySQL boolean-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="e"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="e"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="e"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL boolean-based multi-threaded search enumeration - tables given database">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="testdb"/>
fixed test cases
2012-12-19 16:33:37 +04:00
<tbl value="foo,se,bar"/>
added more test cases
2012-12-18 19:59:48 +04:00
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users'"/>
added more test cases
2012-12-18 19:59:48 +04:00
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL error-based multi-threaded search enumeration - tables given database">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="testdb"/>
fixed test cases
2012-12-19 16:33:37 +04:00
<tbl value="foo,se,bar"/>
added more test cases
2012-12-18 19:59:48 +04:00
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users'"/>
added more test cases
2012-12-18 19:59:48 +04:00
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL UNION query multi-threaded search enumeration - tables given database">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="testdb"/>
fixed test cases
2012-12-19 16:33:37 +04:00
<tbl value="foo,se,bar"/>
added more test cases
2012-12-18 19:59:48 +04:00
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users'"/>
added more test cases
2012-12-18 19:59:48 +04:00
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL boolean-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name="MySQL error-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name="MySQL UNION query multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
fixed test cases
2012-12-19 16:33:37 +04:00
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name="MySQL boolean-based multi-threaded search enumeration - column without given db or table">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL error-based multi-threaded search enumeration - column without given db or table">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL UNION query multi-threaded search enumeration - column without given db or table">
added more test cases
2012-12-18 19:59:48 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
</parse>
</case>
added more specific --search -T and -C test cases
2012-12-18 20:13:38 +04:00
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="mysql,testdb"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="mysql,testdb"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="mysql,testdb"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
</parse>
</case>
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
<case name="MySQL boolean-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="users,plugin"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<tbl value="users,plugin"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="users,plugin"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
</parse>
</case>
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="mysql,testdb"/>
<tbl value="users"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="mysql,testdb"/>
<tbl value="users"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="mysql,testdb"/>
<tbl value="users"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
</parse>
</case>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<case name="PostgreSQL boolean-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="te"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="te"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="te"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="public"/>
<tbl value="foo,se,bar"/>
</switches>
<parse>
<item value="r'Database: public.+1 table.+users'"/>
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="public"/>
<tbl value="foo,se,bar"/>
</switches>
<parse>
<item value="r'Database: public.+1 table.+users'"/>
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="public"/>
<tbl value="foo,se,bar"/>
</switches>
<parse>
<item value="r'Database: public.+1 table.+users'"/>
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<col value="name"/>
<excludeSysDbs value="True"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="information_schema,public"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="information_schema,public"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="information_schema,public"/>
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<db value="public,information_schema"/>
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<db value="public,information_schema"/>
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<db value="public,information_schema"/>
<tbl value="users,sql_parts"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
<col value="name"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
added first test cases for PostgreSQL
2013-01-14 05:11:57 +04:00
</parse>
</case>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<case name="SQLite multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<search value="True"/>
<db value="e"/>
</switches>
<parse>
<item value="on SQLite it is not possible to search databases" console_output="True"/>
</parse>
</case>
<case name="SQLite boolean-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
</parse>
</case>
<case name="SQLite UNION query multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="user"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
</parse>
</case>
added more test cases
2012-12-18 19:59:48 +04:00
<!-- End of search enumeration switches -->
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
<!-- User's provided statement enumeration switches -->
<case name="MySQL boolean-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<query value="SELECT * FROM users LIMIT 0, 2"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
</parse>
</case>
