mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-23 15:54:24 +03:00
code refactoring: split boundaries and payloads XML files
This commit is contained in:
parent
863d5a6281
commit
32ab52b8ca
|
@ -1085,6 +1085,7 @@ def setPaths():
|
||||||
paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
|
paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "udf")
|
||||||
paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
|
paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "xml")
|
||||||
paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
|
paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, "banner")
|
||||||
|
paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, "payloads")
|
||||||
|
|
||||||
_ = os.path.join(os.path.expanduser("~"), ".sqlmap")
|
_ = os.path.join(os.path.expanduser("~"), ".sqlmap")
|
||||||
paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
|
paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get("SQLMAP_OUTPUT_PATH", os.path.join(_, "output")), encoding=sys.getfilesystemencoding())
|
||||||
|
@ -1105,7 +1106,7 @@ def setPaths():
|
||||||
paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
|
paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, "user-agents.txt")
|
||||||
paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
|
paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.zip")
|
||||||
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
|
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
|
||||||
paths.PAYLOADS_XML = os.path.join(paths.SQLMAP_XML_PATH, "payloads.xml")
|
paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "boundaries.xml")
|
||||||
paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
|
paths.LIVE_TESTS_XML = os.path.join(paths.SQLMAP_XML_PATH, "livetests.xml")
|
||||||
paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
|
paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, "queries.xml")
|
||||||
paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
|
paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "generic.xml")
|
||||||
|
|
|
@ -130,6 +130,7 @@ from lib.core.settings import WEBSCARAB_SPLITTER
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.core.update import update
|
from lib.core.update import update
|
||||||
from lib.parse.configfile import configFileParser
|
from lib.parse.configfile import configFileParser
|
||||||
|
from lib.parse.payloads import loadBoundaries
|
||||||
from lib.parse.payloads import loadPayloads
|
from lib.parse.payloads import loadPayloads
|
||||||
from lib.parse.sitemap import parseSitemap
|
from lib.parse.sitemap import parseSitemap
|
||||||
from lib.request.basic import checkCharEncoding
|
from lib.request.basic import checkCharEncoding
|
||||||
|
@ -2400,6 +2401,7 @@ def init():
|
||||||
_setWriteFile()
|
_setWriteFile()
|
||||||
_setMetasploit()
|
_setMetasploit()
|
||||||
_setDBMSAuthentication()
|
_setDBMSAuthentication()
|
||||||
|
loadBoundaries()
|
||||||
loadPayloads()
|
loadPayloads()
|
||||||
_setPrefixSuffix()
|
_setPrefixSuffix()
|
||||||
update()
|
update()
|
||||||
|
|
|
@ -5,6 +5,8 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'doc/COPYING' for copying permission
|
See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
from xml.etree import ElementTree as et
|
from xml.etree import ElementTree as et
|
||||||
|
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -67,14 +69,32 @@ def parseXmlNode(node):
|
||||||
|
|
||||||
conf.tests.append(test)
|
conf.tests.append(test)
|
||||||
|
|
||||||
def loadPayloads():
|
def loadBoundaries():
|
||||||
try:
|
try:
|
||||||
doc = et.parse(paths.PAYLOADS_XML)
|
doc = et.parse(paths.BOUNDARIES_XML)
|
||||||
except Exception, ex:
|
except Exception, ex:
|
||||||
errMsg = "something seems to be wrong with "
|
errMsg = "something seems to be wrong with "
|
||||||
errMsg += "the file '%s' ('%s'). Please make " % (paths.PAYLOADS_XML, ex)
|
errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, ex)
|
||||||
errMsg += "sure that you haven't made any changes to it"
|
errMsg += "sure that you haven't made any changes to it"
|
||||||
raise SqlmapInstallationException, errMsg
|
raise SqlmapInstallationException, errMsg
|
||||||
|
|
||||||
root = doc.getroot()
|
root = doc.getroot()
|
||||||
parseXmlNode(root)
|
parseXmlNode(root)
|
||||||
|
|
||||||
|
def loadPayloads():
|
||||||
|
payloadFiles = os.listdir(paths.SQLMAP_XML_PAYLOADS_PATH)
|
||||||
|
payloadFiles.sort()
|
||||||
|
|
||||||
|
for payloadFile in payloadFiles:
|
||||||
|
payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
|
||||||
|
|
||||||
|
try:
|
||||||
|
doc = et.parse(payloadFilePath)
|
||||||
|
except Exception, ex:
|
||||||
|
errMsg = "something seems to be wrong with "
|
||||||
|
errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, ex)
|
||||||
|
errMsg += "sure that you haven't made any changes to it"
|
||||||
|
raise SqlmapInstallationException, errMsg
|
||||||
|
|
||||||
|
root = doc.getroot()
|
||||||
|
parseXmlNode(root)
|
||||||
|
|
519
xml/boundaries.xml
Normal file
519
xml/boundaries.xml
Normal file
|
@ -0,0 +1,519 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Tag: <boundary>
|
||||||
|
How to prepend and append to the test ' <payload><comment> ' string.
