sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-23 15:10:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

updated signatures for test environment

Browse Source
This commit is contained in:
Bernardo Damele 2014-02-27 15:02:33 +00:00
parent 2ffdee5733
commit 07a22070d8
1 changed files with 37 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
xml/livetests.xml
View File

@ -62,7 +62,7 @@
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -106,7 +106,7 @@
<parse>
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -150,7 +150,7 @@
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -194,7 +194,7 @@
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -220,7 +220,7 @@
</switches>
<parse>
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
@ -252,7 +252,7 @@
<parse>
<item value="Title: MySQL inline queries"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -780,6 +780,7 @@
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
<case name="SQLite boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
@ -878,6 +879,7 @@
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
</parse>
</case>
-->
<case name="SQLite 3 boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int_3.php?id=1"/>
@ -991,6 +993,7 @@
<item value="banner: '3.7.13'"/>
</parse>
</case>
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
<case name="SQLite inline queries multi-threaded enumeration - all entries">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int_inline.php?id=1"/>
@ -1023,6 +1026,7 @@
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
</parse>
</case>
-->
<case name="Firebird boolean-based multi-threaded enumeration - all entries">
<switches>
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
@ -1409,6 +1413,7 @@
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'"/>
</parse>
</case>
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
<case name="SQLite UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
@ -1441,6 +1446,7 @@
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
-->
<case name="Firebird UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
@ -2727,6 +2733,7 @@
<item value="r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'"/>
</parse>
</case>
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
<case name="SQLite multi-threaded search enumeration - database">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
@ -2764,6 +2771,7 @@
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
</parse>
</case>
-->
<case name="Firebird multi-threaded search enumeration - database">
<switches>
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
@ -3026,6 +3034,7 @@
<item value="r'SELECT \* FROM db2inst1.users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
</parse>
</case>
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
@ -3070,6 +3079,7 @@
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
</parse>
</case>
-->
<case name="Firebird boolean-based multi-threaded custom SQL query enumeration">
<switches>
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
@ -3301,7 +3311,7 @@
</switches>
<parse>
<item value="Title: OR boolean-based blind - WHERE or HAVING clause"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
@ -3337,7 +3347,7 @@
<tbl value="international"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+长江.+река Москва'"/>
</parse>
</case>
@ -3395,7 +3405,7 @@
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'Payload: id=[\d]+\.[\d]+ UNION'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
@ -3410,7 +3420,7 @@
<parse>
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
<item value="r'Payload: id=1 AND [\d]+=[\d]+ UNION'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
@ -3426,7 +3436,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="HTTP digest authentication">
@ -3438,7 +3448,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="Boolean-based predict output enumeration">
@ -3450,7 +3460,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="r'performed 112 queries'" console_output="True"/>
</parse>
</case>
@ -3464,7 +3474,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="r'performed 112 queries'" console_output="True"/>
</parse>
</case>
@ -3477,7 +3487,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="r'performed 126 queries'" console_output="True"/>
</parse>
</case>
@ -3510,7 +3520,7 @@
<parse>
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: MySQL &gt;= 5.5.0'"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="hostname: 'debian"/>
@ -3534,7 +3544,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="Custom POST data injection mark">
@ -3546,7 +3556,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="Custom HTTP header (UA) injection mark">
@ -3558,7 +3568,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="Custom FROM table in UNION query">
@ -3571,7 +3581,7 @@
</switches>
<parse>
<item value="r'VERSION\(\).+FROM INFORMATION_SCHEMA\.COLLATIONS'" console_output="True"/>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
</parse>
</case>
<case name="Estimated time of arrival">
@ -3583,7 +3593,7 @@
<getBanner value="True"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="r'100\% \[===.+=\] 17\/17'" console_output="True"/>
</parse>
</case>
@ -3595,7 +3605,7 @@
<answers value="Do you want to keep testing the others=Y"/>
</switches>
<parse>
<item value="banner: '5.5.33-0+wheezy1'"/>
<item value="banner: '5.5.35-0+wheezy1'"/>
<item value="testing for SQL injection on GET parameter 'pAram'" console_output="True"/>
<item value="testing for SQL injection on GET parameter 's'" console_output="True"/>
<item value="testing for SQL injection on GET parameter 'id'" console_output="True"/>
@ -3605,10 +3615,10 @@
<!-- End of other switches -->
<!-- TODO: add the following test cases:
* Test against a web service with XML POST data
* Test against a web application with generic XML POST data
* Test against a web application with JSON POST data
* Test against a web application with Multipart POST DATA
* Test direct connection against all supported DBMSes
* Test against a web service with XML POST data
* Test against a web application with generic XML POST data
* Test against a web application with JSON POST data
* Test against a web application with Multipart POST DATA
* Test direct connection against all supported DBMSes
-->
</root>