<case name="MySQL error-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<query value="SELECT * FROM users LIMIT 0, 2"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
</parse>
</case>
<case name="MySQL UNION query multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<query value="SELECT * FROM users LIMIT 0, 2"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
</parse>
</case>
ORDER BY does not play well with UNION query SQLi (related to issue #313)
2012-12-19 17:21:16 +04:00
<case name="MySQL boolean-based multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
ORDER BY does not play well with UNION query SQLi (related to issue #313)
2012-12-19 17:21:16 +04:00
</parse>
</case>
<case name="MySQL error-based multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
ORDER BY does not play well with UNION query SQLi (related to issue #313)
2012-12-19 17:21:16 +04:00
</parse>
</case>
<case name="MySQL UNION query multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
ORDER BY does not play well with UNION query SQLi (related to issue #313)
2012-12-19 17:21:16 +04:00
</parse>
</case>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
<case name="PostgreSQL boolean-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name="PostgreSQL boolean-based multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
added SQLite test cases (issue #312)
2013-01-14 20:50:24 +04:00
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
</parse>
</case>
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<query value="SELECT * FROM users LIMIT 0, 2"/>
</switches>
<parse>
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
</parse>
</case>
<case name="SQLite UNION query multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<query value="SELECT * FROM users LIMIT 0, 2"/>
</switches>
<parse>
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
</parse>
</case>
<case name="SQLite boolean-based multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
</parse>
</case>
<case name="SQLite UNION query multi-threaded custom ordered SQL query enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<query value="SELECT * FROM users ORDER BY name"/>
</switches>
<parse>
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
<item value="r'SELECT \* FROM users ORDER BY name \[4\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
minor bug fix for PostgreSQL --file-read
2013-01-14 16:22:00 +04:00
</parse>
</case>
added test cases for --sql-query and improved tests for --search -C
2012-12-18 20:30:46 +04:00
<!-- End of user's provided statement enumeration switches -->
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
<!-- File system access switches -->
<case name="MySQL boolean-based multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="MySQL error-based multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="MySQL UNION query multi-threaded file write">
<switches>
updated VM..
2012-12-20 17:18:45 +04:00
<verbose value="2"/>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<wFile value="/etc/passwd"/>
<dFile value="/tmp/passwd-${random}"/>
</switches>
<parse>
<item value="the remote file /tmp/passwd-${random} is larger than the local file /etc/passwd" console_output="True"/>
</parse>
</case>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<case name="PostgreSQL boolean-based multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="BS"/>
<timeSec value="2"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
<answers value="do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="PostgreSQL error-based multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="ES"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
<answers value="do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="PostgreSQL UNION query multi-threaded file read">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="US"/>
<rFile value="/etc/hosts,/tmp/invalidfile"/>
<answers value="do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
</parse>
</case>
<case name="PostgreSQL multi-threaded file write">
<switches>
<verbose value="2"/>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<threads value="4"/>
<wFile value="/etc/passwd"/>
<dFile value="/tmp/passwd-${random}"/>
<answers value="do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="the local file /etc/passwd and the remote file /tmp/passwd-${random} have the same size" console_output="True"/>
</parse>
</case>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
<!-- End of file system access switches -->
<!-- Operating system access switches -->
<case name="MySQL web shell - command execution">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<tech value="B"/>
<osCmd value="id"/>
<answers value="please provide any additional web server=/var/www/test"/>
</switches>
<parse>
<item value="command standard output: 'uid="/>
</parse>
</case>
<case name="MySQL shell via Metasploit integration - command execution">
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<tech value="BU"/>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
<osPwn value="True"/>
<msfPath value="/usr/local/bin/"/>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<answers value="please provide any additional web server=/var/www/test,do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="r'Sending stage.+Linux.+uid=.+www-data'" console_output="True"/>
</parse>
</case>
<case name="PostgreSQL User-Defined Function (UDF) injection - command execution">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<tech value="US"/>
<osCmd value="id"/>
<answers value="do you want to overwrite it=Y"/>
</switches>
<parse>
<item value="command standard output: 'uid="/>
</parse>
</case>
<case name="PostgreSQL shell via Metasploit integration - command execution">
<switches>
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<tech value="US"/>
<osPwn value="True"/>
<msfPath value="/usr/local/bin/"/>
