mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
This commit is contained in:
parent
c2c4601d6e
commit
190e317992
|
@ -726,7 +726,7 @@
|
||||||
<item value="command standard output: 'uid="/>
|
<item value="command standard output: 'uid="/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
<!-- TODO: integration with Metasploit cannot be called yet from live testing -->
|
<!-- TODO: integration with Metasploit cannot be called yet from live testing
|
||||||
<case name="MySQL shell via Metasploit integration - command execution">
|
<case name="MySQL shell via Metasploit integration - command execution">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
||||||
|
@ -739,6 +739,7 @@
|
||||||
<item value="r'Sending stage.+Command shell session.+Linux.+uid='"/>
|
<item value="r'Sending stage.+Command shell session.+Linux.+uid='"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
-->
|
||||||
<!-- End of operating system access switches -->
|
<!-- End of operating system access switches -->
|
||||||
|
|
||||||
<!-- Technique switches and corner cases -->
|
<!-- Technique switches and corner cases -->
|
||||||
|
@ -751,7 +752,7 @@
|
||||||
<timeSec value="2"/>
|
<timeSec value="2"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="Title: AND/OR time-based blind"/>
|
<item value="Type: AND/OR time-based blind"/>
|
||||||
<item value="Title: MySQL < 5.0.12 AND time-based blind (heavy query)"/>
|
<item value="Title: MySQL < 5.0.12 AND time-based blind (heavy query)"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
@ -794,6 +795,7 @@
|
||||||
<case name="MySQL against highly dynamic page">
|
<case name="MySQL against highly dynamic page">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/>
|
<url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/>
|
||||||
|
<timeSec value="2"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
||||||
|
@ -805,14 +807,25 @@
|
||||||
<case name="MySQL against a page that returns a 302 redirect page when SQL statement return no output">
|
<case name="MySQL against a page that returns a 302 redirect page when SQL statement return no output">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/>
|
<url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/>
|
||||||
|
<timeSec value="2"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
||||||
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
||||||
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
||||||
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
<case name="MySQL against a page that returns an image">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/>
|
||||||
|
<tech value="BT"/>
|
||||||
|
<timeSec value="2"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
||||||
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
<case name="MySQL against a page that returns a 302 redirect page when SQL statement returns output">
|
<case name="MySQL against a page that returns a 302 redirect page when SQL statement returns output">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/>
|
<url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user