sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-23 15:10:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

added one more test case for DB2 and a few search-related cases for Oracle (issue #312)

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-18 20:37:20 +00:00
parent 11e27f07e0
commit 2463e51e73
1 changed files with 305 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

305
xml/livetests.xml
View File

@ -1044,6 +1044,21 @@
<item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
</parse>
</case>
<case name="IBM DB2 boolean-based multi-threaded custom enumeration - substring">
<switches>
<url value="http://debiandev/sqlmap/db2/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="db2inst1"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
</switches>
<parse>
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'"/>
</parse>
</case>
<case name="SQLite UNION query multi-threaded custom enumeration">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
@ -1671,6 +1686,296 @@
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="sys"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="sys"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="sys"/>
</switches>
<parse>
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="sys"/>
<tbl value="user,aux,wrong"/>
<answer value="do you want to dump tables=N,do you want to crack them via a dictionary-based attack=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="sys"/>
<tbl value="user,aux,wrong"/>
<answer value="do you want to crack them via a dictionary-based attack=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - tables given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="sys"/>
<tbl value="user,aux,wrong"/>
<answer value="do you want to crack them via a dictionary-based attack=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
<item value="r'.+5 entries.+wu.+nameisnull'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="users"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<tbl value="users"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - tables without given database">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="users"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<col value="surname,foobar"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<col value="surname,foobar"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - column without given db or table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<col value="surname,foobar"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="sys,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="sys,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - column given databases">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="sys,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<tbl value="users,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<tbl value="users,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - column given tables">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<tbl value="users,foobar"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="B"/>
<search value="True"/>
<db value="sys,foobar"/>
<tbl value="users"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
</parse>
</case>
<case name="Oracle error-based multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="E"/>
<search value="True"/>
<db value="sys,foobar"/>
<tbl value="users"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<case name="Oracle UNION query multi-threaded search enumeration - column given databases and table">
<switches>
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<threads value="4"/>
<tech value="U"/>
<search value="True"/>
<db value="sys,foobar"/>
<tbl value="users"/>
<col value="surname"/>
<answers value="do you want to dump=N"/>
</switches>
<parse>
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
</parse>
</case>
<!-- TODO: add IBM DB2 test cases -->
<case name="SQLite multi-threaded search enumeration - database">
<switches>
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>