<answers value="do you want to overwrite it=Y"/>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
</switches>
<parse>
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312)
2013-01-14 17:42:50 +04:00
<item value="r'Sending stage.+Linux.+uid=.+postgres'" console_output="True"/>
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
2012-12-19 20:39:13 +04:00
</parse>
</case>
<!-- End of operating system access switches -->
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<!-- Corner cases -->
<case name="Time-based (heavy query)">
added more test cases
2012-12-19 22:30:04 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1"/>
<tech value="T"/>
<level value="2"/>
<risk value="2"/>
<timeSec value="2"/>
</switches>
<parse>
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
2012-12-20 15:05:11 +04:00
<item value="Type: AND/OR time-based blind"/>
added more test cases
2012-12-19 22:30:04 +04:00
<item value="Title: MySQL &lt; 5.0.12 AND time-based blind (heavy query)"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="OR boolean-based">
added OR boolean-based test case
2012-12-20 16:52:26 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<testFilter value="OR boolean"/>
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: OR boolean-based blind - WHERE or HAVING clause"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added OR boolean-based test case
2012-12-20 16:52:26 +04:00
<item value="current user is DBA: True"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Page protected by custom (weak) filter">
added more test cases
2012-12-19 22:30:04 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1"/>
<tech value="BE"/>
<level value="3"/>
</switches>
<parse>
<item value="Title: Generic boolean-based blind - Parameter replace (original value)"/>
<item value="Title: MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="GROUP BY clause">
added more test cases
2012-12-19 22:30:04 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1"/>
<tech value="B"/>
<level value="3"/>
</switches>
<parse>
<item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="International data">
added more test cases
2012-12-19 22:30:04 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_international.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<getBanner value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<tbl value="international"/>
</switches>
<parse>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
added more test cases
2012-12-19 22:30:04 +04:00
<item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+река Москва'"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Highly dynamic page">
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/>
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
2012-12-20 15:05:11 +04:00
<timeSec value="2"/>
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="302 redirect page when SQL statement return no output">
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/>
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
2012-12-20 15:05:11 +04:00
<timeSec value="2"/>
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Page that returns an image">
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
2012-12-20 15:05:11 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/>
<tech value="BT"/>
<timeSec value="2"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="302 redirect page when SQL statement returns output">
these edits got overwritten from last commits
2012-12-20 13:42:44 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/>
<tech value="E"/>
</switches>
<parse>
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Invalid bignum">
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<tech value="U"/>
<invalidBignum value="True"/>
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'Payload: id=[\d]+\.[\d]+ UNION'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<item value="current user is DBA: True"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Invalid logical">
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<tech value="U"/>
<invalidLogical value="True"/>
<getBanner value="True"/>
<isDba value="True"/>
</switches>
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'Payload: id=1 AND [\d]+=[\d]+ UNION'"/>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<item value="current user is DBA: True"/>
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<!-- End of corner cases -->
added more test cases
2012-12-19 22:30:04 +04:00
<!-- Other switches -->
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="HTTP basic authentication">
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/>
<tech value="E"/>
<aType value="Basic"/>
<aCred value="testuser:testpass"/>
<getBanner value="True"/>
</switches>
<parse>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="HTTP digest authentication">
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<switches>
<url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/>
<tech value="E"/>
<aType value="Digest"/>
<aCred value="testuser:testpass"/>
<getBanner value="True"/>
</switches>
<parse>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
</parse>
</case>
Minor update of other/corner case titles
2013-01-15 14:10:03 +04:00
<case name="Predict output enumeration">
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<switches>
updated VM..
2012-12-20 17:18:45 +04:00
<verbose value="2"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<predictOutput value="True"/>
<tech value="B"/>
<getBanner value="True"/>
</switches>
<parse>
updated VM..
2012-12-20 17:18:45 +04:00
<item value="banner: '5.1.66-0+squeeze1'"/>
slight improvement of live test engine and added misc test cases to xml
2012-12-19 21:28:41 +04:00
<item value="r'performed 112 queries'" console_output="True"/>
</parse>
</case>
<!-- End of other switches -->
added skeleton for live testing
2010-09-15 17:55:28 +04:00
</root>
Reference in New Issue Copy Permalink