|
||||||
|
|
||||||
|
Sub-tag: <level>
|
||||||
|
From which level check for this test.
|
||||||
|
|
||||||
|
Valid values:
|
||||||
|
1: Always (<100 requests)
|
||||||
|
2: Try a bit harder (100-200 requests)
|
||||||
|
3: Good number of requests (200-500 requests)
|
||||||
|
4: Extensive test (500-1000 requests)
|
||||||
|
5: You have plenty of time (>1000 requests)
|
||||||
|
|
||||||
|
Sub-tag: <clause>
|
||||||
|
In which clause the payload can work.
|
||||||
|
|
||||||
|
NOTE: for instance, there are some payload that do not have to be
|
||||||
|
tested as soon as it has been identified whether or not the
|
||||||
|
injection is within a WHERE clause condition.
|
||||||
|
|
||||||
|
Valid values:
|
||||||
|
0: Always
|
||||||
|
1: WHERE / HAVING
|
||||||
|
2: GROUP BY
|
||||||
|
3: ORDER BY
|
||||||
|
4: LIMIT
|
||||||
|
5: OFFSET
|
||||||
|
6: TOP
|
||||||
|
7: Table name
|
||||||
|
8: Column name
|
||||||
|
|
||||||
|
A comma separated list of these values is also possible.
|
||||||
|
|
||||||
|
Sub-tag: <where>
|
||||||
|
Where to add our '<prefix> <payload><comment> <suffix>' string.
|
||||||
|
|
||||||
|
Valid values:
|
||||||
|
1: When the value of <test>'s <where> is 1.
|
||||||
|
2: When the value of <test>'s <where> is 2.
|
||||||
|
3: When the value of <test>'s <where> is 3.
|
||||||
|
|
||||||
|
A comma separated list of these values is also possible.
|
||||||
|
|
||||||
|
Sub-tag: <ptype>
|
||||||
|
What is the parameter value type.
|
||||||
|
|
||||||
|
Valid values:
|
||||||
|
1: Unescaped numeric
|
||||||
|
2: Single quoted string
|
||||||
|
3: LIKE single quoted string
|
||||||
|
4: Double quoted string
|
||||||
|
5: LIKE double quoted string
|
||||||
|
|
||||||
|
Sub-tag: <prefix>
|
||||||
|
A string to prepend to the payload.
|
||||||
|
|
||||||
|
Sub-tag: <suffix>
|
||||||
|
A string to append to the payload.
|
||||||
|
|
||||||
|
Formats:
|
||||||
|
<boundary>
|
||||||
|
<level></level>
|
||||||
|
<clause></clause>
|
||||||
|
<where></where>
|
||||||
|
<ptype></ptype>
|
||||||
|
<prefix></prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
-->
|
||||||
|
|
||||||
|
<root>
|
||||||
|
<!-- Generic boundaries -->
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>)</prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>')</prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'</prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>"</prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of generic boundaries -->
|
||||||
|
|
||||||
|
<!-- WHERE/HAVING clause boundaries -->
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>)</prefix>
|
||||||
|
<suffix> AND ([RANDNUM]=[RANDNUM]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>))</prefix>
|
||||||
|
<suffix> AND (([RANDNUM]=[RANDNUM]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>)))</prefix>
|
||||||
|
<suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>0</clause>
|
||||||
|
<where>1,2,3</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix></prefix>
|
||||||
|
<suffix></suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>')</prefix>
|
||||||
|
<suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'))</prefix>
|
||||||
|
<suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>')))</prefix>
|
||||||
|
<suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'</prefix>
|
||||||
|
<suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>3</ptype>
|
||||||
|
<prefix>')</prefix>
|
||||||
|
<suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>3</ptype>
|
||||||
|
<prefix>'))</prefix>
|
||||||
|
<suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>3</ptype>
|
||||||
|
<prefix>')))</prefix>
|
||||||
|
<suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>3</ptype>
|
||||||
|
<prefix>'</prefix>
|
||||||
|
<suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>")</prefix>
|
||||||
|
<suffix> AND ("[RANDSTR]"="[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>"))</prefix>
|
||||||
|
<suffix> AND (("[RANDSTR]"="[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>")))</prefix>
|
||||||
|
<suffix> AND ((("[RANDSTR]"="[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>"</prefix>
|
||||||
|
<suffix> AND "[RANDSTR]"="[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>5</ptype>
|
||||||
|
<prefix>")</prefix>
|
||||||
|
<suffix> AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>5</ptype>
|
||||||
|
<prefix>"))</prefix>
|
||||||
|
<suffix> AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>5</ptype>
|
||||||
|
<prefix>")))</prefix>
|
||||||
|
