2010-09-15 17:55:28 +04:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
|
|
|
<root>
|
|
|
|
<global>
|
2010-09-27 15:20:48 +04:00
|
|
|
<ignoreProxy value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<batch value="True"/>
|
2010-09-27 17:26:46 +04:00
|
|
|
<verbose value="0"/>
|
2010-09-15 17:55:28 +04:00
|
|
|
</global>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MySQL (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
|
2010-09-27 15:20:48 +04:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="1"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-25 12:03:08 +03:00
|
|
|
<threads value="4"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: '5.1.41-3~bpo50+1'"/>
|
|
|
|
<item value="current user: 'root@localhost'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MySQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2011-03-24 15:19:40 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
2010-09-27 15:20:48 +04:00
|
|
|
<isDba value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<technique value="2"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="banner: '5.1.41-3~bpo50+1'"/>
|
|
|
|
<item value="current user: 'root@localhost'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="current database: 'testdb'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MySQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2011-03-24 14:47:01 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</switches>
|
2011-03-24 15:19:40 +03:00
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: '5.1.41-3~bpo50+1'"/>
|
|
|
|
<item value="current user: 'root@localhost'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:56:15 +03:00
|
|
|
<case name="MySQL partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
2011-03-25 18:56:15 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: '5.1.41-3~bpo50+1'"/>
|
|
|
|
<item value="current user: 'root@localhost'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
|
|
<item value="r'1 table.+users'"/>
|
|
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Postgres (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
|
2011-03-24 15:19:40 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="1"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-25 12:03:08 +03:00
|
|
|
<threads value="4"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</switches>
|
2011-03-24 14:47:01 +03:00
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
|
|
<item value="current user: 'testuser'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Postgres (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2011-03-24 14:47:01 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="2"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2010-09-27 15:20:48 +04:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
|
|
<item value="current user: 'testuser'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="current database: 'testdb'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2010-09-27 15:20:48 +04:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Postgres (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2010-09-15 17:55:28 +04:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
2010-09-26 18:02:13 +04:00
|
|
|
<getBanner value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2010-09-26 18:02:13 +04:00
|
|
|
</switches>
|
2010-09-26 18:56:55 +04:00
|
|
|
<log>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="current user is DBA: 'True'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
|
|
<item value="current user: 'testuser'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="current database: 'testdb'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="r'1 table.+users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2010-09-26 18:56:55 +04:00
|
|
|
</log>
|
2010-09-26 18:02:13 +04:00
|
|
|
</case>
|
2011-03-25 18:56:15 +03:00
|
|
|
<case name="Postgres partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int_partialunion.php?id=1"/>
|
2011-03-25 18:56:15 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
|
|
<item value="current user: 'testuser'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
|
|
<item value="r'1 table.+users'"/>
|
|
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Oracle (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump --threads=4)">
|
2011-03-24 15:19:40 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="1"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="SCOTT"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-25 12:03:08 +03:00
|
|
|
<threads value="4"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
|
|
<item value="current user: 'SYS'"/>
|
|
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Oracle (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
2010-09-26 18:02:13 +04:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="2"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="SCOTT"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2010-09-15 17:55:28 +04:00
|
|
|
</switches>
|
|
|
|
<log>
|
2011-03-24 14:47:01 +03:00
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
|
|
<item value="current user: 'SYS'"/>
|
|
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="Oracle (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
2011-03-24 14:47:01 +03:00
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="SCOTT"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-24 14:47:01 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
|
|
<item value="current user: 'SYS'"/>
|
|
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
2010-09-15 17:55:28 +04:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:56:15 +03:00
|
|
|
<case name="Oracle partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
|
|
|
<switches>
|
2011-03-29 10:25:17 +04:00
|
|
|
<url value="http://debiandev/sqlmap/oracle/get_int_partialunion.php?id=1"/>
|
2011-03-25 18:56:15 +03:00
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="SCOTT"/>
|
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
|
|
<item value="current user: 'SYS'"/>
|
|
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
|
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MSSQL (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
|
2011-03-24 15:19:40 +03:00
|
|
|
<switches>
|
|
|
|
<url value="http://windowsenv/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="1"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-25 12:03:08 +03:00
|
|
|
<threads value="4"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
|
|
<item value="current user: 'sa'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 15:19:40 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MSSQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2011-03-24 15:01:53 +03:00
|
|
|
<switches>
|
|
|
|
<url value="http://windowsenv/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="2"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-24 15:01:53 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
|
|
<item value="current user: 'sa'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 15:01:53 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:37:11 +03:00
|
|
|
<case name="MSSQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
2011-03-24 15:01:53 +03:00
|
|
|
<switches>
|
|
|
|
<url value="http://windowsenv/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
2011-03-24 15:01:53 +03:00
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
|
|
<item value="current user: 'sa'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
2011-03-25 18:37:11 +03:00
|
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
2011-03-24 15:01:53 +03:00
|
|
|
</log>
|
|
|
|
</case>
|
2011-03-25 18:56:15 +03:00
|
|
|
<case name="MSSQL partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
|
|
<switches>
|
|
|
|
<url value="http://windowsenv/sqlmap/mssql/iis/get_int_partialunion.asp?id=1"/>
|
|
|
|
<isDba value="True"/>
|
|
|
|
<technique value="3"/>
|
|
|
|
<getBanner value="True"/>
|
|
|
|
<getCurrentUser value="True"/>
|
|
|
|
<getCurrentDb value="True"/>
|
|
|
|
<getDbs value="True"/>
|
|
|
|
<getTables value="True"/>
|
|
|
|
<db value="testdb"/>
|
|
|
|
<tbl value="users"/>
|
|
|
|
<getColumns value="True"/>
|
|
|
|
<dumpTable value="True"/>
|
|
|
|
</switches>
|
|
|
|
<log>
|
|
|
|
<item value="current user is DBA: 'True'"/>
|
|
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
|
|
<item value="current user: 'sa'"/>
|
|
|
|
<item value="current database: 'testdb'"/>
|
|
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
|
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
|
|
<item value="r'4 entries.+nameisnull.+'"/>
|
|
|
|
</log>
|
|
|
|
</case>
|
2010-09-15 17:55:28 +04:00
|
|
|
</root>
|