sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

some more boundaries

Browse Source
This commit is contained in:
Bernardo Damele 2015-03-19 12:07:26 +00:00
parent 204ee1db39
commit 43f6cb1508
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
xml/boundaries.xml
View File

@ -328,6 +328,42 @@ Formats:
<suffix> AND '%'='</suffix> <suffix> AND '%'='</suffix>
</boundary> </boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%")</prefix>
<suffix> AND ("%"="</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%"))</prefix>
<suffix> AND (("%"="</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%")))</prefix>
<suffix> AND ((("%"="</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%"</prefix>
<suffix> AND "%"="</suffix>
</boundary>
<boundary> <boundary>
<level>5</level> <level>5</level>
<clause>1</clause> <clause>1</clause>
@ -337,6 +373,24 @@ Formats:
<suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix> <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
</boundary> </boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%00'))</prefix>
<suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%00')))</prefix>
<suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary> <boundary>
<level>4</level> <level>4</level>
<clause>1</clause> <clause>1</clause>
@ -354,6 +408,15 @@ Formats:
<prefix></prefix> <prefix></prefix>
<suffix>-- [RANDSTR]</suffix> <suffix>-- [RANDSTR]</suffix>
</boundary> </boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>1</ptype>
<prefix></prefix>
<suffix># [RANDSTR]</suffix>
</boundary>
<!-- End of WHERE/HAVING clause boundaries --> <!-- End of WHERE/HAVING clause boundaries -->
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"--> <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->