<suffix> AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>5</ptype>
|
||||||
|
<prefix>"</prefix>
|
||||||
|
<suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>2</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%')</prefix>
|
||||||
|
<suffix> AND ('%'='</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>3</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%'))</prefix>
|
||||||
|
<suffix> AND (('%'='</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%')))</prefix>
|
||||||
|
<suffix> AND ((('%'='</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%'</prefix>
|
||||||
|
<suffix> AND '%'='</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%00')</prefix>
|
||||||
|
<suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>%00'</prefix>
|
||||||
|
<suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>1</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix></prefix>
|
||||||
|
<suffix>-- [RANDSTR]</suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of WHERE/HAVING clause boundaries -->
|
||||||
|
|
||||||
|
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of pre-WHERE generic boundaries -->
|
||||||
|
|
||||||
|
<!-- Pre-WHERE derived table boundaries (e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>4</ptype>
|
||||||
|
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1,2</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>-- </suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of pre-WHERE derived table boundaries -->
|
||||||
|
|
||||||
|
<!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>)||'</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>)||'</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<ptype>1</ptype>
|
||||||
|
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>)+'</suffix>
|
||||||
|
</boundary>
|
||||||
|
|
||||||
|
<boundary>
|
||||||
|
<level>5</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
|
<suffix>)+'</suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of INSERT/UPDATE generic boundaries -->
|
||||||
|
|
||||||
|
<!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
|
||||||
|
<boundary>
|
||||||
|
<level>4</level>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<ptype>2</ptype>
|
||||||
|
<prefix>' IN BOOLEAN MODE)</prefix>
|
||||||
|
<suffix>#</suffix>
|
||||||
|
</boundary>
|
||||||
|
<!-- End of AGAINST boolean full-text search boundaries -->
|
||||||
|
</root>
|
|
@ -1,66 +1,6 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Tag: <boundary>
|
|
||||||
How to prepend and append to the test ' <payload><comment> ' string.
|
|
||||||
|
|
||||||
Sub-tag: <level>
|
|
||||||
From which level check for this test.
|
|
||||||
|
|
||||||
Valid values:
|
|
||||||
1: Always (<100 requests)
|
|
||||||
2: Try a bit harder (100-200 requests)
|
|
||||||
3: Good number of requests (200-500 requests)
|
|
||||||
4: Extensive test (500-1000 requests)
|
|
||||||
5: You have plenty of time (>1000 requests)
|
|
||||||
|
|
||||||
Sub-tag: <clause>
|
|
||||||
In which clause the payload can work.
|
|
||||||
|
|
||||||
NOTE: for instance, there are some payload that do not have to be
|
|
||||||
tested as soon as it has been identified whether or not the
|
|
||||||
injection is within a WHERE clause condition.
|
|
||||||
|
|
||||||
Valid values:
|
|
||||||
0: Always
|
|
||||||
1: WHERE / HAVING
|
|
||||||
2: GROUP BY
|
|
||||||
3: ORDER BY
|
|
||||||
4: LIMIT
|
|
||||||
5: OFFSET
|
|
||||||
6: TOP
|
|
||||||
7: Table name
|
|
||||||
8: Column name
|
|
||||||
|
|
||||||
A comma separated list of these values is also possible.
|
|
||||||
|
|
||||||
Sub-tag: <where>
|
|
||||||
Where to add our '<prefix> <payload><comment> <suffix>' string.
|
|
||||||
|
|
||||||
Valid values:
|
|
||||||
1: When the value of <test>'s <where> is 1.
|
|
||||||
2: When the value of <test>'s <where> is 2.
|
|
||||||
3: When the value of <test>'s <where> is 3.
|
|
||||||
|
|
||||||
A comma separated list of these values is also possible.
|
|
||||||
|
|
||||||
Sub-tag: <ptype>
|
|
||||||
What is the parameter value type.
|
|
||||||
|
|
||||||
Valid values:
|
|
||||||
1: Unescaped numeric
|
|
||||||
2: Single quoted string
|
|
||||||
3: LIKE single quoted string
|
|
||||||
4: Double quoted string
|
|
||||||
5: LIKE double quoted string
|
|
||||||
|
|
||||||
Sub-tag: <prefix>
|
|
||||||
A string to prepend to the payload.
|
|
||||||
|
|
||||||
Sub-tag: <suffix>
|
|
||||||
A string to append to the payload.
|
|
||||||
|
|
||||||
|
|
||||||
Tag: <test>
|
Tag: <test>
|
||||||
SQL injection test definition.
|
SQL injection test definition.
