sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-12 17:13:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

more work on Oracle test cases (#312)

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-16 15:13:47 +00:00
parent f25d7ffc14
commit 1c8bd95e68
1 changed files with 47 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
xml/livetests.xml
View File

@ -490,11 +490,10 @@
<getPrivileges value="True"/> <getPrivileges value="True"/>
<getRoles value="True"/> <getRoles value="True"/>
<getDbs value="True"/> <getDbs value="True"/>
<getTables value="True"/>
<getColumns value="True"/> <getColumns value="True"/>
<getCount value="True"/> <getCount value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<excludeSysDbs value="True"/> <excludeSysDbs value="True"/>
</switches> </switches>
@ -508,13 +507,12 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/> <item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+clear-text password: ORACLE.+DBSNMP \[.+password hash: E066D214D5421CCC.+clear-text password: DBSNMP.+SYS \[.+password hash: 2D5A0C491B634F1B.+clear-text password: TESTPASS'"/> <item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+clear-text password: ORACLE.+DBSNMP \[.+password hash: E066D214D5421CCC.+clear-text password: DBSNMP.+SYS \[.+password hash: 2D5A0C491B634F1B.+clear-text password: TESTPASS'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/> <item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/> <item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/> <item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse> </parse>
</case> </case>
<case name="Oracle error-based multi-threaded enumeration - all entries"> <case name="Oracle error-based multi-threaded enumeration - all entries">
@ -537,9 +535,8 @@
<getColumns value="True"/> <getColumns value="True"/>
<getCount value="True"/> <getCount value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/> <answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches> </switches>
<parse> <parse>
@ -552,13 +549,13 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/> <item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/> <item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/> <item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/> <item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/> <item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/> <item value="r'Database: SYS.+ tables.+USERS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/> <item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse> </parse>
</case> </case>
<case name="Oracle UNION query multi-threaded enumeration - all entries"> <case name="Oracle UNION query multi-threaded enumeration - all entries">
@ -581,9 +578,8 @@
<getColumns value="True"/> <getColumns value="True"/>
<getCount value="True"/> <getCount value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/> <answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches> </switches>
<parse> <parse>
@ -596,13 +592,13 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/> <item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/> <item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/> <item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/> <item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/> <item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/> <item value="r'Database: SYS.+ tables.+JOBS.+REGIONS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/> <item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse> </parse>
</case> </case>
<case name="Oracle partial UNION query multi-threaded enumeration - all entries"> <case name="Oracle partial UNION query multi-threaded enumeration - all entries">
@ -625,9 +621,8 @@
<getColumns value="True"/> <getColumns value="True"/>
<getCount value="True"/> <getCount value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/> <answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches> </switches>
<parse> <parse>
@ -640,13 +635,13 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/> <item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/> <item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/> <item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/> <item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/> <item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/> <item value="r'Database: SYS.+ tables.+JOBS.+REGIONS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/> <item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse> </parse>
</case> </case>
<case name="Oracle time-based single-threaded enumeration - all entries"> <case name="Oracle time-based single-threaded enumeration - all entries">
@ -683,9 +678,8 @@
<getColumns value="True"/> <getColumns value="True"/>
<getCount value="True"/> <getCount value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/> <answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches> </switches>
<parse> <parse>
@ -698,13 +692,13 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
<item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/> <item value="r'database management system users \[.+ANONYMOUS.+SCOTT.+SYS.+XDB'"/>
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/> <item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ADMINISTER ANY SQL TUNING SET'"/> <item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+JAVA_DEPLOY'"/> <item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
<item value="r'available databases \[.+CTXSYS.+SCOTT.+WMSYS'"/> <item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
<item value="r'Database: SCOTT.+ tables.+USERS'"/> <item value="r'Database: SYS.+ tables.+JOBS.+REGIONS'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table.+Entries.+USERS.+5'"/> <item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
</parse> </parse>
</case> </case>
<case name="SQLite boolean-based multi-threaded enumeration - all entries"> <case name="SQLite boolean-based multi-threaded enumeration - all entries">
@ -963,15 +957,15 @@
<tech value="E"/> <tech value="E"/>
<getSchema value="True"/> <getSchema value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<limitStart value="2"/> <limitStart value="2"/>
<limitStop value="4"/> <limitStop value="4"/>
<excludeSysDbs value="True"/> <excludeSysDbs value="True"/>
</switches> </switches>
<parse> <parse>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/> <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse> </parse>
</case> </case>
<case name="Oracle UNION query multi-threaded custom enumeration"> <case name="Oracle UNION query multi-threaded custom enumeration">
@ -981,15 +975,15 @@
<tech value="U"/> <tech value="U"/>
<getSchema value="True"/> <getSchema value="True"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<limitStart value="2"/> <limitStart value="2"/>
<limitStop value="4"/> <limitStop value="4"/>
<excludeSysDbs value="True"/> <excludeSysDbs value="True"/>
</switches> </switches>
<parse> <parse>
<item value="r'Database: SCOTT.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/> <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
<item value="r'Database: SCOTT.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/> <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
</parse> </parse>
</case> </case>
<case name="Oracle boolean-based multi-threaded custom enumeration - substring"> <case name="Oracle boolean-based multi-threaded custom enumeration - substring">
@ -998,13 +992,13 @@
<threads value="4"/> <threads value="4"/>
<tech value="B"/> <tech value="B"/>
<dumpTable value="True"/> <dumpTable value="True"/>
<db value="scott"/> <db value="sys"/>
<tbl value="users"/> <tbl value="users"/>
<firstChar value="3"/> <firstChar value="3"/>
<lastChar value="5"/> <lastChar value="5"/>
</switches> </switches>
<parse> <parse>
<item value="r'Database: SCOTT.+Table: USERS.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/> <item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse> </parse>
</case> </case>
<case name="SQLite UNION query multi-threaded custom enumeration"> <case name="SQLite UNION query multi-threaded custom enumeration">