mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-10-31 16:07:55 +03:00
Adding new payload (HAVING boolean-based blind)
This commit is contained in:
Miroslav Stampar
parent
a399b65033
commit
25369ca591
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.2.6.4"
|
VERSION = "1.2.6.5"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
||||||
|
|
@ -68,23 +68,23 @@ class Fingerprint(GenericFingerprint):
|
||||||
infoMsg = "testing %s" % DBMS.ORACLE
|
infoMsg = "testing %s" % DBMS.ORACLE
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
# NOTE: SELECT ROWNUM=ROWNUM FROM DUAL does not work connecting
|
# NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does
|
||||||
# directly to the Oracle database
|
# not work connecting directly to the Oracle database
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
result = True
|
result = True
|
||||||
else:
|
else:
|
||||||
result = inject.checkBooleanExpression("ROWNUM=ROWNUM")
|
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
infoMsg = "confirming %s" % DBMS.ORACLE
|
infoMsg = "confirming %s" % DBMS.ORACLE
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
# NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does
|
# NOTE: SELECT NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1]) FROM DUAL does
|
||||||
# not work connecting directly to the Oracle database
|
# not work connecting directly to the Oracle database
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
result = True
|
result = True
|
||||||
else:
|
else:
|
||||||
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
|
result = inject.checkBooleanExpression("NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1])")
|
||||||
|
|
||||||
if not result:
|
if not result:
|
||||||
warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE
|
warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
|
||||||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||||
9d0f7b5da86733268cf0ee3bcce3fd0e lib/core/settings.py
|
ea76ddec1c3e65b63c217aaaf6e15e3c lib/core/settings.py
|
||||||
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
|
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
|
||||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||||
6306284edcccc185b2df085438572b0d lib/core/target.py
|
6306284edcccc185b2df085438572b0d lib/core/target.py
|
||||||
|
|
@ -177,7 +177,7 @@ fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py
|
||||||
f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py
|
f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py
|
||||||
e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py
|
e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py
|
||||||
c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py
|
c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py
|
||||||
e16cbf8abda91a906ca7bafb81d8866e plugins/dbms/oracle/fingerprint.py
|
538395c0e5ccb1b6befc17f129f45f29 plugins/dbms/oracle/fingerprint.py
|
||||||
9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py
|
9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py
|
||||||
5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py
|
5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py
|
||||||
bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py
|
bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py
|
||||||
|
|
@ -467,7 +467,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml
|
||||||
fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml
|
fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml
|
||||||
0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml
|
0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml
|
||||||
a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
||||||
14a2abeb88b00ab489359d0dd7a3017f xml/payloads/boolean_blind.xml
|
3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml
|
||||||
b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml
|
b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml
|
||||||
06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml
|
06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml
|
||||||
3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml
|
3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml
|
||||||
|
|
|
||||||
|
|
@ -1361,6 +1361,23 @@ Tag: <test>
|
||||||
<dbms>SAP MaxDB</dbms>
|
<dbms>SAP MaxDB</dbms>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<!-- Works in MySQL, Oracle, etc. -->
|
||||||
|
<test>
|
||||||
|
<title>HAVING boolean-based blind - WHERE, GROUP BY clause</title>
|
||||||
|
<stype>1</stype>
|
||||||
|
<level>3</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>HAVING [INFERENCE]</vector>
|
||||||
|
<request>
|
||||||
|
<payload>HAVING [RANDNUM]=[RANDNUM]</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<comparison>HAVING [RANDNUM]=[RANDNUM1]</comparison>
|
||||||
|
</response>
|
||||||
|
</test>
|
||||||
<!-- End of boolean-based blind tests - ORDER BY, GROUP BY clause -->
|
<!-- End of boolean-based blind tests - ORDER BY, GROUP BY clause -->
|
||||||
|
|
||||||
<!-- Boolean-based blind tests - Stacked queries -->
|
<!-- Boolean-based blind tests - Stacked queries -->
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user