|
||||||
|
|
||||||
|
@ -189,16 +129,6 @@ Tag: <test>
|
||||||
What is the database management system underlying operating
|
What is the database management system underlying operating
|
||||||
system.
|
system.
|
||||||
|
|
||||||
Formats:
|
|
||||||
<boundary>
|
|
||||||
<level></level>
|
|
||||||
<clause></clause>
|
|
||||||
<where></where>
|
|
||||||
<ptype></ptype>
|
|
||||||
<prefix></prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title></title>
|
<title></title>
|
||||||
<stype></stype>
|
<stype></stype>
|
||||||
|
@ -229,451 +159,6 @@ Formats:
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<root>
|
<root>
|
||||||
<!-- Generic boundaries -->
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>)</prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>')</prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1,2,3</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'</prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>"</prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of generic boundaries -->
|
|
||||||
|
|
||||||
<!-- WHERE/HAVING clause boundaries -->
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>)</prefix>
|
|
||||||
<suffix> AND ([RANDNUM]=[RANDNUM]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>))</prefix>
|
|
||||||
<suffix> AND (([RANDNUM]=[RANDNUM]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>)))</prefix>
|
|
||||||
<suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>0</clause>
|
|
||||||
<where>1,2,3</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix></prefix>
|
|
||||||
<suffix></suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>')</prefix>
|
|
||||||
<suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'))</prefix>
|
|
||||||
<suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>')))</prefix>
|
|
||||||
<suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'</prefix>
|
|
||||||
<suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>3</ptype>
|
|
||||||
<prefix>')</prefix>
|
|
||||||
<suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>3</ptype>
|
|
||||||
<prefix>'))</prefix>
|
|
||||||
<suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>3</ptype>
|
|
||||||
<prefix>')))</prefix>
|
|
||||||
<suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>3</ptype>
|
|
||||||
<prefix>'</prefix>
|
|
||||||
<suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>")</prefix>
|
|
||||||
<suffix> AND ("[RANDSTR]"="[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>"))</prefix>
|
|
||||||
<suffix> AND (("[RANDSTR]"="[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>")))</prefix>
|
|
||||||
<suffix> AND ((("[RANDSTR]"="[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>"</prefix>
|
|
||||||
<suffix> AND "[RANDSTR]"="[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>5</ptype>
|
|
||||||
<prefix>")</prefix>
|
|
||||||
<suffix> AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>5</ptype>
|
|
||||||
<prefix>"))</prefix>
|
|
||||||
<suffix> AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>5</ptype>
|
|
||||||
<prefix>")))</prefix>
|
|
||||||
<suffix> AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>5</ptype>
|
|
||||||
<prefix>"</prefix>
|
|
||||||
<suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>2</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%')</prefix>
|
|
||||||
<suffix> AND ('%'='</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>3</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%'))</prefix>
|
|
||||||
<suffix> AND (('%'='</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%')))</prefix>
|
|
||||||
<suffix> AND ((('%'='</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%'</prefix>
|
|
||||||
<suffix> AND '%'='</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%00')</prefix>
|
|
||||||
<suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>%00'</prefix>
|
|
||||||
<suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>1</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix></prefix>
|
|
||||||
<suffix>-- [RANDSTR]</suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of WHERE/HAVING clause boundaries -->
|
|
||||||
|
|
||||||
|
|
||||||
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of pre-WHERE generic boundaries -->
|
|
||||||
|
|
||||||
<!-- Pre-WHERE derived table boundaries (e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>4</ptype>
|
|
||||||
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1,2</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>-- </suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of pre-WHERE derived table boundaries -->
|
|
||||||
|
|
||||||
<!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>)||'</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>)||'</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<ptype>1</ptype>
|
|
||||||
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>)+'</suffix>
|
|
||||||
</boundary>
|
|
||||||
|
|
||||||
<boundary>
|
|
||||||
<level>5</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
|
||||||
<suffix>)+'</suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of INSERT/UPDATE generic boundaries -->
|
|
||||||
|
|
||||||
<!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
|
|
||||||
<boundary>
|
|
||||||
<level>4</level>
|
|
||||||
<clause>1</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<ptype>2</ptype>
|
|
||||||
<prefix>' IN BOOLEAN MODE)</prefix>
|
|
||||||
<suffix>#</suffix>
|
|
||||||
</boundary>
|
|
||||||
<!-- End of AGAINST boolean full-text search boundaries -->
|
|
||||||
|
|
||||||
<!-- Boolean-based blind tests - WHERE/HAVING clause -->
|
<!-- Boolean-based blind tests - WHERE/HAVING clause -->
|
||||||
<test>
|
<test>
|
||||||
<title>AND boolean-based blind - WHERE or HAVING clause</title>
|
<title>AND boolean-based blind - WHERE or HAVING clause</title>
|
Loading…
Reference in New Issue
Block a user